OpenVPN Server with IPv6 and IPv4 with UDP possible
-
Hello,
we have some problems with IPv4/IPv6 Dual Stack clients connecting to our OpenVPN Server. Therefore, we decided to add IPv6 to the OpenVPN Server. We are currently using TCP, as UDP with Dual Stack clients caused problems as well. So we switched in the OpenVPN Server config from "TCP on IPv4 only" to "TCP IPv4 and IPv6 on all interfaces (multihome)". Everything workred as expected!
But then we startet thinking about UDP again. So I tried to set the server to "UDP IPv4 and IPv6 on all interfaces (multihome)". I got never a working connection to establish. It seems the first packets of the clients reach the Server, as I can see in the logs. However, the answer from the server to the client seems to be never received by the client. After a little google I found this:
https://forum.netgate.com/topic/57906/openvpn-server-bind-to-any-interface-will-respond-on-wrong-interface/6
Of cource we are using Multi WAN for everything. Threfore it looks like the OpenVPN Server we answer over a wrong gateway.
But is the only way to get around this problem, to define a UDPv4 and a UDPv6 Server in pfsense??? Isnt this overkill for adjustments? Even worse, I have to create NAT entries for IPv4 and "NPt" for IPv6... Is there an easyier way? Why can't I at least define a OpenVPN Server for IPv4 and IPv6 on localhost, and the NAT? So to say add a option in OpenVPN Server to bind to UDP6 and UDP4 for a given interface ?
Open to any ideas!
-
I think you're making things too complex here. Start simple, that's UDP over IPv4. See if that works as needed. Then change to IPv4 and IPv6 UDP. Don't use TCP, unless you have a need for it, as running VPNs over TCP is not a good idea. There should be no need to use NAT on IPv6.