OpenVPN server does not bind to IPv6 CARP interface when configured from webgui.



  • Recently got my hands on native IPv6 and decided to move my OpenVPN server to IPv6 since peering is better over IPv6. 18ms instead of 28ms.

    Anyway, I configured up CARP for IPv6 and that works fine for itself.

    But when moving the OpenVPN server to the IPv6 CARP interface the client could no longer connect, however it works when binding OpenVPN server to the normal (non CARP) IPv6 WAN interface.

    After some further troubleshooting, mainly diffing the generated config I found the culprit.

    With IPv6 CARP interface selected for the OpenVPN server the following line does not get generated in the config:

    local <ipv6 carp="" ip="">There is no local line at all.

    When you select the normal IPv6 WAN interface the config is there as

    local <ipv6 wan="" ip="">The temporary fix:
    If you manually edit the OpenVPN config file and replace the IPv6 WAN line with the CARP IP and restart the server it works fine, and client can connect.

    My VPN is a TAP Peer to Peer with shared key if that matters.

    I have previously run the OpenVPN server on IPv4 CARP and that works perfect.
    Is this issue with IPv6 CARP by design or should I file a bug report?</ipv6></ipv6>



  • I tried with UDP6, tun, Remote Access (SSL/TLS + User Auth) and got the same effect. It is a bug. This should help:
    https://github.com/pfsense/pfsense/pull/1603
    Can you make those changes to /etc/inc/openvpn.inc and confirm it really works - I do not have any real IPv6 so I can only see that "local" now looks good in the conf file.
    Then add a bug report in redmine.pfsense.org and reference this forum thread and the pull request.



  • Nice work Phil.

    Your changes works and the generated config now selects the IPv6 CARP interface address.

    Will make a bug report during the afternoon.


Log in to reply