Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN server does not bind to IPv6 CARP interface when configured from webgui.

    OpenVPN
    2
    3
    856
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      haddock last edited by

      Recently got my hands on native IPv6 and decided to move my OpenVPN server to IPv6 since peering is better over IPv6. 18ms instead of 28ms.

      Anyway, I configured up CARP for IPv6 and that works fine for itself.

      But when moving the OpenVPN server to the IPv6 CARP interface the client could no longer connect, however it works when binding OpenVPN server to the normal (non CARP) IPv6 WAN interface.

      After some further troubleshooting, mainly diffing the generated config I found the culprit.

      With IPv6 CARP interface selected for the OpenVPN server the following line does not get generated in the config:

      local <ipv6 carp="" ip="">There is no local line at all.

      When you select the normal IPv6 WAN interface the config is there as

      local <ipv6 wan="" ip="">The temporary fix:
      If you manually edit the OpenVPN config file and replace the IPv6 WAN line with the CARP IP and restart the server it works fine, and client can connect.

      My VPN is a TAP Peer to Peer with shared key if that matters.

      I have previously run the OpenVPN server on IPv4 CARP and that works perfect.
      Is this issue with IPv6 CARP by design or should I file a bug report?</ipv6></ipv6>

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis last edited by

        I tried with UDP6, tun, Remote Access (SSL/TLS + User Auth) and got the same effect. It is a bug. This should help:
        https://github.com/pfsense/pfsense/pull/1603
        Can you make those changes to /etc/inc/openvpn.inc and confirm it really works - I do not have any real IPv6 so I can only see that "local" now looks good in the conf file.
        Then add a bug report in redmine.pfsense.org and reference this forum thread and the pull request.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • H
          haddock last edited by

          Nice work Phil.

          Your changes works and the generated config now selects the IPv6 CARP interface address.

          Will make a bug report during the afternoon.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post