Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cannot connect to OpenVPN Server via ipv6 endpoint

    Scheduled Pinned Locked Moved OpenVPN
    4 Posts 3 Posters 61 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      Schnubby
      last edited by

      As the title says i cannot connect to out OpenVPN Servers on our PFSense from "some" clients that are using ipv6 (some users from mobile, some from homeoffice) at home i recently got an ipv6 address and i cannot connect to our pfsense anymore.

      I tried TCP but since switched back to UDP
      The clients connect to the ipv4 IP from the interface without DNS or anything.

      When i configure my phone to use the ipv4 APN (and whatsymip shows i got an ipv4) from telekom it works. when i change it to ipv6 (and whatsmyip shows i got an ipv6) it doesnt work. (Depending on where i connect to 5G i might get an ipv6 even with the "legacy APN")

      I don't really know where to start, do i need to activate ipv6 on the interface?
      Is it enough to enable it or do i need an ipv6 address from my provider?
      Do i need to route it? Do i need to activate multihome on the OpenVPN Server?

      I do not want to break anything by enabling ipv6 on the wan port because i dont really want to use ipv6 internally.

      Any help is greatly appreciated.

      GertjanG 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Schnubby
        last edited by Gertjan

        @Schnubby

        Your pfSense WAN firewall rules ?

        For example : my rules look fine, but there is an issue :

        ed4cd4cc-7e4a-47f2-8e08-0dd21813afcd-image.png

        I only allow IPv4 traffic for my OpenVPN, not IPv6 ^^

        I do accept incoming IPv6 traffic - see line 5 from above so i know my IPv6 stack is probably ok.

        Ok, fun fact aside, I've tackled one potential issue.
        Still a million to test.
        Can you start posting the details ?

        @Schnubby said in Cannot connect to OpenVPN Server via ipv6 endpoint:

        Do i need to activate multihome on the OpenVPN Server?

        I guess the third option is somewhat mandatory:

        764c80f3-0d83-45a5-ace4-7c9bb9ce0df0-image.png

        😊

        @Schnubby said in Cannot connect to OpenVPN Server via ipv6 endpoint:

        I don't really know where to start, do i need to activate ipv6 on the interface?
        Is it enough to enable it or do i need an ipv6 address from my provider?
        Do i need to route it? Do i need to activate multihome on the OpenVPN Server?

        You have set up IPv6 on the pfSense WAN interface correctly, right ?
        This is mandatory.
        You can't use IPv6 'a bit'. Like IPv4, "no errors" allowed.
        (this question by itself opens up another huge rabit hole)

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          Schnubby @Gertjan
          last edited by Schnubby

          @Gertjan said in Cannot connect to OpenVPN Server via ipv6 endpoint:

          You have set up IPv6 on the pfSense WAN interface correctly, right ?
          This is mandatory.

          Okay, i will start here. I though with dualstack and everything i should be able to just use my ipv4 and still be reachable by ipv6 clients since the traffic and routing is ipv4 anyway.

          I am not sure how my provider handles ipv6, i guess i just activate ipv6 dhcp on the wan interface and see what happens, right :)

          Thank you so far!

          1 Reply Last reply Reply Quote 0
          • JKnottJ Offline
            JKnott
            last edited by

            Is your pfSense configured to work over both IPv4 and IPv6? I assume you have IPv6 on your WAN.

            4G & 5G phones are IPv6 and Android phones use 464XLAT to access IPv4 sites. This is effectively double NAT, which can mess things up. I don't know what iPhones use, but they'd have something similar.

            By sticking with IPv4, you are already breaking things. IPv6 is the future, so you'd better get used to it.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel 1 Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.