IPv6 allocation is incorrect
the IP allocated to the tun0 interface seems incorrect:
8: tun0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100 link/none inet 10.42.0.4/21 brd 10.42.7.255 scope global tun0 inet6 2001:db8:123::1002/64 scope global valid_lft forever preferred_lft forever
http://www.faqs.org/rfcs/rfc3849.html explicitely forbids actual use of 2001:db8/32:
IANA is to record the allocation of the IPv6 global unicast address prefix 2001:DB8::/32 as a documentation-only prefix in the IPv6 address registry. No end party is to be assigned this address.
I strongly recommend dropping the use of that prefix, which should be firewalled to hell and back. The proper IPv6 space to use for VPNs is most likely IPv6 ULA addresses (https://en.wikipedia.org/wiki/Unique_local_address) or actual public IPv6 routes that are actually announced. That is, after all, the whole point of IPv6 (to stop doing freaking NATs...)
(from redmine: created on 2014-08-08)