OpenVPN DHCPv6 log flood



  • Just noticed this log flood in System logs Routing section. Have kept the OpenVPN interface enabled with static Ipv6 address and RA to Router only. DHCPv6 for OpenVPN interface is unchecked as it will hand out the IPv6 addresses thru OpenVPN service to VPN client only on a successful VPN connection. Everything is working smoothly but the logs below are flooding in every few secs.

    If I disable RA then the flooding stops… but so does the IPv6 routing for end clients. They do receive the IPv6 addresses from OpenVPN service but that's it, if they try using or going to IPv6 sites or even do a simple IPv6 test, it fails.

    Feb 9 16:54:28 radvd[45079]: do you need to add the UnicastOnly flag?
    Feb 9 16:54:28 radvd[45079]: interface ovpns1 does not support broadcast
    Feb 9 16:54:15 radvd[45079]: do you need to add the UnicastOnly flag?
    Feb 9 16:54:15 radvd[45079]: interface ovpns1 does not support broadcast
    Feb 9 16:54:08 radvd[45079]: do you need to add the UnicastOnly flag?
    Feb 9 16:54:08 radvd[45079]: interface ovpns1 does not support broadcast
    Feb 9 16:53:56 radvd[45079]: do you need to add the UnicastOnly flag?
    Feb 9 16:53:56 radvd[45079]: interface ovpns1 does not support broadcast


  • Banned

    Perhaps you need to add the UnicastOnly flag?  ;D

    ducks and covers



  • @doktornotor:

    Perhaps you need to add the UnicastOnly flag?  ;D

    ducks and covers

    Lol would had done so if there was an option for it.. hehe ;D


  • Banned

    :D :D :D

    So, does it work when you edit /var/etc/radvd.conf and restart radvd service? If not, you might try with TAP instead of TUN.



  • Yup tried that already. Didn't work. It removes the flag on service restart.


  • Banned

    1/ Stop the service.
    2/ Edit the config.¨
    3/ Run  /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog



  • That didn't work either. It still removes the flag on service restart.

    Also, where are all the system log files stored? Do they get deleted after a certain period of time? I don't want my hard disk filled up with these logs.


  • Banned

    Yes of course it removed the flag when you go messing with the GUI! The whole purpose of the above was to test whether it actually does fix your issue.

    (The logs are circular, fixed size.)



  • @doktornotor:

    Yes of course it removed the flag when you go messing with the GUI! The whole purpose of the above was to test whether it actually does fix your issue.

    (The logs are circular, fixed size.)

    Issue still persists and adding the flag did not fix it.

    Logs are fixed size.. yes, but the number of logs keeps increasing.


  • Banned

    How does the number of logs keep increasing?  :o ???

    (If the flag does not help, move to TAP.)



  • changing OpenVPN to tap stops the flood but I need to use tun for the VPN clients.


  • Banned

    Well… it stops the flood because tap supports broadcast. Not really sure how's this fixable beyond muting the log. You normally do not run DHCP{,v6}/RA through tun tunnels. Why are you assigning the interface at all?



  • There should probably be Router advertisements on but not DHCP/v6

    I'm assuming trying to tunnel IPv6 over a IPV4 vpn?

    Mine works this way.

    You need no DHCP
    You do need router advertisements to your /48 (I assume)
    And your IPV6 openvpn interface as the DNS server entered in DNS server list in Router advertisements.

    You will also need to push a route in openvpn.

    push "route-ipv6 2000::/3";
    keepalive 5 120;

    Anyway - It works for me.  My remote clients all get a public IPV6 address and browsing IPV6 sites works fine

    P.S.  I'm using TUN

    But yeah, the "do you need to add the UnicastOnly flag?" is one of a many BS log clutter I ignore.  Mine also does that.



  • You have described my exact configuration. I have IPv6 tunnel over IPv4 and using it for VPN. Have RA on and DHCP/v6 off as the IPs are handed out by OpenVPN.

    Yes, I need RA as IPv6 address is not handed out without it since in /48 (/64 subnet but from a /48 as I have multiple subnets from the /48 making it /64). The DNS resolver works great with IPv6 without any config changes. I presume it pickups the subnet's gateway and uses it to resolve all IPv6 queries.

    Surprisingly I do not need to push route in OpenVPN, seems RA takes care of that.

    So using TUN I may have to ignore the log flood till there is a fix OR till my ISP starts using IPv6.



  • I'm ignoring it…