• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

OpenVPN with IPv6 over IPv4 / pfSense 2.1

2.1 Snapshot Feedback and Problems - RETIRED
4
5
6.6k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cpm
    last edited by Jun 3, 2012, 9:52 AM

    Hi,

    I've already installed pfsense 2.1 (Beta0, Jun 2) for routing my /48. Anything works as expected and I decided to try routing an ipv6 net over ipv4. So I added a ipv6 tunnel net to an existing openvpn config (PKI site-to-site, no client overriding) and let my test client (OpenVPN 2.2.1 i486-linux-gnu with ipv6 patch) reconnects via ipv4, but the ipv6 part failed to initialize.

    client log:
    Sun Jun  3 10:38:42 2012 us=873273 SENT CONTROL [pfsense]: 'PUSH_REQUEST' (status=1)
    WRRWRWRSun Jun  3 10:38:42 2012 us=996742 PUSH: Received control message: 'PUSH_REPLY,route 10.100.1.0 255.255.255.0,route-ipv6 2001:db8:702:3000::/64,route 10.0.10.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.11.2 10.0.11.1'
    Sun Jun  3 10:38:42 2012 us=996889 OPTIONS IMPORT: timers and/or timeouts modified
    Sun Jun  3 10:38:42 2012 us=997055 OPTIONS IMPORT: –ifconfig/up options modified
    Sun Jun  3 10:38:42 2012 us=997080 OPTIONS IMPORT: route options modified
    Sun Jun  3 10:38:42 2012 us=997829 ROUTE default_gateway=192.168.1.1
    Sun Jun  3 10:38:42 2012 us=998197 ROUTE6: default_gateway=UNDEF
    Sun Jun  3 10:38:42 2012 us=998231 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
    Sun Jun  3 10:38:42 2012 us=998304 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2001:db8:702:3000::/64
    Sun Jun  3 10:38:43 2012 us=3601 TUN/TAP device tun1 opened
    Sun Jun  3 10:38:43 2012 us=3699 TUN/TAP TX queue length set to 100
    Sun Jun  3 10:38:43 2012 us=3757 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=0

    The pfsense openvpn logs looks quite normal, but my ipv6 tunnel net (2001:db8:702:1000::/64) won't be displayed in the routing table as I know from the ipv4 tunnel net (10.0.10/24) and it didn't assigned to any openvpn tun device.

    Did I miss something in my openvpn config? Thanks in advance!

    1 Reply Last reply Reply Quote 0
    • C
      cpm
      last edited by Jun 11, 2012, 11:15 AM

      Perhaps someone is interested in a "works for me" solution. I properly solved the problem by manually added "server-ipv6 2001:db8:702:1000::/64" into the pfSense OpenVPN config, but it didn't works with "Client Specific Override". My client gets now a ipv6 address and know where to route the ipv6 net.

      Mon Jun 11 13:15:34 2012 SENT CONTROL [pfsense]: 'PUSH_REQUEST' (status=1)
      Mon Jun 11 13:15:34 2012 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2001:db8:702:1000::1:0 2001:db8:702:1000::1,route 10.100.1.0 255.255.255.0,route-ipv6 2001:db8:702:3000::/64,tun-ipv6,route 10.0.10.1,topology net30,ping 10,ping-restart 60,ifconfig 10.0.10.6 10.0.10.5'
      Mon Jun 11 13:15:34 2012 OPTIONS IMPORT: timers and/or timeouts modified
      Mon Jun 11 13:15:34 2012 OPTIONS IMPORT: –ifconfig/up options modified
      Mon Jun 11 13:15:34 2012 OPTIONS IMPORT: route options modified
      Mon Jun 11 13:15:34 2012 ROUTE default_gateway=x.x.228.1
      Mon Jun 11 13:15:34 2012 ROUTE6: default_gateway=UNDEF
      Mon Jun 11 13:15:34 2012 TUN/TAP device tun1 opened
      Mon Jun 11 13:15:34 2012 TUN/TAP TX queue length set to 100
      Mon Jun 11 13:15:34 2012 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
      Mon Jun 11 13:15:34 2012 /sbin/ifconfig tun1 10.0.10.6 pointopoint 10.0.10.5 mtu 1500
      Mon Jun 11 13:15:34 2012 /sbin/ifconfig tun1 inet6 add 2001:db8:702:1000::1:0/64
      Mon Jun 11 13:15:34 2012 /sbin/route add -net 10.100.1.0 netmask 255.255.255.0 gw 10.0.10.5
      Mon Jun 11 13:15:34 2012 /sbin/route add -net 10.0.10.1 netmask 255.255.255.255 gw 10.0.10.5
      Mon Jun 11 13:15:34 2012 add_route_ipv6(2001:db8:702:3000::/64 -> 2001:db8:702:1000::1 metric 0) dev tun1
      Mon Jun 11 13:15:34 2012 /sbin/route -A inet6 add 2001:db8:702:3000::/64 dev tun1
      Mon Jun 11 13:15:34 2012 Initialization Sequence Completed

      1 Reply Last reply Reply Quote 0
      • D
        databeestje
        last edited by Jun 14, 2012, 4:00 PM

        Tun mode with ipv6 should work. Better support should be forthcoming with the openvpn 2.3 release. It is still heavily under development though.

        We need to take a look at what state it is in before we approach 2.1

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jun 14, 2012, 5:53 PM

          This works for me also (tunneling v6 inside a v4 openvpn) but I only use it on a static key setup, I haven't tried ssl/tls.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • A
            athurdent
            last edited by Jul 26, 2012, 1:11 PM

            Works fine on Win7 64 bit with the new OpenVPN 2.3 alpha2 release. Using it sucessfully with local user password and certificate authentication. Finally a reliable way to use IPv6 anywhere I like ;) Many thanks to the pfSense developers for implementing this!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.