diff --git a/docs/OPENVPN.xml b/docs/OPENVPN.xml
index 1bace4c5e..5c9f1ac1d 100644
--- a/docs/OPENVPN.xml
+++ b/docs/OPENVPN.xml
@@ -498,6 +498,202 @@ DNAT 172.20.1.0/24 tun1 192.168.1.0/24
the right as 172.20.1.0/24.
+
+ Roadwarrior with IPv6
+
+ While OpenVPN supports tunneling of IPv6 packets, the version of the
+ code that I run under OS X on my Macbook Pro does not support that option.
+ Nevertheless, I am able to take IPv6 on the road with me by creating a
+ 6to4 tunnel through the OpenVPN IPv6 tunnel. In this configuration, the
+ IPv4 address pair (172.20.0.10,172.20.0.11) is used for the OpenVPN tunnel
+ and (2001:470:e857:2::1,2001:470:e857:2::2) is used for the 6to4
+ tunnel.
+
+ Here are my config files:
+
+ Server (conventional routed server config):
+
+
+ dev tun
+
+local 70.90.191.121
+
+server 172.20.0.0 255.255.255.128
+
+dh dh1024.pem
+
+ca /etc/certs/cacert.pem
+
+crl-verify /etc/certs/crl.pem
+
+cert /etc/certs/gateway.pem
+key /etc/certs/gateway_key.pem
+
+port 1194
+
+comp-lzo
+
+user nobody
+group nogroup
+
+keepalive 15 45
+ping-timer-rem
+persist-tun
+persist-key
+
+client-config-dir /etc/openvpn/clients
+ccd-exclusive
+client-to-client
+
+push "route 172.20.1.0 255.255.255.0"
+
+verb 3
+
+ In the CCD file for the Macbook Pro:
+
+ ifconfig-push 172.20.0.11 172.20.0.10
+
+ From /etc/network/interfaces (very standard
+ 6to4 tunnel
+ configuration):
+
+ auto mac
+iface mac inet6 v4tunnel
+ address 2001:470:e857:2::1
+ netmask 64
+ endpoint 172.20.0.11
+ local 172.20.1.254
+
+ Note that while the remote endpoint (172.20.0.11) is also the
+ remote endpoint of the OpenVPN tunnel, the local endpoint (172.20.1.254)
+ of the 6to4 tunnel is not the local endpoint of the OpenVPN tunnel
+ (that;s 172.20.0.10). 172.20.1.254 is the IPv4 address of the Shorewall
+ firewall's LAN interface.
+
+ The following excerpts from the Shorewall configuration show the
+ parts of that configuration that are relevant to these two tunnels (bold
+ font). This is not a complete
+ configuration.
+
+ /etc/shorewall/zones:
+
+ #ZONE TYPE
+fw firewall
+loc ip #Local Zone
+drct:loc ipv4 #Direct internet access
+net ipv4 #Internet
+vpn ipv4 #OpenVPN clients
+
+ /etc/shorewall/interfaces:
+
+ #ZONE INTERFACE BROADCAST OPTIONS
+loc INT_IF detect dhcp,logmartians=1,routefilter=1,physical=$INT_IF,required,wait=5
+net COM_IF detect dhcp,blacklist,optional,routefilter=0,logmartians,proxyarp=0,physical=$COM_IF,nosmurfs
+vpn TUN_IF+ detect physical=tun+,routeback
+- sit1 - ignore
+- mac - ignore
+- EXT_IF - ignore
+- lo - ignore
+
+ /etc/shorewall/tunnels:
+
+ #TYPE ZONE GATEWAY GATEWAY
+# ZONE
+openvpnserver:udp net
+6to4 net
+6to4 vpn
+
+ Similarly, here are exerpts from the Shorewall6
+ configuration.
+
+ /etc/shorewall6/zones:
+
+ #ZONE TYPE OPTIONS IN OUT
+# OPTIONS OPTIONS
+fw firewall
+net ipv6
+loc ipv6
+rest ipv6
+
+ /etc/shorewall6/interfaces:
+
+ #ZONE INTERFACE BROADCAST OPTIONS
+net sit1 detect tcpflags,forward=1,nosmurfs,routeback
+loc eth4 detect tcpflags,forward=1
+loc mac detect tcpflags,forward=1
+rest eth+
+
+ Note that in the IPv6 firewall configuration, the remove Macbook
+ Pro is considered to be part of the local zone (loc).
+
+
+ Client (conventional routed client config):
+
+
+ client
+
+dev tun
+
+proto udp
+
+remote gateway.shorewall.net 1194
+
+resolv-retry infinite
+
+nobind
+
+persist-key
+persist-tun
+
+mute-replay-warnings
+
+ca ca.crt
+cert mac.crt
+key mac.key
+
+ns-cert-type server
+
+comp-lzo
+
+verb 3
+
+up /Users/teastep/bin/up
+down /Users/teastep/bin/down
+
+
+ /Users/teastep/bin/up:
+
+ #!/bin/bash
+LOCAL_IP=172.20.0.11
+LOCAL_IPV6=2001:470:e857:2::2
+REMOTE_IP=172.20.1.254
+REMOTE_IPV6=2001:470:e857:2::1
+TUNNEL_IF=gif0
+
+if [ $(ifconfig gif0 | wc -l ) -eq 1 ]; then
+ #
+ # Tunnel interface is not configured yet
+ #
+ /sbin/ifconfig $TUNNEL_IF tunnel $LOCAL_IP $REMOTE_IP
+ /sbin/ifconfig $TUNNEL_IF inet6 $LOCAL_IPV6 $REMOTE_IPV6 prefixlen 128
+else
+ /sbin/ifconfig $TUNNEL_IF up
+fi
+
+/sbin/route -n add -inet6 default $REMOTE_IPV6 > /dev/null 2>&1
+
+ /Users/teastep/bin/down:
+
+ #!/bin/bash
+
+TUNNEL_IF=gif0
+
+/sbin/ifconfig $TUNNEL_IF down
+/sbin/route -n delete -inet6 default > /dev/null 2>&1
+
+
+
+