OpenVPN via (temporary) LTE/4G (with static IPv6)
-
Dear all,
due to moving to a new location, our standard internet access is currently down.
Until this will be working, we're using a 4G modem to at least have internet.
This should include our OpenVPN connection, which currently does not work and I'm out of ideas.We already booked a 'static' IPv6 via our ISP and tried to configure Interface and Gateway accordingly.
But as of now it seems that the entire IPv6-based architecture does not work.
(e.g. ipv6.google.com is not reachable)The hardware looks like this:
4G Modem (Netgear Nighthawk M1) <-> ETH3 of our Netgate 7100 pfSense (v 23.05.1-RELEASE (amd64)) <-> intranet
As I don't know which other information could be valuable from here, please ask for whatever info might be helpful.
-
First off, make sure IPv6 is working properly. Some cell companies don't do it properly even though 4G & 5G are supposed to support it. You can do that at test-ipv6.com. Then make sure you can do things like ping to that address. I have used OpenVPN over my cell phone, but that was with the cell phone the remote to my home, which has a cable connection. Also, is your OpenVPN configured to use IPv6 for the tunnel? I have mine configured to connect over both IPv4 and IPv6 and also carry both in the tunnel. I had to use "UDP IPv4 and IPv6 on all interfaces (multihome)" for the protocol.
-
At least from ISP side this seems to be working fine.
If I connect the Modem directly to my notebook, test-ipv6.com shows success with a score of 10/10.When I connect it back to the pfsense though, only IPv4 is working.
So for now I suppose this is not an OpenVPN related issue but the network in it's entirety.I'm just a bit unsure what the best sub might be to post/move this - Routing, Firewalling or potentially somewhere else?
-
@sven_apsware said in OpenVPN via (temporary) LTE/4G (with static IPv6):
When I connect it back to the pfsense though, only IPv4 is working
Have you configured your OpenVPN server to use both IPv4 and IPv6, as I described above?
-
@JKnott we tried to - but currently we're working on getting the internet connection with IPv6 to work - this seems to be the primary root cause atm.
-
Then your VPN has to be configured for IPv6. Is it? I haven't seen much about your config. Another reason for using the config I suggested is it will work through any interface. This means you can test your VPN over your LAN, instead of having to come in through the WAN.
When I connect it back to the pfsense though, only IPv4 is working.
This makes me think you've configured your VPN for IPv4 only. Change your protocol to what I suggested and I suspect your problem will go away. That protocol is what is used to connect the VPN. There are some other settings for the IPv6 prefix further down the page.
One other thing, are you receiving a prefix from the cell network? You need that to have IPv6 on the local network. Do you have IPv6, from your ISP, on your LAN? However, that would not prevent the VPN from connecting. I haven't heard of getting a prefix on a wireless connection, though I suspect it's possible. This would depend on the cell company providing an appropriate APN.
-
@JKnott OpenVPN was configured for v4 only but we changed it to accepting both and back again.
We just learned that the 4G router simply is not 100% IPv6 compliant and does not pass the v6 IP through.
Neither works prefix delegation.
For now, we just ordered a rather simple industrial standard 4G gateway and will continue with that. -
Problem has been solved by using a secondary pfSense instance on a VPS, thanks
