OpenVPN client not assigned v6 addr + route [solved]

xtropx

I have open vpn set up and it serves IPv4 flawlessly - I have a rule for 2014 everything that I do in v4 is also done in v6 and while it is not quite yet 2014, I figure no better time to start  ;)

---

Here is my set up:

• REMOTE ACCESS (SSL/TLS + User Auth)

• LOCAL DATABASE

• UDP

• TUN

• WAN

• PORT (alternate specified)

---

• IPv4 Tunnel Network: 10.254.254.0/29

• IPv4 Local Networks: 172.16.1.0/27,192.168.200.0/24

• IPv6 Tunnel Network: 2001:f00:f00:/64

• IPv6 Local Networks: 2001:f00:f00:/64

• Provide a virtual adapter IP address to clients (see Tunnel Network) is checked

advanced: push "route-ipv6 ::/0";

I am using the client export utility x64 on windows 7 x64

---

Sun Dec 29 19:05:10 2013 OpenVPN 2.3.2 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [PKCS11] [eurephia] [IPv6] built on Aug 22 2013
Enter Management Password:
Sun Dec 29 19:05:15 2013 Control Channel Authentication: using 'h-pf-2-udp-[===REDACTED PORT===]-evanr-tls.key' as a OpenVPN static key file
Sun Dec 29 19:05:15 2013 UDPv4 link local (bound): [undef]
Sun Dec 29 19:05:15 2013 UDPv4 link remote: [AF_INET][===REDACTED WAN IP===]
Sun Dec 29 19:05:15 2013 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Dec 29 19:05:16 2013 [evanr] Peer Connection Initiated with [AF_INET][===REDACTED WAN IP===]
Sun Dec 29 19:05:19 2013 do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Sun Dec 29 19:05:20 2013 NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address Local Area Connection 2001:f00:f00:b::1000 store=active
Sun Dec 29 19:05:20 2013 add_route_ipv6(2001:f00:f00:b::/64 -> 2001:f00:f00:b::1000 metric 0) dev Local Area Connection
Sun Dec 29 19:05:20 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 29 19:05:20 2013 open_tun, tt->ipv6=1
Sun Dec 29 19:05:20 2013 TAP-WIN32 device [Local Area Connection] opened: \\.\Global\{B6FC9D99-5459-4526-AA16-E0F346289FF6}.tap
Sun Dec 29 19:05:20 2013 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.254.254.6/255.255.255.252 on interface {B6FC9D99-5459-4526-AA16-E0F346289FF6} [DHCP-serv: 10.254.254.5, lease-time: 31536000]
Sun Dec 29 19:05:20 2013 Successful ARP Flush on interface [25] {B6FC9D99-5459-4526-AA16-E0F346289FF6}
Sun Dec 29 19:05:25 2013 add_route_ipv6(::/0 -> 2001:f00:f00:b::1 metric -1) dev Local Area Connection
Sun Dec 29 19:05:25 2013 env_block: add PATH=C:\Windows\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sun Dec 29 19:05:25 2013 Initialization Sequence Completed

---

C:\Windows\system32>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ispMMR.gateway

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TAP-Windows Adapter V9
   Physical Address. . . . . . . . . : 00-FF-B6-FC-9D-99
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4590:2a68:cc1f:307a%25(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.254.254.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.252
   Lease Obtained. . . . . . . . . . : Sunday, December 29, 2013 7:05:20 PM
   Lease Expires . . . . . . . . . . : Monday, December 29, 2014 7:05:20 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . : 10.254.254.5
   DHCPv6 IAID . . . . . . . . . . . : 402718646
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-6B-F3-04-4C-0F-6E-EE-AC-58
   DNS Servers . . . . . . . . . . . : 192.168.200.3
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-1B-5C-A6-48
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : ispMMR.gateway
   Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
   Physical Address. . . . . . . . . : 4C-0F-6E-EE-AC-58
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::65db:2b39:cc2e:d583%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.118(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Sunday, December 29, 2013 5:58:19 PM
   Lease Expires . . . . . . . . . . : Monday, December 30, 2013 5:58:21 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 189534062
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-6B-F3-04-4C-0F-6E-EE-AC-58
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VirtualBox Host-Only Network:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
   Physical Address. . . . . . . . . : 08-00-27-00-40-72
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::ade7:f30b:58e8:ebbc%18(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 570949671
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-6B-F3-04-4C-0F-6E-EE-AC-58
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{1B5CA648-225B-488D-9E66-270019F2BFF5}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.ispMMR.gateway:

   Connection-specific DNS Suffix  . : ispMMR.gateway
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.118%23(Preferred)
   Default Gateway . . . . . . . . . :
   DNS Servers . . . . . . . . . . . : 208.67.222.222
                                       208.67.220.220
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A7883E23-9F15-4ACA-B31B-5150121A8211}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{B6FC9D99-5459-4526-AA16-E0F346289FF6}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{58314A00-186E-4BA9-A680-ED986A3BD8BA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Windows\system32>

---

C:\Windows\system32>route print -6
===========================================================================
Interface List
 25...00 ff b6 fc 9d 99 ......TAP-Windows Adapter V9
 21...00 ff 1b 5c a6 48 ......TeamViewer VPN Adapter
 10...4c 0f 6e ee ac 58 ......Atheros AR9285 Wireless Network Adapter
 18...08 00 27 00 40 72 ......VirtualBox Host-Only Ethernet Adapter
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
 19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
 18    276 fe80::/64                On-link
 25    286 fe80::/64                On-link
 10    281 fe80::/64                On-link
 23    286 fe80::5efe:192.168.1.118/128
                                    On-link
 25    286 fe80::4590:2a68:cc1f:307a/128
                                    On-link
 10    281 fe80::65db:2b39:cc2e:d583/128
                                    On-link
 18    276 fe80::ade7:f30b:58e8:ebbc/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    276 ff00::/8                 On-link
 25    286 ff00::/8                 On-link
 10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None

Any ideas as to what I am doing wrong?

xtropx

I was able to solve this.

Added to client config:
tun-ipv6

Added to server config:
tun-ipv6;
server-ipv6 2001:f00:f00:1/64;
push "route-ipv6 ::/0";

One other thing I noticed that was important was in the client logs:
NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address Local Area Connection 2001:f00:f00:1000 store=active
openvpn ERROR: netsh command failed: returned error code 1

netsh needs quotes under the interface name if there are spaces, so I just renamed my tap interface from Local Area Connection to just TAP and it worked fine. I have an IPv6 address and it is working as expected.

Edit: After rebooting the server complained I needed server-ip

phil.davis

I have a rule for 2014 everything that I do in v4 is also done in v6

Great New Year resolution - maybe I should get an IPv6 implementation plan sorted in the next 2 days and implement on 1 Jan 2014.

xtropx

Thanks phil. I enjoy working through it. Best of luck for the new year.  8)