Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN DHCPv6 log flood

    Scheduled Pinned Locked Moved IPv6
    15 Posts 3 Posters 3.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      asterix
      last edited by

      Just noticed this log flood in System logs Routing section. Have kept the OpenVPN interface enabled with static Ipv6 address and RA to Router only. DHCPv6 for OpenVPN interface is unchecked as it will hand out the IPv6 addresses thru OpenVPN service to VPN client only on a successful VPN connection. Everything is working smoothly but the logs below are flooding in every few secs.

      If I disable RA then the flooding stops… but so does the IPv6 routing for end clients. They do receive the IPv6 addresses from OpenVPN service but that's it, if they try using or going to IPv6 sites or even do a simple IPv6 test, it fails.

      Feb 9 16:54:28 radvd[45079]: do you need to add the UnicastOnly flag?
      Feb 9 16:54:28 radvd[45079]: interface ovpns1 does not support broadcast
      Feb 9 16:54:15 radvd[45079]: do you need to add the UnicastOnly flag?
      Feb 9 16:54:15 radvd[45079]: interface ovpns1 does not support broadcast
      Feb 9 16:54:08 radvd[45079]: do you need to add the UnicastOnly flag?
      Feb 9 16:54:08 radvd[45079]: interface ovpns1 does not support broadcast
      Feb 9 16:53:56 radvd[45079]: do you need to add the UnicastOnly flag?
      Feb 9 16:53:56 radvd[45079]: interface ovpns1 does not support broadcast

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Perhaps you need to add the UnicastOnly flag?  ;D

        ducks and covers

        1 Reply Last reply Reply Quote 0
        • A
          asterix
          last edited by

          @doktornotor:

          Perhaps you need to add the UnicastOnly flag?  ;D

          ducks and covers

          Lol would had done so if there was an option for it.. hehe ;D

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            :D :D :D

            So, does it work when you edit /var/etc/radvd.conf and restart radvd service? If not, you might try with TAP instead of TUN.

            1 Reply Last reply Reply Quote 0
            • A
              asterix
              last edited by

              Yup tried that already. Didn't work. It removes the flag on service restart.

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                1/ Stop the service.
                2/ Edit the config.¨
                3/ Run  /usr/local/sbin/radvd -p /var/run/radvd.pid -C /var/etc/radvd.conf -m syslog

                1 Reply Last reply Reply Quote 0
                • A
                  asterix
                  last edited by

                  That didn't work either. It still removes the flag on service restart.

                  Also, where are all the system log files stored? Do they get deleted after a certain period of time? I don't want my hard disk filled up with these logs.

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Yes of course it removed the flag when you go messing with the GUI! The whole purpose of the above was to test whether it actually does fix your issue.

                    (The logs are circular, fixed size.)

                    1 Reply Last reply Reply Quote 0
                    • A
                      asterix
                      last edited by

                      @doktornotor:

                      Yes of course it removed the flag when you go messing with the GUI! The whole purpose of the above was to test whether it actually does fix your issue.

                      (The logs are circular, fixed size.)

                      Issue still persists and adding the flag did not fix it.

                      Logs are fixed size.. yes, but the number of logs keeps increasing.

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        How does the number of logs keep increasing?  :o ???

                        (If the flag does not help, move to TAP.)

                        1 Reply Last reply Reply Quote 0
                        • A
                          asterix
                          last edited by

                          changing OpenVPN to tap stops the flood but I need to use tun for the VPN clients.

                          1 Reply Last reply Reply Quote 0
                          • D
                            doktornotor Banned
                            last edited by

                            Well… it stops the flood because tap supports broadcast. Not really sure how's this fixable beyond muting the log. You normally do not run DHCP{,v6}/RA through tun tunnels. Why are you assigning the interface at all?

                            1 Reply Last reply Reply Quote 0
                            • K
                              kejianshi
                              last edited by

                              There should probably be Router advertisements on but not DHCP/v6

                              I'm assuming trying to tunnel IPv6 over a IPV4 vpn?

                              Mine works this way.

                              You need no DHCP
                              You do need router advertisements to your /48 (I assume)
                              And your IPV6 openvpn interface as the DNS server entered in DNS server list in Router advertisements.

                              You will also need to push a route in openvpn.

                              push "route-ipv6 2000::/3";
                              keepalive 5 120;

                              Anyway - It works for me.  My remote clients all get a public IPV6 address and browsing IPV6 sites works fine

                              P.S.  I'm using TUN

                              But yeah, the "do you need to add the UnicastOnly flag?" is one of a many BS log clutter I ignore.  Mine also does that.

                              1 Reply Last reply Reply Quote 0
                              • A
                                asterix
                                last edited by

                                You have described my exact configuration. I have IPv6 tunnel over IPv4 and using it for VPN. Have RA on and DHCP/v6 off as the IPs are handed out by OpenVPN.

                                Yes, I need RA as IPv6 address is not handed out without it since in /48 (/64 subnet but from a /48 as I have multiple subnets from the /48 making it /64). The DNS resolver works great with IPv6 without any config changes. I presume it pickups the subnet's gateway and uses it to resolve all IPv6 queries.

                                Surprisingly I do not need to push route in OpenVPN, seems RA takes care of that.

                                So using TUN I may have to ignore the log flood till there is a fix OR till my ISP starts using IPv6.

                                1 Reply Last reply Reply Quote 0
                                • K
                                  kejianshi
                                  last edited by

                                  I'm ignoring it…

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post
                                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.