IPV6 OpenVPN

xman111 · Jan 22, 2018, 6:50 PM

Hey guys, quick question. I have disabled IPV6 on PFsense as I don't use it.

I have one instance I need it though. My Rogers LTE cellphone uses IPV6. When I want to VPN into my home network and view my IP cameras or anything else it does not connect. The only way I can connect is to go into my phone's APN settings and turn the one option of IPV6&IPV4 to IPV4 only and I don't really want to do that.

Any help would be much appreciated..

johnpoz · Jan 22, 2018, 6:56 PM

So guessing its using a ipv6 to ipv4 gateway and there is some problem there when hitting ipv4 vpn.. Are you using udp only, have you tried enable tcp instance to see if that works?

T-mobile went ipv6 only on their cells awhile back.. And there was a bit of a learning curve for their gateway from ipv6 to ipv4… For a short time I had enabled a ipv6 instance of vpn so I could get in with my phone.. But they corrected their problem and I can now vpn in via ipv6 phone connection to my IPv4 IP on pfsense.

Does your isp support IPv6, or you could setup HE (hurricane electric) ipv6 tunnel to support vpn into your pfsense via that, etc.

JKnott · Jan 22, 2018, 7:30 PM

Do you also use Rogers for Internet? They also provide IPv6 there, so maybe enabling it is the way to go.

One curious thing I noticed was they used 464XLAT, with a 194.0.0.x address for IPv4 over IPv6, but with the Google Pixel 2 I bought recently, the IPv4 address is in the 25.112.12.x range, so I'm not sure if they're using 464XLAT or NAT with this phone. In the settings, the current APN is Rogers Internet ltemobile.apn, though Rogers Tethering ltedata.apn is available. No idea what the difference is. My old phone, a Nexus 5, also uses ltemobile.apn.

xman111 · Jan 22, 2018, 8:12 PM

I will have a look at the TCP. I do not think my ISP supports IPv6. I am on Rogers for cellular but Shaw for home internet.

I was hoping it would be a quick fix. John, you helped me setup my home network and it is working GREAT. It is a little complicated with about 6 VLAN's and VPN client and server, i really don't want to mess it up. I really was hoping I could just tick a button on the Openvpn client export or something along those lines.

Sorry, I forgot to add.. I can connect to my home network with the IPv6, it says connect success, I just cannot do anything..

johnpoz · Jan 22, 2018, 9:05 PM

So when you connect on your phone it shows you a ipv6 address for the server.. See example of my phone connected via tmobile..

As you see it gives an IPv6 address for the server which is not mine… Owned by tmobile
https://whois.arin.net/rest/net/NET6-2607-7700-1

I can ping into my network when connected to the vpn.. Without any problems.

xman111 · Jan 23, 2018, 1:18 AM

no doesn't show Ipv6 server. I know that when following a tutorial of setting up AirVPN with pfsense, one of the steps was to disable Ipv6 within pfsense. maybe I should at least start by enabling it.

I do have a tunnel with HE but have not set it up. Do I need the tunnel up and running to vpn into my home network with Ipv6?

xman111 · Jan 23, 2018, 5:02 AM

i got the tunnel up and running and it looks like when i connect i get a ipv6 ip. I wasn't sure how to setup the ipv6 dhcp server. Also, i still can't do anything once connected but it looks like i am heading the right way.

johnpoz · Jan 23, 2018, 10:44 AM

There is a big difference between talking ipv6 in the tunnel and to ipv6 clients on the other end of the tunnel and using ipv6 as the method of connecting to the server and routing ipv4 through the tunnel, etc..

Lets forget the whole ipv6 for a bit - you say you connect via IPv4… when your phone is set for ipv6 and ipv4.. But nothing works??? But your server shows you connected.. But you can not ping anything? What exactly is not working.. Can you ping the end of the tunnel, can you ping pfsense interface on lan side?

But you say if you set your phone to ipv4 only it works?? What is working exactly?

xman111 · Jan 23, 2018, 5:26 PM

Hey John, when i set my phone to IPV4/IPV6, i can connect to my home network but some things do not work.

When I use OpenVPN for android:

-I cannot log into PFsense
-I cannot view my cameras
-I can browse the internet

When I use OpenVPN Connect:

-I cannot log into PFsense
-I cannot view my cameras
-I cannot browse the internet

When I set the phone to IPV4 only, i can do everything.

johnpoz · Jan 23, 2018, 5:33 PM

When you say you browse the internet you sure your going over the vpn to do that?

What specific client are you using - What does your routing table look like on your device when you get connected? The openvpn connect client has been updated recently and they had some growing pains, etc.

I show the current version as 1.2.6

xman111 · Jan 24, 2018, 8:29 PM

John,

I am not 100% sure I am going over the VPN. I just assumed because if I turn it off, it works, turn it on and it doesn't work. I am trying both OpenVPN for Android and OpenVPN Connect. I just downloaded OpenVPN Connect for Android and it shows 1.1.27.

I will have to try to figure out the routing table on the phone, never done that before.

johnpoz · Jan 24, 2018, 9:08 PM

hurricane electric app will show you that.. give me a sec and take a picture of mine

edit… So take a look at your connection info in your vpn app should see what is being handed out. And the Hurricane electric app can show you the routes going down your tunnel, etc.

links to the apps here
https://networktools.he.net/

![2018-01-24 15-03-10-1.png](/public/imported_attachments/1/2018-01-24 15-03-10-1.png)
![2018-01-24 15-03-10-1.png_thumb](/public/imported_attachments/1/2018-01-24 15-03-10-1.png_thumb)
![2018-01-24 15-05-41-1.png](/public/imported_attachments/1/2018-01-24 15-05-41-1.png)
![2018-01-24 15-05-41-1.png_thumb](/public/imported_attachments/1/2018-01-24 15-05-41-1.png_thumb)

xman111 · Jan 24, 2018, 9:40 PM

hey John, on the HE app, what menu is the routes under for you to get that second screen shot, i tried all of them and couldn't find it.

johnpoz · Jan 24, 2018, 10:17 PM

The one that says routing table - scroll down the menu..

![2018-01-24 16-16-43-1.png](/public/imported_attachments/1/2018-01-24 16-16-43-1.png)
![2018-01-24 16-16-43-1.png_thumb](/public/imported_attachments/1/2018-01-24 16-16-43-1.png_thumb)

xman111 · Jan 26, 2018, 8:00 PM

hey John, scrolled down the list but mine looks a little different than yours, just installed from google play store. One thing though I got the tunnel up on pfsense and when i go to test ipv6, everything comes back a check.. Still trying to get the phone working though.

xman111 · Jan 26, 2018, 8:10 PM

and when i connect, sometimes it looks like the first screenshot, sometimes the second. Looks like ipv4 sometimes and ipv6 the other. I have no idea what's going on :)

xman111 · Feb 8, 2018, 4:53 PM

anyone have any ideas?

trumee · Apr 16, 2018, 4:35 AM

@johnpoz:

T-mobile went ipv6 only on their cells awhile back.. And there was a bit of a learning curve for their gateway from ipv6 to ipv4… For a short time I had enabled a ipv6 instance of vpn so I could get in with my phone.. But they corrected their problem and I can now vpn in via ipv6 phone connection to my IPv4 IP on pfsense.

Please can you elaborate what did you have to do on the pfsense side to get it working with tmobile ipv6. If I use my vpn server the phone shows my vpn ip for IPv4 but shows tmobile ipv6 address. Is it possible to change pfsense vpn server so that it offers ipv6 address too?
What should be the ipv6 server address akin to 10.8.0.4 in IPv4?