If OpenVPN Active, IPv6 Tunnel Drops?
-
Hello Everyone,
I have an OpenVPN client connection to HideMyAss, as well as an IPv6 tunnel to HE.net.
I have two LAN subnets on the LAN interface, 10.0.0.0/24 and 2001:470:8:699::/64.
I have a 3rd physical NIC named VPN that has subnet 192.168.50.0/24 assigned to it.
I only want 192.168.50.0/24 routed across the HMA VPN, so I have turned on Manual Outbound NAT and have the following two rules configured:
HMA 192.168.50.0/24 * * * * * NO Phone
WAN any * * * * * NO LANIf I start the OpenVPN service, the HMA VPN connection is established and traffic flows as I would like it. However, once the OpenVPN connection is established, the gateway to HE.net goes offline and I am unable route traffic from my LAN to HE.net.
If I stop the OpenVPN service, the HE.net IPv6 tunnel immediately re-establishes itself.
I'm stumped and I don't see anything IPv6 related in the logs (unless there is an IPv6 log available via SSH?).
Help!
-
Are they pushing you a default route over OpenVPN? If so your tunnel endpoint traffic would be trying to go over the tunnel as well, so he.net would see it coming from a different IP all of a sudden.
-
Are they pushing you a default route over OpenVPN? If so your tunnel endpoint traffic would be trying to go over the tunnel as well, so he.net would see it coming from a different IP all of a sudden.
Ahh ha, brilliant! I have "redirect-gateway def1;" in my OpenVPN config. I just removed it and the VPN still works. The OpenVPN config also reports "Jan 10 13:49:57 openvpn[47169]: ROUTE default_gateway=68.67.x.x" which is my ISPs (WAN) gateway. I don't see any other indication in the logs that they are pushing me a default gateway.
I am going to reconfigure IPv6 and see if it works now. If I still can't get it working, if I update HE.net with the public IP of my VPN tunnel, then that should work correct? I really don't care if the HE.net traffic has to traverse the VPN, I'm only utilizing IPv6 for learning.
-
Yeah if all else fails, giving he.net the vpn public IP would work fine (but would increase latency)
-
Yeah if all else fails, giving he.net the vpn public IP would work fine (but would increase latency)
I think they are pushing me a default gateway, as I updated everything and it didn't work. I do see this in the OpenVPN logs: Jan 10 13:49:57 openvpn[47169]: /sbin/route add -net 0.0.0.0 74.115.x.x 128.0.0.0
That IP is my gateway IP with HMA.
Regardless, I allowed HE.net to ping my HMA public IP and updated the GIF interface to utilize the HMA interface as the parent interface and bingo, my HE.net tunnel came up. http://test-ipv6.com/ reports a 10/10 on both tests.
Thanks for your assistance!
-
That should work, you might also try "push-reset" in your client config, that should make it stop taking the default gateway from the far side.
-
That should work, you might also try "push-reset" in your client config, that should make it stop taking the default gateway from the far side.
I will give that a shot and report back!
