Monday, May 14, 2018

Assign IPV6 to external vps/clients



I have about 4 billion IPV6 ips, i'd like to assign some to one of my external vpses not in the same D.C, the ipv6 ips are on a VPS too running ubuntu 10.04



How can i do this?

E.G assign 10 ipv6 ips on my VPS to another External VPS, so that external VPS can use them??


Answer



Unless you have some control over the routing of your address space, all IPv6 traffic will have to transit trough your Ubuntu machine.



An easy way to do this is either GRE tunneling (if all your clients have public reacheable addresses) or openvpn. Since your machines are not in the same datacenter, openvpn is best used in tun mode.



First, you need to pick an IPv6 subnet and prefix for each site. You say you have about 4 billion addresses, that would be a /96 prefix. Let's say your gateway server has address 2001:xx..xx::1/96. Decide on a prefix to assign to your other servers. For instance, using /112 will let you have 65k vpses with 65k addresses each. Let's say your first client will have 2001:xx..xx:1::/112. Within this block, 2001:xx..xx:1::1/112 will be used by the gateway, and the rest is available for the client. (Technically one could avoid that, but that's how it is usually done)



Here are two tutorials for Ubuntu, respectively for 6to4 and
GRE tunnels. What you want is something in-between.




On the clients, use something like



auto tun0
iface tun0 inet6 static
    address 2001:xx..xx:1::2
    netmask 112
    pre-up iptunnel add tun0 mode gre local  remote 
    pointopoint 2001:xx..xx:1::1
    post-down iptunnel del tun1

    up ip route add 2000::/3 dev tun1


On the gateway, for each client:



auto tun-server1
iface tun-server1 inet6 static
    address 2001:xx..xx:1::1
    netmask 112
    pre-up iptunnel add tun-server1 mode gre local  remote 

    pointopoint 2001:xx..xx:1::2
    post-down iptunnel del tun1




Alternatively, you can also use openvpn in tun6 mode. You need a separate openvpn instance for each tunnel. A minimal configuration would look like, on the gateway and for each client (with static keys):



secret "/etc/openvpn/server1.key"
dev-type tun

tun-ipv6
dev tun-server1
local 
proto tcp-server


And on the client, a single instance:



secret "/etc/openvpn/server1.key"
dev-type tun

tun-ipv6
dev tun0
remote 
proto tcp-client


If your clients have public, reacheable addresses, you can remove the proto directive to use UDP (more efficient), as long as you add back the missing remote and local directives on both sides.



The file server1.key must contain a shared key, ideally different for each client. You can generate them with openvpn --genkey --secret server1.key




After that, you need to set up proper routes as before. There is documentation here about doing it (the first part is about setting up openvpn with certificates; you can use static keys first as it is faster to setup):



http://www.zagbot.com/openvpn_ipv6_tunnel.html


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...