I have a dual stack IPv4/IPv6 home connection and want to create an OpenVPN server. My ISP assigns me an /59 IPv6 block, which is not stable and can change at any point (not daily, but it still does). The server runs on a Raspberry Pi with Debian Buster.
Let's say my current prefix assigned from the ISP is dead::beef::/59 and my server has two IPv6 addresses via SLAAC. The first host id is ::1234 (temporary) and the second one is ::9876 (stable). I have a DynDNS entry pointing to dead::beef::9876.
The OpenVPN client connects to dead::beef::9876 via UDP6, the OpenVPN server receives the initial packet but responds via dead::beef::1234. Therefore the connection does not work.
I have managed to bind the OpenVPN server to the stable address via
local dead::beef::9876
, which at least make the client connect. Unfortunately the block could change at any time, so I want to avoid this.
Is there any way to bind the server to the stable host id ::9876, but don't specify the prefix in the host id?
In addition, if I want to use a /64 block for the clients (via the server
directive), I can retrieve one via DHCPv6 Prefix delegation from my router. Unfortunately, then I also have to specify the fixed prefix in my config file.
Is there any way to make this specific, too?
Or should I somehow configure a trigger whenever the IP address changes, then generate a new config file and restart the server?
I have fixed the first problem by adding the
multihome
and not specifying anylocal
option.From the docs:
https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/
I had the problem that binding with
local
to the IPv6 address disabled IPv4 connections.