PiVPN

Prerequisites

I used a fresh install of raspbian with SSH enabled.

If you don't have a static and public accessible IP from your ISP, you would probably like to use some free DDNS service, e.g., noip or the like.

As I am behind a CGNAT I have used DDNS and my IPv6 address for this, as IPv6 addresses are globally accessible.

DDNS works by some service (e.g., ddclient) running on your device regularly checks if the IP associated with your domain is correct or not. If not, it will update to the current IP such that the domain always resolves to your device.

Usually IPv4 is used and works out of the box and I encountered some challenges automatically updating my IPv6 address. For instance, noip's dynamic update client (DUC) only updates IPv4, as far as I know.

ddclient

The following configuration did the job for me updating my domain at noip with the correct IPv6 address.

First, install ddclient by sudo apt install ddclient.

Edit the /etc/ddclient.conf file with the contents:

# Configuration file for ddclient generated by debconf
#
# /etc/ddclient.conf
protocol=dyndns2 \
server=dynupdate.no-ip.com
usev6=if, if=wlan0
login=<username> \
password='<password>' \
<domain>

Consider doing a test by first removing the ddclient cache contents followed by an update.

The cache is there to ensure you only send an update if your IP has changed, hence no issues in removing it:

sudo rm /var/cache/ddclient/ddclient.cache && sudo ddclient

Installation

PiVPN have made it easy for us and we can just install by

curl -L https://install.pivpn.io | bash

Tons of installation guides can be found online, hence I will not go through the whole installation process here.

OpenVPN Configuration

In order to force PiVPN, or more precisely OpenVPN, to use IPv6, I had to do the following change in the /etc/openvpn/server.conf file:

proto udp -> proto udp6

Firewall

Traffic must be allowed to the destination port chosen, but remember we do not know anything regarding the source port. We only know the destination IPv6 address and the port chosen during the install of PiVPN.

PreviousGeneralNextGeneral

Last updated