Openvpn roadwarrior ipv6 setup?
-
So must be doing something stupid?
So never had any issues with ipv4, but figured what the hell might as well get ipv6 working as well.
So I grabbed another /64 out of my /48 from HE. Which I have multiple segments locally working with their own /64
I put this /64 as the ipv6 tunnel network, added my other /64s in local ipv6 networks. My windows client running
OpenVPN 2.3.6 i686-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [IPv6] built on Dec 1 2014Connects and I get a :1000 on my client in the /64 and I can see that the openvpn interface on pfsense has the :1 in that /64 - but can not ping it or any of the other local /64s
I made sure that disable ipv6 was not checked on the openvpn server setup page. The openvpn firewall tab has IPv6 any any rule setup.
I see the ipv6 routes get added on client. Happy to post up any info - but is there something I am missing. I will worry about getting internet access via ipv6 after I can get to my other local ipv6 networks or even ping the openvpn tunnel IPv6 address.
Now I am making my openvpn connection via a http proxy at this remote site - could that have anything to do with it?
-
Just a thought due to my discovery for DHCP6v-server and guessing here cause I don't do OpenVPN, but are you plagued by local LAN (ff:: ) and (fe:: ) in bogon-networks blocked ?
-
Now I am making my openvpn connection via a http proxy at this remote site - could that have anything to do with it?
Hmmm? Expand a bit, perhaps?
Works just fine here (no proxy of course), nothing special done really
-
no I don't block bogon anywhere, why would I block bogon on my openvpn interface the first place only connections there would be my clients? But bogon is not on any interface in pfsense, not v4 or v6.
Really odd, since I can clearly ping the ipv4 end of the tunnel.. seems odd that can not ping ipv6.. I have removed my settings and will try again – should really be just couple things required the ipv6 tunnel network and any local ipv6 networks and bing bang zoom I should be able to talk to them..
edit.. So dok on the http proxy..
Let me redo the ipv6 stuff and up the verb on the connection to get more details and will post and the route print from the windows box.
-
Hmmm… the proxy. Never tried that, no idea how it works and seeing it's IPv4 only. Meh.
-
Yeah have to try without the proxy and see if works..
Here is info server setup, client log and settings and route print. And that I can ping the ipv4 openvpn interface on pfsense but not the ipv6.. Figure this would be bing bang zoom, couple of settings and done.. But I do wonder if proxy is the problem.
edit: Well I tried without proxy and same thing. Let me try with my phone - maybe its this windows box.
-
Uhm… tried to tick the "Topology subnet" box?
-
Ok tried that, no proxy and while I got a different IPv4 address 10.0.8.2 this time, I could ping 10.0.8.1 but not the ipv6 address of pfsense.. Still the same :1000 address in ipv6
Very strange - I would think this was just going to be click.. my firewall rules are any any for openvpn ipv6… hmmm going to fire up client on my phone
-
-
Well its clearly something with the PC then.. works on my iphone.. Even with connection going in and out, as soon as it would show vpn connection I could ping..
edit: Wonder if the stupid firewall they have on here, I can disable it, which I have but still not working.. Will try it tonight from my personal laptop..
edit2: Which actually is good news, shows that it is as simple as I thought it was and something just wrong on this pc. Maybe its the client? But shows ipv6 in the info about the client..
edit3: Ok it was something on the pc and stupid - the tap interface had a binding with my secure remote client.. Pulled that out and bing bang zoom working.. Now will reconnect with the proxy and sure it will be working as well. Added push "route-ipv6 2000::/3" to advanced and now can ping global ipv6 stuff like google as well.
-
edit3: Ok it was something on the pc and stupid - the tap interface had a binding with my secure remote client.. Pulled that out and bing bang zoom working..
You can install multiple tap adapters. Probably easier than checking/unchecking the bindings all the time.
-
I don't need that binding on that interface for sure.. So just removed it..
