Best "IPv6 full-tunnel (with exceptions)" strategy
-
Hi,
I have configured a dual-stack full-tunnel OpenVPN VPN in PFsense, and everything works fine. However, I need to configure some VPN exceptions such that real-time traffic (Google Meet et al) is not tunneled via the VPN.
This is the problem that I face:
When users don't have ISP connectivity (i.e., their ISP is IPv4-only), then expcetions of the form "push "route-ipv6 PREFIX net_gateway" result in errors (e.g., "NOTE: cannot determine gateway for exclude IPv6 routes" in OpenVPN connect) -- since they don't really have a native IPv6 gateway.
What would be the best strategy here such that this traffic is no tunneled via the VPN?
I guess one possible option would be to firewall it? -- i.e., dual-stack systems shouldn't tunnel that traffic anyway (since they are VPN exceptions), and IPv4-only traffic would send their traffic, but it would get blocked.
i just wonder if this might have the annoying efect to cause connection delays for such IPv4-only systems: i.e., they might try to use IPv6 until they time out, and only later try using ipV4.
Thoughts?
Thanks!
- F