HomeNetwork is my home network, which is both IPv4 and IPv6 enabled. The IPv4 is NATted by the provider due to block exhaustion, while the IPv6 is fixed.
PublicNetworks are any of a number of public networks (cafés, etc.), or phone tethering.
LaptopA is a laptop computer which is often used from PublicNetworks. In these cases, only IPv4 is provided. When it’s on HomeNetwork, it has both IPv4 and IPv6 (not that that matters for this discussion).
DesktopB is a desktop computer which sits on HomeNetwork. It is globally accessible via its IPv6 address (assume it is not accessible at all via IPv4, as that’s not relevant to the discussion).
ServerC is a VPS which has both IPv4 and IPv6 fixed, globally available addresses.
And I have this goal:
Provide LaptopA with IPv6 connectivity when it’s connected to PublicNetworks.
And these constraints:
Do not use any “tunnel broker” services or any other similar third party. It should all work via the infrastructure listed above (in particular, ServerC can act as a tunnel endpoint).
Do not use VPS or similar solutions (IPSEC).
And this question:
How do I go about it?
Any help is appreciated. I’m sort of stuck here and there seems to be a dearth of documentation relating to this.
On Thu, 09 Jul 2015 17:06:02 +0000, licehunter wrote:
> How do I go about it?
Set up an openVPN server (myself, I use the openVPN Access Server running
in a virtual machine). That way, you’re hosting the VPN solution that
you’re using.
My apologies, there is a typo in the post above. Where it says “Do not use VPS or similar solutions (IPSEC)” it should read instead “Do not use VPN or similar solutions (IPSEC)”. Sorry for the confusion.
On Thu, 09 Jul 2015 18:26:01 +0000, licehunter wrote:
> hendersj;2718952 Wrote:
>> Set up an openVPN server
>
>
> My apologies, there is a typo in the post above. Where it says -“Do not
> use VPS or similar solutions (IPSEC)”- it should read instead “Do not
> use VPN or similar solutions (IPSEC)”. Sorry for the confusion.
So, why would you want to exclude a technology that would solve the
problem for you?
OpenVPN doesn’t use IPSEC, it uses its own protocol.
By definition, you want to create an IPv6 tunnel in IPv4 - to do that you
need another endpoint, and the easiest possible way to do that is to use
a VPN.
On Fri, 10 Jul 2015 00:21:55 +0000, Jim Henderson wrote:
> On Thu, 09 Jul 2015 18:26:01 +0000, licehunter wrote:
>
>> hendersj;2718952 Wrote:
>>> Set up an openVPN server
>>
>>
>> My apologies, there is a typo in the post above. Where it says -“Do not
>> use VPS or similar solutions (IPSEC)”- it should read instead “Do not
>> use VPN or similar solutions (IPSEC)”. Sorry for the confusion.
>
> So, why would you want to exclude a technology that would solve the
> problem for you?
>
> OpenVPN doesn’t use IPSEC, it uses its own protocol.
>
> By definition, you want to create an IPv6 tunnel in IPv4 - to do that
> you need another endpoint, and the easiest possible way to do that is to
> use a VPN.
>
> Jim
A very suboptimal solution, but maybe closer to what you’re looking for -
tunnel over ssh:
As noted in the linked discussion, though, tcp over tcp is generally not
recommended for performance reasons. If you want good performance, a VPN
is going to be your best option.
Let’s start by first answering the basic Q
Why are you asking about a tunnel at all?
Are you simply asking how to connect to your home network using IPv6?
If so, then the basic requirements aren’t different from IPv4 except implemented differently… You need a routable IPv6 address which means you need one that uses your ISP’s prefix as part of your IPv6 address. If for instance you only configure the auto-configured “link local” address, it’s not routable and discoverable outside your LAN. The other requirement is if you use FQDN, then you need name resolution, which means either a Hosts file with the information or DNS serving an AAAA record pointing to your home network router.
If you’re asking about a “tunnel” but not a “tunnel broker” then you’re asking about setting up some kind of VPN. A tunnel broker provides IPv6 encapsulated within IPv4, most commonly used to traverse IPv4 NAT configured with IPv4 port forwarding. But, if your ISP provides “carrier” IPv6, then a tunnel broker is not necessary. If you want to set up a machine in your network as a VPN endpoint, then just do it. IPv6 is not NAT’d so if you have a routable (global) IPv6 address, then you’re ready to go, just configure it.
Post again if what I described somehow doesn’t clear up a misunderstanding,
TSU
