I have about 4 billion IPV6 ips, i'd like to assign some to one of my external vpses not in the same D.C, the ipv6 ips are on a VPS too running ubuntu 10.04
How can i do this? E.G assign 10 ipv6 ips on my VPS to another External VPS, so that external VPS can use them??
Unless you have some control over the routing of your address space, all IPv6 traffic will have to transit trough your Ubuntu machine.
An easy way to do this is either GRE tunneling (if all your clients have public reacheable addresses) or openvpn. Since your machines are not in the same datacenter, openvpn is best used in tun mode.
First, you need to pick an IPv6 subnet and prefix for each site. You say you have about 4 billion addresses, that would be a /96 prefix. Let's say your gateway server has address 2001:xx..xx::1/96. Decide on a prefix to assign to your other servers. For instance, using /112 will let you have 65k vpses with 65k addresses each. Let's say your first client will have 2001:xx..xx:1::/112. Within this block, 2001:xx..xx:1::1/112 will be used by the gateway, and the rest is available for the client. (Technically one could avoid that, but that's how it is usually done)
Here are two tutorials for Ubuntu, respectively for 6to4 and GRE tunnels. What you want is something in-between.
On the clients, use something like
auto tun0 iface tun0 inet6 static address 2001:xx..xx:1::2 netmask 112 pre-up iptunnel add tun0 mode gre local <client IPv4> remote <gateway IPv4> pointopoint 2001:xx..xx:1::1 post-down iptunnel del tun1 up ip route add 2000::/3 dev tun1 On the gateway, for each client:
auto tun-server1 iface tun-server1 inet6 static address 2001:xx..xx:1::1 netmask 112 pre-up iptunnel add tun-server1 mode gre local <gateway IPv4> remote <client IPv4> pointopoint 2001:xx..xx:1::2 post-down iptunnel del tun1 Alternatively, you can also use openvpn in tun6 mode. You need a separate openvpn instance for each tunnel. A minimal configuration would look like, on the gateway and for each client (with static keys):
secret "/etc/openvpn/server1.key" dev-type tun tun-ipv6 dev tun-server1 local <Gateway IPv4> proto tcp-server And on the client, a single instance:
secret "/etc/openvpn/server1.key" dev-type tun tun-ipv6 dev tun0 remote <Gateway IPv4> proto tcp-client If your clients have public, reacheable addresses, you can remove the proto directive to use UDP (more efficient), as long as you add back the missing remote and local directives on both sides.
The file server1.key must contain a shared key, ideally different for each client. You can generate them with openvpn --genkey --secret server1.key
After that, you need to set up proper routes as before. There is documentation here about doing it (the first part is about setting up openvpn with certificates; you can use static keys first as it is faster to setup):
