This is a work in progress, more polish to follow.
This feature is advanced and recommended only for those who already have a functioning IPv4 tunnel and know how IPv6 works.
Systemd is used to setup a static route and Debian 8.1 or later is recommended as the host distribution. Others probably work, but haven't been tested.
The tutorial uses a free tunnel from tunnelbroker.net to get a /64 and /48 prefix allocated to me. The tunnel endpoint is less then 3 ms away from Digital Ocean's San Francisco datacenter.
Place the following in /etc/network/interfaces. Replace PUBLIC_IP with your host's public IPv4 address and replace 2001:db8::2 and 2001:db8::1 with the corresponding tunnel endpoints:
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:db8::2
netmask 64
endpoint 72.52.104.74
local PUBLIC_IP
ttl 255
gateway 2001:db8::1
Bring the interface up:
ifup he-ipv6
Test that IPv6 works on the host:
ping6 google.com
If this doesn't work, figure it out. It may be necessary to add an firewall rule to allow IP protocol 41 through the firewall.
Add the --ipv6 to the Docker daemon invocation.
On Ubuntu and old versions of Debian Append the --ipv6 argument to the DOCKER_OPTS variable in:
/etc/default/docker
On modern systemd distributions copy the service file and modify it and reload the service:
sed -e 's:^\(ExecStart.*\):\1 --ipv6:' /lib/systemd/system/docker.service | tee /etc/systemd/system/docker.service
systemctl restart docker.service
Copy the systemd init file from the docker-openvpn /init directory of the repository and install into /etc/systemd/system/docker-openvpn.service
curl -o /etc/systemd/system/docker-openvpn@.service 'https://raw.githubusercontent.com/kylemanna/docker-openvpn/dev/init/docker-openvpn%40.service'
Edit the file, replace IP6_PREFIX value with the value of your /64 prefix.
vi /etc/systemd/system/docker-openvpn@.service
Finally, reload systemd so the changes take affect:
systemctl daemon-reload
Ensure that OpenVPN has been initialized and configured as described in the top level README.md.
Start the systemd service file specifying the volume container suffix as the instance. For example, INSTANCE=test0 has a docker volume container named ovpn-data-test0 and service will create ovpn-test0 container:
systemctl start docker-openvpn@test0
Verify logs if needed:
systemctl status docker-openvpn@test0
docker logs ovpn-test0
Append the default route for the public Internet:
echo "route-ipv6 2000::/3" >> clientname.ovpn
If all went according to plan, then ping6 2600:: and ping6 google.com should work.
Fire up a web browser and attempt to navigate to https://ipv6.google.com.
This feature requires a docker daemon with working IPv6 support.
This will allow connections over IPv4 and IPv6.
Generate server configuration with the udp6 or tcp6 protocol:
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u udp6://VPN.SERVERNAME.COM
docker run -v $OVPN_DATA:/etc/openvpn --rm kylemanna/openvpn ovpn_genconfig -u tcp6://VPN.SERVERNAME.COM