OpenVPN DHCPv6 log flood

doktornotor

Perhaps you need to add the UnicastOnly flag?  ;D

ducks and covers

asterix

@doktornotor:

Perhaps you need to add the UnicastOnly flag?  ;D

ducks and covers

Lol would had done so if there was an option for it.. hehe ;D

doktornotor

:D :D :D

So, does it work when you edit /var/etc/radvd.conf and restart radvd service? If not, you might try with TAP instead of TUN.

asterix

Yup tried that already. Didn't work. It removes the flag on service restart.

doktornotor

1/ Stop the service.
2/ Edit the config.¨
3/ Run  /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog

asterix

That didn't work either. It still removes the flag on service restart.

Also, where are all the system log files stored? Do they get deleted after a certain period of time? I don't want my hard disk filled up with these logs.

doktornotor

Yes of course it removed the flag when you go messing with the GUI! The whole purpose of the above was to test whether it actually does fix your issue.

(The logs are circular, fixed size.)

asterix

@doktornotor:

Yes of course it removed the flag when you go messing with the GUI! The whole purpose of the above was to test whether it actually does fix your issue.

(The logs are circular, fixed size.)

Issue still persists and adding the flag did not fix it.

Logs are fixed size.. yes, but the number of logs keeps increasing.

doktornotor

How does the number of logs keep increasing?  :o ???

(If the flag does not help, move to TAP.)

asterix

changing OpenVPN to tap stops the flood but I need to use tun for the VPN clients.

doktornotor

Well… it stops the flood because tap supports broadcast. Not really sure how's this fixable beyond muting the log. You normally do not run DHCP{,v6}/RA through tun tunnels. Why are you assigning the interface at all?

kejianshi

There should probably be Router advertisements on but not DHCP/v6

I'm assuming trying to tunnel IPv6 over a IPV4 vpn?

Mine works this way.

You need no DHCP
You do need router advertisements to your /48 (I assume)
And your IPV6 openvpn interface as the DNS server entered in DNS server list in Router advertisements.

You will also need to push a route in openvpn.

push "route-ipv6 2000::/3";
keepalive 5 120;

Anyway - It works for me.  My remote clients all get a public IPV6 address and browsing IPV6 sites works fine

P.S.  I'm using TUN

But yeah, the "do you need to add the UnicastOnly flag?" is one of a many BS log clutter I ignore.  Mine also does that.

asterix

You have described my exact configuration. I have IPv6 tunnel over IPv4 and using it for VPN. Have RA on and DHCP/v6 off as the IPs are handed out by OpenVPN.

Yes, I need RA as IPv6 address is not handed out without it since in /48 (/64 subnet but from a /48 as I have multiple subnets from the /48 making it /64). The DNS resolver works great with IPv6 without any config changes. I presume it pickups the subnet's gateway and uses it to resolve all IPv6 queries.

Surprisingly I do not need to push route in OpenVPN, seems RA takes care of that.

So using TUN I may have to ignore the log flood till there is a fix OR till my ISP starts using IPv6.

kejianshi

I'm ignoring it…