Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN with IPv6 WAN IP?

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    11 Posts 2 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      athurdent
      last edited by

      Hi,
      how would I make OpenVPN listen on the external IPv6 IP? My ISP is beginning to switch customers to DS-Lite, so it would be nice if OpenVPN would work when accessed via IPv6.
      Many thanks for any hints!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        There's no reason I know of that it can't do that, but it appears our GUI doesn't list the IPv6 IPs.

        In the advanced options, try putting "local xโŒx::x" (without quotes) where xโŒx::x is your actual IPv6 "wan" address.

        Also make sure you have a firewall to pass IPv6 tcp or udp to the correct port on there.

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Actually I can't seem to get it to bind to IPv6 no matter what I do even manually. Might need some more research there, it may not work.

          Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • A
            athurdent
            last edited by

            I tried to alter the config manually on the console. IIRC the daemon would not start if I used

            proto udp6
            

            Which seems so be a necessary step to take according to this:
            http://blog.cykerway.com/post/250

            1 Reply Last reply Reply Quote 0
            • A
              athurdent
              last edited by

              @jimp:

              Actually I can't seem to get it to bind to IPv6 no matter what I do even manually. Might need some more research there, it may not work.

              Now it's listening, edited the config manually. I tried with TCP though and have yet to see if I can access it from the outside.
              You need to set

              proto tcp6-server
              

              instead of

              proto tcp-server
              

              And you have to switch the local entry to your IPv6 IP as it was already mentioned.

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                ok, that should make it a bit easier to tinker with. I wish it could automatically switch between both. I imagine it could on the client side, since you can specify remotes with "remote <server><proto>" and maybe you can do "remote x.x.x.x udp" and "remote xโŒx::x udp6", but that would need some testing. The server side looks like it will need a master switch of some sort to select between IPv4 and IPv6.</proto></server>

                Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • A
                  athurdent
                  last edited by

                  I can connect to my server just fine now, had to adapt the client conf:

                  proto tcp6
                  

                  and change the IP to

                  remote 2001:xxxx 9443
                  

                  My test server listens on 9443.

                  1 Reply Last reply Reply Quote 0
                  • jimpJ
                    jimp Rebel Alliance Developer Netgate
                    last edited by

                    can you try that with:

                    remote 2001:xxxx 9443 tcp6
                    

                    All on one line?

                    Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                    Need help fast? Netgate Global Support!

                    Do not Chat/PM for help!

                    1 Reply Last reply Reply Quote 0
                    • A
                      athurdent
                      last edited by

                      Works like a charm. I removed the```
                      proto tcp6

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        ok.

                        Here is another step forwardโ€ฆ

                        https://github.com/bsdperimeter/pfsense/commit/6714bbdc6573489a25e2b93eeb9e94e2251475b6

                        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • A
                          athurdent
                          last edited by

                          Great, many many thanks! Tried the new .inc file on my pfSense KVM. The generated server configuration looks good and works fine!

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.