I have a client that runs a IPv6 network. Over this network they do not want to see IPv4 being transported over their network, but there are some IPv4 end points that need to talk to each other over this same network. Also, this network has NO ACCESS TO THE INTERNET. This part won’t change.
OpenVPN has a stand-alone Access Server that fit the needs of what I’m trying to do, mostly. The one thing it can not do is establish the tunnel as an IPv6 tunnel. It can transport IPv6 through a IPv4 tunnel but that doesn’t help me. For the proof of concept, I used a Windows Server 2022 and ran the Ubuntu server as a Hyper-V that ran the OpenVPN Access Server. Can your product do the things I’m looking to do?
Summation of needs.
· Standalone/local VPN solution.
· No internet access.
· IPv4 clients communicating over a IPv6 VPN tunnel.
Standalone or Private IPv6 VPN solution.
-
Hub-IA
- Posts: 1
- Joined: Fri Jan 10, 2025 7:57 pm
Re: Standalone or Private IPv6 VPN solution.
1. WireGuard
Why WireGuard?
WireGuard is lightweight, efficient, and natively supports IPv6 transport for tunnels. You can set up a standalone WireGuard VPN server and configure it to route IPv4 traffic through IPv6 tunnels.
How It Fits Your Needs:
Standalone and works without internet access.
Supports pure IPv6 tunnels.
Allows IPv4 traffic to be encapsulated and routed through IPv6.
Setup Example:
Configure WireGuard on a server with only IPv6 endpoints.
Use NAT or routing rules to encapsulate IPv4 traffic over the IPv6 network.
Ensure that IPv4 communication occurs between endpoints within the IPv6 tunnel.
2. SoftEther VPN
Why SoftEther?
SoftEther VPN supports dual-stack operation (IPv4 and IPv6) and can function entirely offline. It also supports bridging to allow IPv4 clients to communicate over IPv6 tunnels.
How It Fits Your Needs:
Fully standalone with no internet requirement.
Can encapsulate IPv4 traffic inside IPv6 tunnels.
Setup Example:
Install SoftEther on a dedicated server within the IPv6 network.
Configure a VPN bridge to encapsulate IPv4 traffic.
Connect IPv4 endpoints to the VPN to enable communication.
3. Tinc VPN
Why Tinc?
Tinc is a mesh VPN software that supports IPv6 tunnels and can operate without internet access. It is ideal for custom setups like yours.
How It Fits Your Needs:
Standalone and completely customizable.
IPv6-native with support for IPv4 over IPv6.
Setup Example:
Configure Tinc with IPv6-only transport.
Define endpoints for IPv4 communication.
Route IPv4 traffic between endpoints through the IPv6 tunnel.
Additional Tips
Routing IPv4 Traffic:
You’ll need to set up proper NAT64 or translation rules to allow IPv4 endpoints to communicate effectively over the IPv6 network. Tools like tayga (a NAT64 daemon) can help with this.
Firewall Rules:
Ensure that your VPN server's firewall permits both IPv4 and IPv6 traffic where necessary to avoid packet loss.
Summary
Both WireGuard and SoftEther VPN can provide the functionality you need, allowing IPv4 clients to communicate over an IPv6 tunnel in a standalone, offline environment. For more advanced configurations, Tinc VPN might be worth exploring.
Let us know if you need more guidance with the setup process!
Best regards,
Why WireGuard?
WireGuard is lightweight, efficient, and natively supports IPv6 transport for tunnels. You can set up a standalone WireGuard VPN server and configure it to route IPv4 traffic through IPv6 tunnels.
How It Fits Your Needs:
Standalone and works without internet access.
Supports pure IPv6 tunnels.
Allows IPv4 traffic to be encapsulated and routed through IPv6.
Setup Example:
Configure WireGuard on a server with only IPv6 endpoints.
Use NAT or routing rules to encapsulate IPv4 traffic over the IPv6 network.
Ensure that IPv4 communication occurs between endpoints within the IPv6 tunnel.
2. SoftEther VPN
Why SoftEther?
SoftEther VPN supports dual-stack operation (IPv4 and IPv6) and can function entirely offline. It also supports bridging to allow IPv4 clients to communicate over IPv6 tunnels.
How It Fits Your Needs:
Fully standalone with no internet requirement.
Can encapsulate IPv4 traffic inside IPv6 tunnels.
Setup Example:
Install SoftEther on a dedicated server within the IPv6 network.
Configure a VPN bridge to encapsulate IPv4 traffic.
Connect IPv4 endpoints to the VPN to enable communication.
3. Tinc VPN
Why Tinc?
Tinc is a mesh VPN software that supports IPv6 tunnels and can operate without internet access. It is ideal for custom setups like yours.
How It Fits Your Needs:
Standalone and completely customizable.
IPv6-native with support for IPv4 over IPv6.
Setup Example:
Configure Tinc with IPv6-only transport.
Define endpoints for IPv4 communication.
Route IPv4 traffic between endpoints through the IPv6 tunnel.
Additional Tips
Routing IPv4 Traffic:
You’ll need to set up proper NAT64 or translation rules to allow IPv4 endpoints to communicate effectively over the IPv6 network. Tools like tayga (a NAT64 daemon) can help with this.
Firewall Rules:
Ensure that your VPN server's firewall permits both IPv4 and IPv6 traffic where necessary to avoid packet loss.
Summary
Both WireGuard and SoftEther VPN can provide the functionality you need, allowing IPv4 clients to communicate over an IPv6 tunnel in a standalone, offline environment. For more advanced configurations, Tinc VPN might be worth exploring.
Let us know if you need more guidance with the setup process!
Best regards,
-
JessicaDavis
- Posts: 1
- Joined: Tue Jan 14, 2025 12:47 pm
Re: Standalone or Private IPv6 VPN solution.
Thank you so much for the suggestions.