Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN Server & IPv6 Gateway

    OpenVPN
    2
    2
    126
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      aewhitlock last edited by aewhitlock

      Looking for clarity around OpenVPN server config and a few inconsistencies.

      There doesn't seem to be a way to configure routing advertisements on the interface. The interface is missing from the DHCPv6 Server & RA section. Is this handled in the background? The client gets a IPv6 address when connecting, and it's in the correct range.

      A strange thing I noticed was the IPv6 address being assigned to the gateway is ::2 where the server has occupied ::1. The gateway is marked as down, and a packet capture shows no ICMP response from the Gateway IP (::2).

      The mobile client I'm connecting with is able to route properly using IPv4, but I'm not seeing any IPv6 traffic on the interface.

      I have any / any rules for all protocols defined on the _OPVS001 interface, just to make sure it's not a rule issue.

      What have I got wrong?

      Config as follows:

      dev ovpns4
      verb 1
      dev-type tun
      dev-node /dev/tun4
      writepid /var/run/openvpn_server4.pid
      #user nobody
      #group nobody
      script-security 3
      daemon
      keepalive 10 60
      ping-timer-rem
      persist-tun
      persist-key
      proto udp4
      cipher AES-256-CBC
      auth SHA256
      up /usr/local/sbin/ovpn-linkup
      down /usr/local/sbin/ovpn-linkdown
      client-connect /usr/local/sbin/openvpn.attributes.sh
      client-disconnect /usr/local/sbin/openvpn.attributes.sh
      local 173.10.2.20
      engine rdrand
      tls-server
      server 172.16.254.128 255.255.255.248
      server-ipv6 2001:1010:1ac:cafe:1::0/64
      client-config-dir /var/etc/openvpn-csc/server4
      username-as-common-name
      plugin /usr/local/lib/openvpn/plugins/openvpn-plugin-auth-script.so /usr/local/sbin/ovpn_auth_verify_async user asdfasdfasdf false server4 1194
      tls-verify "/usr/local/sbin/ovpn_auth_verify tls 'openvpn.foobar.com' 1"
      lport 1194
      management /var/etc/openvpn/server4.sock unix
      max-clients 5
      push "dhcp-option DOMAIN foobar.com"
      push "dhcp-option DNS6 2001:1010:1ac:cafe:2::1"
      push "dhcp-option DNS 172.16.38.18"
      push "block-outside-dns"
      push "register-dns"
      push "redirect-gateway def1"
      push "redirect-gateway ipv6"
      ca /var/etc/openvpn/server4.ca
      cert /var/etc/openvpn/server4.cert
      key /var/etc/openvpn/server4.key
      dh /etc/dh-parameters.2048
      tls-auth /var/etc/openvpn/server4.tls-auth 0
      ncp-ciphers AES-256-CBC
      persist-remote-ip
      float
      topology subnet
      fast-io
      explicit-exit-notify 2
      sndbuf 1048576
      rcvbuf 1048576

      Untitled.png
      Untitled1.png

      lanrat 1 Reply Last reply Reply Quote 1
      • lanrat
        lanrat @aewhitlock last edited by

        @aewhitlock Did you ever resolve this?

        I'm having the exact same issue as well where the auto-generated OpenVPN IPv6 gateway uses a different IPv6 IP than the VPN's IPv6 address when the IPv4 address and gateway are the same.

        screenshot

        In my settup the IPv6 gateway is auto-generated as *:103::2, but the actual address on the interface is *:103::1.

        For IPv4 they are both 192.168.3.1 as expected.

        I can't figure out why pfsense thinks the gateway should be *:103.:2 and not *:103::1.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy