route IPv6 through OpenVPN gateway, and block it.

The goal here is to get the client to route any IPv6 traffic through the gateway, and to make sure it gets blocked in a way that lets the client device know it should not use IPv6 (reject the packets, don't silently kill them). Eventually, when we have support for IPv6 in the gateway, then we can route IPv6 traffic.

OpenVPN man page on IPv6 (minimal notes): https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage#lbAQ

Better, but still minimal, documentation: http://www.greenie.net/ipv6/openvpn.html

mini tutorial for debian ipv6 over tun (most tutorials use TAP): http://tomsalmon.eu/2013/04/openvpn-ipv6-with-tun-device/

i think we want to copy that, except we DON'T want this part:

push "route 192.168.1.0 255.255.255.0"
push "route-ipv6 2001:412:abcd::/48

in many tutorials on the internet, you will see the following claims:

• tun-ipv6 only works point to point, not point to multipoint (i.e. client to server)
• you need to use tap to get ipv6 support

both of these used to be true, but are no longer true.

(from redmine: created on 2013-10-16, closed on 2014-05-06, relates #5274 (closed))