Cannot connect to OpenVPN Server via ipv6 endpoint
-
As the title says i cannot connect to out OpenVPN Servers on our PFSense from "some" clients that are using ipv6 (some users from mobile, some from homeoffice) at home i recently got an ipv6 address and i cannot connect to our pfsense anymore.
I tried TCP but since switched back to UDP
The clients connect to the ipv4 IP from the interface without DNS or anything.When i configure my phone to use the ipv4 APN (and whatsymip shows i got an ipv4) from telekom it works. when i change it to ipv6 (and whatsmyip shows i got an ipv6) it doesnt work. (Depending on where i connect to 5G i might get an ipv6 even with the "legacy APN")
I don't really know where to start, do i need to activate ipv6 on the interface?
Is it enough to enable it or do i need an ipv6 address from my provider?
Do i need to route it? Do i need to activate multihome on the OpenVPN Server?I do not want to break anything by enabling ipv6 on the wan port because i dont really want to use ipv6 internally.
Any help is greatly appreciated.
-
Your pfSense WAN firewall rules ?
For example : my rules look fine, but there is an issue :
I only allow IPv4 traffic for my OpenVPN, not IPv6 ^^
I do accept incoming IPv6 traffic - see line 5 from above so i know my IPv6 stack is probably ok.
Ok, fun fact aside, I've tackled one potential issue.
Still a million to test.
Can you start posting the details ?@Schnubby said in Cannot connect to OpenVPN Server via ipv6 endpoint:
Do i need to activate multihome on the OpenVPN Server?
I guess the third option is somewhat mandatory:
@Schnubby said in Cannot connect to OpenVPN Server via ipv6 endpoint:
I don't really know where to start, do i need to activate ipv6 on the interface?
Is it enough to enable it or do i need an ipv6 address from my provider?
Do i need to route it? Do i need to activate multihome on the OpenVPN Server?You have set up IPv6 on the pfSense WAN interface correctly, right ?
This is mandatory.
You can't use IPv6 'a bit'. Like IPv4, "no errors" allowed.
(this question by itself opens up another huge rabit hole) -
@Gertjan said in Cannot connect to OpenVPN Server via ipv6 endpoint:
You have set up IPv6 on the pfSense WAN interface correctly, right ?
This is mandatory.Okay, i will start here. I though with dualstack and everything i should be able to just use my ipv4 and still be reachable by ipv6 clients since the traffic and routing is ipv4 anyway.
I am not sure how my provider handles ipv6, i guess i just activate ipv6 dhcp on the wan interface and see what happens, right :)
Thank you so far!
-
Is your pfSense configured to work over both IPv4 and IPv6? I assume you have IPv6 on your WAN.
4G & 5G phones are IPv6 and Android phones use 464XLAT to access IPv4 sites. This is effectively double NAT, which can mess things up. I don't know what iPhones use, but they'd have something similar.
By sticking with IPv4, you are already breaking things. IPv6 is the future, so you'd better get used to it.