With my recent ISP-change for my internet at home there where quite a lot of changes. One of that changes was, that UPC – my current provider – uses DualStack Lite.
For me it’s the first ISP that really provides IPv6. So that’s pretty cool and I finally had the chance (was forced) into digging deeper into IPv6.
In general everything is working quite well but, as it’s dual stack lite my router doesn’t provide an option to do some portforwarding to one of my hosts inside my local network. At least not for IPv4 connections. So I have no chance to access one of my devices via my public IPv4 address what becomes a problem when I want to connect to my home network via VPN from an IPv4 only network.
I couldn’t find any suitable 4to6 tunnel broker that lets me access my IPv6-devices through an IPv4 address, but luckily I have a VPS that runs on real dualstack and therefor has an IPv4 and IPv6 address.
So to access my IPV6 VPN server in my private network from an IPv4 only network I created an SSH-tunnel from my VPN-server (that runs on a Raspberry PI) to my VPS and forwarded the OpenVPN port.
To do that the VPS’ sshd-configuration needs to be adapted to expose forwarded ports to it’s public IP-address(es). For that the following setting needs to be added to/ changed in the sshd_config:
[pastacode lang=”bash” manual=”GatewayPorts%20yes” message=”” highlight=”” provider=”manual”/]
After that I created the following script on my VPN-Raspberry:
[pastacode lang=”bash” manual=”%23!%2Fbin%2Fbash%0A%0AvarConnectionString%3D%22-nNT%20-R%201194%3Alocalhost%3A1194%20%3Cusername%3E%40%3Cservername%3E%20-p%20%3Cport%3E%22%0A%0Aif%20%5B%5B%20%24(ps%20aux%20%7C%20grep%20-v%20%22grep%22%20%7C%20grep%20%22%24(echo%20%24varConnectionString%20%7C%20sed%20’s%2F%5E-%2F%5C%5C-%2Fg’)%22)%20%5D%5D%3B%20then%0A%0Aecho%20%22Found%20active%20connection%22%0A%0Aelse%0A%0Aecho%20%22No%20active%20connection%20found%22%0Assh%20%24(echo%20%24varConnectionString)%20%26%0Afi” message=”create SSH-tunnel” highlight=”” provider=”manual”/]
That script is added to be exectuted every half hour as a cronjob. So if the connection (for whatever reason) gets diconnected it will automatically reconnect to the VPS and forward the port again.