Question OpenVPN - - - establishing TCP6 connection ?

Toggle sidebar Toggle sidebar
G

GorgKhan

Reputable
Jul 21, 2020
32
1
4,535
Screenshot-2025-02-02-12-07-22.png

This is a VPN, and the connection is established through TCP6.

Screenshot-2025-02-02-12-09-54.png

Its IPv4 is available, while IPv6 is not.


So I have a Ubuntu Server VPS. It has both public IPv4 and IPv6. I installed openvpn by pivpn script.

Screenshot-2025-02-02-12-11-20.png

I don't know how to make the connection to be established through TCP6, and the clients have a public IPv4 like the first and second screenshots.


This is my server.conf
Code: 
dev tun
proto tcp
port xxxx
ca /etc/openvpn/easy-rsa/pki/ca.crt
cert /etc/openvpn/easy-rsa/pki/issued/xxxx.crt
key /etc/openvpn/easy-rsa/pki/private/xxxx.key
dh none
ecdh-curve prime256v1
topology subnet
server 10.200.162.0 255.255.255.0
# Set your primary domain name server address for clients
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
# Prevent DNS leaks on Windows
push "block-outside-dns"
# Override the Client default gateway by using 0.0.0.0/1 and
# 128.0.0.0/1 rather than 0.0.0.0/0. This has the benefit of
# overriding but not wiping out the original default gateway.
push "redirect-gateway def1"
client-to-client
client-config-dir /etc/openvpn/ccd
keepalive 15 120
remote-cert-tls client
tls-version-min 1.2
 tls-crypt /etc/openvpn/easy-rsa/pki/ta.key
cipher AES-256-CBC
auth SHA256
user openvpn
group openvpn
persist-key
persist-tun
crl-verify /etc/openvpn/crl.pem
status /var/log/openvpn-status.log 20
 
There really is no reason to do this unless you have some shortage of IPv4 addresses.

Your ISP would have to give your home a IPv6 address so you can establish communication with the server using IPv6.

If you need details on how to set the server up you are best off finding a forum with someone who does lots of linux setup. It is likely just routing statement in the IPTABLES but it has been many years since I messed with that so I forget. In effect the vpn tunnel between the 2 locations has the external addresses and a set of internal addresses on the tunnel end point themselves. You then route all the other IP addresses that pass over this connection to these internal end points addresses.

It is the reverse that you see more often and this is not even a vpn issue. You have some server that only has a IPv6 address and want to access it via IPv4. There is a built in tunneling method...not encrypted...that is commonly used.

In general IPv6 is still not really being used. It has been screamed it is the future of the internet since I was doing networking 30 years ago. It is still extremely limited in usage. For whatever reason the ISP have not spent the effort to make IPv6 have as good performance as IPv4. You find suboptimal routing for ipv6 connections sometimes. In addition ipv6 contains the mac address of the internal devices in your house so all the data collectors can now track you even more closely.
 
bill001g said:
There really is no reason to do this unless you have some shortage of IPv4 addresses.
Click to expand...
IPv4 addresses are easily recognized and blocked by ISPs.

bill001g said:
Your ISP would have to give your home a IPv6 address so you can establish communication with the server using IPv6.

In general IPv6 is still not really being used. It has been screamed it is the future of the internet since I was doing networking 30 years ago. It is still extremely limited in usage. For whatever reason the ISP have not spent the effort to make IPv6 have as good performance as IPv4. You find suboptimal routing for ipv6 connections sometimes. In addition ipv6 contains the mac address of the internal devices in your house so all the data collectors can now track you even more closely.
Click to expand...
I installed a few vpns from google play store and those that sucessfully connected established the connection through UDP6/TCP6. So I searched and realized that it is related to IPv6.
Thanks for the information and exp
 
Blocking access to IPv4 addresses owned by a vpn company is a thing china tends to do. It can't block the person who rents a virtual server from amazon or cloudflare and sets up his own VPN server. This is actually what I though you were trying to do but it appears you are just loading the client software. Setting up the server side is much more complex than just loading some app from google store.

Note when it comes to blocking VPN china is very advanced. First most implementation of openvpn are not really using HTTPS. The session setup is just different enough that you can detect it. There are openvpn implementations that really use https but you pay a performance penalty. Their is also information published that china has software to analyze the pattern in the encrypted HTTPS session to see if it VPN. Reports of them blocking stuff that is not actually vpn. It doesn't matter if it is IPv4 or IPv6 when it comes to blocking vpn when someone really wants to block it. They do far more than the lazy block all the IP addresses registered to a vpn company like NORD.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom