Openvpn roadwarrior ipv6 setup?

doktornotor

@johnpoz:

Now I am making my openvpn connection via a http proxy at this remote site - could that have anything to do with it?

Hmmm? Expand a bit, perhaps?

Works just fine here (no proxy of course), nothing special done really

johnpoz

no I don't block bogon anywhere, why would I block bogon on my openvpn interface the first place only connections there would be my clients?  But bogon is not on any interface in pfsense, not v4 or v6.

Really odd, since I can clearly ping the ipv4 end of the tunnel.. seems odd that can not ping ipv6..  I have removed my settings and will try again – should really be just couple things required the ipv6 tunnel network and any local ipv6 networks and bing bang zoom I should be able to talk to them..

edit.. So dok on the http proxy..

Let me redo the ipv6 stuff and up the verb on the connection to get more details and will post and the route print from the windows box.

doktornotor

Hmmm… the proxy. Never tried that, no idea how it works and seeing it's IPv4 only. Meh.

johnpoz

Yeah have to try without the proxy and see if works..

Here is info server setup, client log and settings and route print.  And that I can ping the ipv4 openvpn interface on pfsense but not the ipv6..  Figure this would be bing bang zoom, couple of settings and done.. But I do wonder if proxy is the problem.

edit:  Well I tried without proxy and same thing.  Let me try with my phone - maybe its this windows box.

doktornotor

Uhm… tried to tick the "Topology subnet" box?

johnpoz

Ok tried that, no proxy and while I got a different IPv4 address 10.0.8.2 this time, I could ping 10.0.8.1 but not the ipv6 address of pfsense.. Still the same :1000 address in ipv6

Very strange - I would think this was just going to be click.. my firewall rules are any any for openvpn ipv6… hmmm going to fire up client on my phone

doktornotor

@johnpoz:

Very strange - I would think this was just going to be click.. my firewall rules are any any for openvpn ipv6…

It is here.

@johnpoz:

hmmm going to fire up client on my phone

Hope it's not Android 4.4…

https://code.google.com/p/android/issues/detail?id=62714

johnpoz

Well its clearly something with the PC then.. works on my iphone.. Even with connection going in and out, as soon as it would show vpn connection I could ping..

edit:  Wonder if the stupid firewall they have on here, I can disable it, which I have but still not working..  Will try it tonight from my personal laptop..

edit2:  Which actually is good news, shows that it is as simple as I thought it was and something just wrong on this pc.  Maybe its the client?  But shows ipv6 in the info about the client..

edit3:  Ok it was something on the pc and stupid - the tap interface had a binding with my secure remote client.. Pulled that out and bing bang zoom working.. Now will reconnect with the proxy and sure it will be working as well.  Added push "route-ipv6 2000::/3" to advanced and now can ping global ipv6 stuff like google as well.

doktornotor

@johnpoz:

edit3:  Ok it was something on the pc and stupid - the tap interface had a binding with my secure remote client.. Pulled that out and bing bang zoom working..

You can install multiple tap adapters. Probably easier than checking/unchecking the bindings all the time.

johnpoz

I don't need that binding on that interface for sure.. So just removed it..