OpenVPN IPv6 tunnel issue…

dkbrig

It appears that several years ago this issue was resolved when using IPv4, however it still seems to exist when using IPv6.  The issue in question is:

https://redmine.pfsense.org/issues/1025

I have an IPv6 OpenVPN client set up, if I leave "Local port" blank or set it to "0", in the configuration file I get the following parameters set:

local 2001:XXX:XXXX:XX::X
nobind
management /var/etc/openvpn/client5.sock unix
remote 2a02:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx XXXX

The local and nobind directive do not go together and therefore cause an error, so the OpenVPN client doesn't start:

Jan 16 06:56:15 openvpn 71074 Use –help for more information.
Jan 16 06:56:15 openvpn 71074 Options error: --local and --nobind don't make sense when used together

I might add that I am using an IPv6 tunnel broker, so my IPv6 interface is separate than my IPv4 interface.

I am able to work around by actually specifying a local port other than 0.  Or I can go into the pfSense shell and manually edit the client configuration to remove the nobind directive.

With IPv4, and not specifying the "Local port" parameter, it creates the following relevant entries in the client configuration file:

local 68.xxx.xxx.xxx
lport 0                        <------------------------------------- WORKS ------------------------
management /var/etc/openvpn/client1.sock unix
remote xxx.xxx.xx xxx

The only difference in my client configuration I use an IPv6 tunnel interface and specify UDP6 as the protocol, the other I specify my WAN interface and UDP as the protocol.  And of course, different IP addresses for the different interfaces.

Anyway, it appears there is different behavior in creating the OpenVPN client configuration file, depending on whether you use UDP or UDPv6 as the protocol.

jimp

I fixed this a few days ago on 2.4: https://github.com/pfsense/pfsense/commit/b42ccf1504eca5e40bfb49b0afb688fffe293a7a

dkbrig

Thanks!  I will wait for 2.4 then…