Here’s a pfSense setup with a HE tunnel, routed /64 on the inside, and a subnetted out /112 for the VPN.
Inside users have dual stack and can surf v4 or v6. Outside users VPN in, and receive an IPv4 and v6 virtual IP. Once in they can route out dual stack. It’s really easy to setup.
Sign up for a free tunnelbroker account at Hurricane Electric. https://tunnelbroker.net/ Once signed up, you’ll see some information about the endpoints. Your IPv4 IP, the v4 address on their end, and the server/client IPv6 addresses. There’s also a routed /64 for you to use internally.
Follow this guide to get the tunnel setup, and dynamically updated.
https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker
Once that’s done, follow this guide to configure your VPN. The OpenVPN wizard is extremely easy.
https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server
To enable IPv6 on the VPN, all you have to do is create a rule under Firewall/Rules/OpenVPN and allow IPv6 out the specific tunnel interface. Subnet out a /112 from your HE /64 and then go into VPN/OpenVPN, and paste it under the v6 virtual IP settings. Select force all traffic through the tunnel. Add some IPv6 DNS servers, then add these custom options at the bottom.
tun-ipv6; server-ipv6 2001:XXX:XX:XXX::XXX:1/112; #match with your subnet, and do a :1. push "route-ipv6 ::/0";
Now when you VPN in, you should be able to route v4 and v6.
0 Comments