Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best "IPv6 full-tunnel (with exceptions)" strategy

    Scheduled Pinned Locked Moved IPv6
    1 Posts 1 Posters 209 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      ferchu
      last edited by

      Hi,

      I have configured a dual-stack full-tunnel OpenVPN VPN in PFsense, and everything works fine. However, I need to configure some VPN exceptions such that real-time traffic (Google Meet et al) is not tunneled via the VPN.

      This is the problem that I face:

      When users don't have ISP connectivity (i.e., their ISP is IPv4-only), then expcetions of the form "push "route-ipv6 PREFIX net_gateway" result in errors (e.g., "NOTE: cannot determine gateway for exclude IPv6 routes" in OpenVPN connect) -- since they don't really have a native IPv6 gateway.

      What would be the best strategy here such that this traffic is no tunneled via the VPN?

      I guess one possible option would be to firewall it? -- i.e., dual-stack systems shouldn't tunnel that traffic anyway (since they are VPN exceptions), and IPv4-only traffic would send their traffic, but it would get blocked.

      i just wonder if this might have the annoying efect to cause connection delays for such IPv4-only systems: i.e., they might try to use IPv6 until they time out, and only later try using ipV4.

      Thoughts?

      Thanks!

      • F
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.