Immae's blog

egrep -ri TODO /etc

Setup an IPv6 VPN with an OVH server

Languages: French

Introduction

This tutorial combines a solution to two different but related problems:

In the specific case that I will discuss, I have a personal server (by OVH), with a unique IPv4 address (198.51.100.24), and a /64 IPv6 subnet (2001:db8:200:13::/64), both fixed.

Besides that, I have several PCs with different configurations and Internet access, more or less restricted, in different networks and not necessarily connected to each other (not even in the same country) and I that I would like to connect with a virtual network.

To create the virtual network, we have two options:

Creating a virtual subnet

To create this network, I use tinc. This program is quite simple, and intuitive once you understand what a VPN is.

In this particular case, interconnectin our machines is quite simple: all of them are able to contact the server (which has a public Ipv4), so we just need to ask each of them to connect to the server. tinc will then take care the interconnection!

Common part

This part has to be done on both the clients and the server of the VPN:

Server part

The server part is the more complex one. Let's go into more details:

Client part

I'll use here the term ServerName to design the name of the server as defined on line Name of the configuration file tinc.conf on the server.

Client-Server connexion

Here I use ClientName to designate the name chosen by a client.

End, configuration details

Now you just need to start the different tinc services on the machines, and everyone will be interconnected and be able to access to the IPv6 Internet! To sum up, the folders /etc/tinc/NAME/ should look like that:

# Server$ ls -1R /etc/tinc/NAME
/etc/tinc/NAME:
hosts
rsa_key.priv
tinc-down
tinc-up
tinc.conf

/etc/tinc/NAME/hosts:
Server
Client1
Client1-up
Client1-down
Client2
Client2-up
Client2-down

and

# Client1$ ls -1R /etc/tinc/NAME
/etc/tinc/NAME:
hosts
rsa_key.priv
tinc-down
tinc-up
tinc.conf

/etc/tinc/NAME/hosts:
Server
Client1


Important note

By default, recent Linux distribution give priority to IPv6 for Internet connection. That means that all the connections will go through the server as soon as IPv6 is available for the requested service. To avoid that, you can edit the file /etc/gai.conf, in which a section explains exactly how to do that (i.e. give priority to l'IPv4). Note that this configuration can be triggered independently on each client (see below).