Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN Server & IPv6 Gateway

    Scheduled Pinned Locked Moved OpenVPN
    2 Posts 2 Posters 488 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aewhitlock
      last edited by aewhitlock

      Looking for clarity around OpenVPN server config and a few inconsistencies.

      There doesn't seem to be a way to configure routing advertisements on the interface. The interface is missing from the DHCPv6 Server & RA section. Is this handled in the background? The client gets a IPv6 address when connecting, and it's in the correct range.

      A strange thing I noticed was the IPv6 address being assigned to the gateway is ::2 where the server has occupied ::1. The gateway is marked as down, and a packet capture shows no ICMP response from the Gateway IP (::2).

      The mobile client I'm connecting with is able to route properly using IPv4, but I'm not seeing any IPv6 traffic on the interface.

      I have any / any rules for all protocols defined on the _OPVS001 interface, just to make sure it's not a rule issue.

      What have I got wrong?

      Config as follows:

      dev ovpns4
      verb 1
      dev-type tun
      dev-node /dev/tun4
      writepid /var/run/openvpn_server4.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp4
      cipher AES-256-CBC
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      local 173.10.2.20
      engine rdrand
      tls-server
      server 172.16.254.128 255.255.255.248
      server-ipv6 2001:1010:1ac:cafe:1::0/64
      client-config-dir /var/etc/openvpn-csc/server4
      username-as-common-name
      plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user asdfasdfasdf false server4 1194
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'openvpn.foobar.com' 1"
      lport 1194
      management /var/etc/openvpn/server4.sock unix
      max-clients 5
      push "dhcp-option DOMAIN foobar.com"
      push "dhcp-option DNS6 2001:1010:1ac:cafe:2::1"
      push "dhcp-option DNS 172.16.38.18"
      push "block-outside-dns"
      push "register-dns"
      push "redirect-gateway def1"
      push "redirect-gateway ipv6"
      ca /var/etc/openvpn/server4.ca
      cert /var/etc/openvpn/server4.cert
      key /var/etc/openvpn/server4.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server4.tls-auth 0
      ncp-ciphers AES-256-CBC
      persist-remote-ip
      float
      topology subnet
      fast-io
      explicit-exit-notify 2
      sndbuf 1048576
      rcvbuf 1048576

      Untitled.png
      Untitled1.png

      lanratL 1 Reply Last reply Reply Quote 1
      • lanratL
        lanrat @aewhitlock
        last edited by

        @aewhitlock Did you ever resolve this?

        I'm having the exact same issue as well where the auto-generated OpenVPN IPv6 gateway uses a different IPv6 IP than the VPN's IPv6 address when the IPv4 address and gateway are the same.

        screenshot

        In my settup the IPv6 gateway is auto-generated as *:103::2, but the actual address on the interface is *:103::1.

        For IPv4 they are both 192.168.3.1 as expected.

        I can't figure out why pfsense thinks the gateway should be *:103.:2 and not *:103::1.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.