Network overview (server-side)

The OpenBSD computer is an IPv6 router (using rtadvd), and with a 2001:aaaa:bbbb::/48 prefix. Prefix 2001:aaaa:bbbb:1::/56 is reserved for LAN computers, tunnel-side will use the 2001:aaaa:bbbb:2::/56 prefix
The tunnel IPv4 link will be between local IP (Windows 2000 workstation) and (OpenBSD server).

OpenVPN setup (OpenBSD-side)

On OpenBSD server, we will install OpenVPN (i.e. 1.6 version using ports). Usefull OpenVPN settings we need are: (other settings - compression, cryptography, etc. - are at your discretion). OpenVPN will be setup with bridge mode, and not routed mode (explanation is into Windows 2000 setup section).

Into OpenVPN configuration file, (i.e. openvpn.conf), you must have the following settings (adapt them to your network settings)

dev tun0
dev-type tap
port 5000

Don't add an "ifconfig" line as it's not available for OpenVPN under OpenBSD in bridge mode.
Don't add a "remote" line, as the client is behind a gateway or a router.

The, you must create the bridge (associated to a physical network adapter, here the device "rl0")., startup OpenVPN, and give it an IP address. You may use the following command lines, and add then into /etc/rc.local file:

/sbin/ifconfig tun0 link0 up
/sbin/ifconfig bridge0 create
/sbin/brconfig bridge0 add rl0 add tun0 up
/usr/local/sbin/openvpn --config /etc/openvpn.confdaemon
/sbin/ifconfig tun1
/sbin/ifconfig tun1 inet6 2001:aaaa:bbbb:2::1

OpenVPN is now running, and waits for a connection.

OpenVPN setup (Windows-side)

Install OpenVPN, which install a service, and a TAP32 virtual network adapter. We must use bridge mode because IPv6 is not available for routed mode under Windows 2000.
Into OpenVPN configuration file, (i.e. openvpn.conf), you must have the following settings (adapt them to your network settings)

dev tap
port 5000

The "remote" line must have OpenVPN server public IP address.

Then start up OpenVPN service, and it may connect to the tunnel other side. If you want to check it, the following command lines may help you:


from OpenBSD server. If the ping is OK, so is the connection.


from Windows 2000 workstation. If the ping is OK, so is the connection.

IPv6 setup (Windows-side)

First, you have to install Microsoft's IPv6 stack. You may refer to this address in order to know installation steps. When the IPv6 stack is installed, you have to set it up.

Open a command line session, then execute the following command lines:

ipv6 adu index/2001:aaaa:bbbb:2::2

"index" must be OpenVPN virtual adapter index. I.e., if TAP-32 is called "Local Connection 3", the index is 3.

This line give 2001:aaaa:bbbb:2::2 IP address to your OpenVPN interface.

Then you have to set up IPv6 routing:

ipv6 rtu ::/0 index/2001:aaaa:bbbb:2::1
ipv6 rtu 2001:aaaa:bbbb::/56 index

The first line add a route for all IPv6 destinations through IPv6 tunnel. The second one does the same for your LAN IPv6 addresses. Don't forget to replace index with your network adapter number.


  • I could not get rtadvd work through the tunnel. I get no error message, but no IPv6 address is given to Windows 2000 workstation. Either I made a mistake, or it's a Windows 2000 IPv6 stack limitation.
  • This HOW-TO contains no information about IPv4 routing. You can find as many how-to about it on the Web.
  • Windows 2000 IPv6 stack does not work with Internet Explorer 6.0 because wininet.dll file is too old. You may either use Firefox or Mozilla, since 2005/10/03 nightly builds.