Hello
I am not good with routing so please bare with me.
The configuration of the sytem we looks like this
1 x hardened gentoo server (with iproute2 enabled and ipv6 support in the kernel)
1 x test client again hardened gentoo (this time ifconfig only but ipv6 enabled too)
The client level is set and we cant have iproute2.
we are building a shield service for user that currenyl have ipv4 ips
there are to connect through there client gentoo pc up to the server via sslvpn Open vpn.
the idea is to randomly choose one of the /64 ips provided.
so each user is to have a gentoo system.
the setup would be good to assign 2 ips , on to the user and one on the server.
i would guess there would be a way to make it random via a script
any clarity on what im trying to do and how would a big help.
we know its possible, just havent figure out the way yet
thanks in advance for reading and any time you can spare
Do you want to choose a random address or a random /64 subnet?
thank you very much for your quick reponse, its brilliant to know there is an active forum.
i fogot to mention i have a tunnle set up on he.
i also got a /64 assigned by my server provider which come with 1 for the server.
i want to be to access for example 5000 of the available ips and randomly assign one of these.
externel ip endpoints for the open vpn tunnels on the server so we can hide the users ip so it must be externel and must be able to see it when we look at site like "whats my ip6"
as for your question i dont undertstand subnets other than i was told the /64 would give us a really larg amount of ips to play with and as yet i can even get one to work
thanks again
If you just want to assign random addresses, you can use DHCP for that.
well the randomness is the least important thing at the moment i need to the ipv6 endpoints up and pingable so we can do the randomness later.
im struggleing at the first stage , what do with the 2 lots of ipv6 and how to configure these on the server for use
Then we're going to need some more information.
Is your tunnel up? If not, what commands did you try and use?
If it is, that's half the battle. We just use RA & DHCP and go.
Are all of these systems going to be on the same network (eg all on 192.168.1.0/24 and not strewn about between 192.168.1.0/24 and 192.168.2.0/24)
well my he tunnel is up
and i have server assigned ipv6 x1 (assinged to the ipv4 server) and 1x /64
Tunnel is UP, ok.
Now you need to advertise your addresses to the rest of your subnet....by the way, you still didn't tell me if they were all on one subnet
Set up Router Advertisements to advertise your default route and if you want random addressing, set up DHCP to assign addresses
"Now you need to advertise your addresses to the rest of your subnet....by the way, you still didn't tell me if they were all on one subnet"
thats because i dont know the answer :-[
Set up Router Advertisements to advertise your default route and if you want random addressing, set up DHCP to assign addresses
i just went to the page on he.net copied and pasted the linux inet details into ssh and its now pinging out.
sorry to be so confusing, i have had it explained a few times and each time its a little differnt..
could you help me understand what it is i am trying to do please
if i post what ihave on here and delete later would that help ?
I can't help you decide what you need to do if you don't know yourself ;)
Your tunnel is up, good.
It seems like you just need to get IPv6 addresses shared with the rest of your hosts...am I right?
It's not saved.
I don't use gentoo, (I think JimB does...if he sees this post, he'll help you)
You need to add those commands to a startup file so they get run on a server reboot.
You need to enable the Router Advertisements on your router. Look through Google...I'm sure it's out there somewhere.
https://www.zagbot.com/openvpn_ipv6_tunnel.html
I had wanted to to this and send an ip0v6 ip to each user.
doe what ihave look right compapred to this please
I don't know.
It's the same idea as what you want to do, but if you're asking if the same commands will work, I don't know.