This is a work in progress, more polish to follow.
This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works.
Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested.
The tutorial uses a free tunnel from tunnelbroker.net to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter.
Place the following in /etc/network/interfaces
. Replace PUBLIC_IP
with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints:
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:db8::2
netmask 64
endpoint 72.52.104.74
local PUBLIC_IP
ttl 255
gateway 2001:db8::1
Bring the interface up:
ifup he-ipv6
Test that IPv6 works on the host:
ping6 google.com
If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall.
Add the --ipv6
to the Docker daemon invocation.
On Ubuntu and old versions of Debian Append the --ipv6
argument to the DOCKER_OPTS
variable in:
/etc/default/docker
On modern systemd distributions copy the service file and modify it and reload the service:
sed -e 's:^\(ExecStart.*\):\1 --ipv6:' /lib/systemd/system/docker.service | tee /etc/systemd/system/docker.service
systemctl restart docker.service
Copy the systemd init file from the docker-openvpn /init directory of the repository and install into /etc/systemd/system/docker-openvpn.service
curl -o /etc/systemd/system/[email protected] 'https://raw.githubusercontent.com/kylemanna/docker-openvpn/dev/init/docker-openvpn%40.service'
Edit the file, replace IP6_PREFIX
value with the value of your /64 prefix.
vi /etc/systemd/system/[email protected]
Finally, reload systemd so the changes take affect:
systemctl daemon-reload
Ensure that OpenVPN has been initialized and configured as described in the top level README.md
.
Start the systemd service file specifying the volume container suffix as the instance. For example, INSTANCE=test0
has a docker volume container named ovpn-data-test0
and service will create ovpn-test0
container:
systemctl start docker-openvpn@test0
Verify logs if needed:
systemctl status docker-openvpn@test0
docker logs ovpn-test0
Append the default route for the public Internet:
echo "route-ipv6 2000::/3" >> clientname.ovpn
If all went according to plan, then ping6 2600::
and ping6 google.com
should work.
Fire up a web browser and attempt to navigate to https://ipv6.google.com.
This feature requires a docker daemon with working IPv6 support.
This will allow connections over IPv4 and IPv6.
Generate server configuration with the udp6 or tcp6 protocol:
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp6://VPN.SERVERNAME.COM
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u tcp6://VPN.SERVERNAME.COM