OpenVPN IPv6 tunnel issue…



  • It appears that several years ago this issue was resolved when using IPv4, however it still seems to exist when using IPv6.  The issue in question is:

    https://redmine.pfsense.org/issues/1025

    I have an IPv6 OpenVPN client set up, if I leave "Local port" blank or set it to "0", in the configuration file I get the following parameters set:

    local 2001:XXX:XXXX:XX::X
    nobind
    management /var/etc/openvpn/client5.sock unix
    remote 2a02:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx XXXX

    The local and nobind directive do not go together and therefore cause an error, so the OpenVPN client doesn't start:

    Jan 16 06:56:15 openvpn 71074 Use –help for more information.
    Jan 16 06:56:15 openvpn 71074 Options error: --local and --nobind don't make sense when used together

    I might add that I am using an IPv6 tunnel broker, so my IPv6 interface is separate than my IPv4 interface.

    I am able to work around by actually specifying a local port other than 0.  Or I can go into the pfSense shell and manually edit the client configuration to remove the nobind directive.

    With IPv4, and not specifying the "Local port" parameter, it creates the following relevant entries in the client configuration file:

    local 68.xxx.xxx.xxx
    lport 0                        <------------------------------------- WORKS ------------------------
    management /var/etc/openvpn/client1.sock unix
    remote xxx.xxx.xx xxx

    The only difference in my client configuration I use an IPv6 tunnel interface and specify UDP6 as the protocol, the other I specify my WAN interface and UDP as the protocol.  And of course, different IP addresses for the different interfaces.

    Anyway, it appears there is different behavior in creating the OpenVPN client configuration file, depending on whether you use UDP or UDPv6 as the protocol.


  • Rebel Alliance Developer Netgate



  • Thanks!  I will wait for 2.4 then…


Log in to reply