openvpn issue
e9hack
e9hack at gmail.com
Fri Dec 15 02:08:27 PST 2023
Hi,
I've trouble with openvpn over ipv6. It isn't possible to connect to my router from outside via ipv6, because openvpn uses the wrong ipv6 address as source. I get from my provider two prefixes (a 56 and 64 bit). The wan interface gets assigned a random address from the 64 bit prefix. I'm using 3 local interfaces that have been assigned a 64-bit prefix derived from the 56-bit prefix. This are the ipv6 global addresses on my interfaces:
pppoe-wan Link encap:Point-to-Point Protocol
inet6 addr: 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb/64 Scope:Global
br-lan Link encap:Ethernet HWaddr 50:xx:xx:xx:xx:xx
inet6 addr: 2003:cccc:dd12:27ac::1/64 Scope:Global
br-guest1 Link encap:Ethernet HWaddr 56:xx:xx:xx:xx:xx
inet6 addr: 2003:cccc:dd12:27e1::1/64 Scope:Global
br-guest2 Link encap:Ethernet HWaddr 5A:xx:xx:xx:xx:xx
inet6 addr: 2003:cccc:dd12:27e2::1/64 Scope:Global
openvpn uses all the time the address from br-guest1 as source address. I did monitor this with tcpdump:
root at OpenWRT:~# tcpdump -n -i pppoe-wan ip6 and port 1194
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on pppoe-wan, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes
09:20:06.656182 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
09:20:06.657636 IP6 2003:cccc:dd12:27e1::1.1194 > 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
09:20:21.294559 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
09:20:21.296070 IP6 2003:cccc:dd12:27e1::1.1194 > 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
09:20:50.938655 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
09:20:50.939972 IP6 2003:cccc:dd12:27e1::1.1194 > 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
What can I change, that openvpn uses the ipv6 address from the wan interface?
Regards,
Hartmut
More information about the openwrt-devel
mailing list