openvpn issue

Paul D newtwen at gmail.com
Mon Dec 18 07:22:57 PST 2023 

How does pppoe-wan get its IP?

You may not be able to do much about that, but you can hint which IPv6 
an interface gets using the assignment length, hint and prefix settings.


I don't use openvpn, but perhaps it has something like this? I guess it 
would try to pick a source IP with the 'lowest' IPv6 from an available /64?



On 2023-12-15 11:08, e9hack wrote:
 > Hi,
 >
 > I've trouble with openvpn over ipv6. It isn't possible to connect to 
my router from outside via ipv6, because openvpn uses the wrong ipv6 
address as source. I get from my provider two prefixes (a 56 and 64 
bit). The wan interface gets assigned a random address from the 64 bit 
prefix. I'm using 3 local interfaces that have been assigned a 64-bit 
prefix derived from the 56-bit prefix. This are the ipv6 global 
addresses on my interfaces:
 >
 > pppoe-wan Link encap:Point-to-Point Protocol
 >            inet6 addr: 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb/64 
Scope:Global
 >
 > br-lan    Link encap:Ethernet  HWaddr 50:xx:xx:xx:xx:xx
 >            inet6 addr: 2003:cccc:dd12:27ac::1/64 Scope:Global
 >
 > br-guest1 Link encap:Ethernet  HWaddr 56:xx:xx:xx:xx:xx
 >            inet6 addr: 2003:cccc:dd12:27e1::1/64 Scope:Global
 >
 > br-guest2 Link encap:Ethernet  HWaddr 5A:xx:xx:xx:xx:xx
 >            inet6 addr: 2003:cccc:dd12:27e2::1/64 Scope:Global
 >
 > openvpn uses all the time the address from br-guest1 as source 
address. I did monitor this with tcpdump:
 >
 > root at OpenWRT:~# tcpdump -n -i pppoe-wan ip6 and port 1194
 > tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
 > listening on pppoe-wan, link-type LINUX_SLL (Linux cooked v1), 
snapshot length 262144 bytes
 > 09:20:06.656182 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 
2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
 > 09:20:06.657636 IP6 2003:cccc:dd12:27e1::1.1194 > 
2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
 > 09:20:21.294559 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 
2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
 > 09:20:21.296070 IP6 2003:cccc:dd12:27e1::1.1194 > 
2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
 > 09:20:50.938655 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 
2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
 > 09:20:50.939972 IP6 2003:cccc:dd12:27e1::1.1194 > 
2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
 >
 > What can I change, that openvpn uses the ipv6 address from the wan 
interface?
 >
 > Regards,
 > Hartmut
 >
 > _______________________________________________
 > openwrt-devel mailing list
 > openwrt-devel at lists.openwrt.org
 > https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list