openvpn issue

e9hack e9hack at gmail.com
Mon Dec 18 08:30:56 PST 2023 

Am 18.12.2023 um 16:22 schrieb Paul D:
> 
> How does pppoe-wan get its IP?
It is retrieved by odhcp6c.

> You may not be able to do much about that, but you can hint which IPv6 an interface gets using the assignment length, hint and prefix settings.
> 
> 
> I don't use openvpn, but perhaps it has something like this? I guess it would try to pick a source IP with the 'lowest' IPv6 from an available /64?
It isn't the lowest address. In my case it is all the time the ipv6 address from br-guest1, even if I exchange the ip6hint value between the three local interfaces.


I could solve the problem. First I did modify /etc/init.d/openvpn by adding an interface trigger which does restart openvpn with parameter '--local <IPV6 from wan>'. Second, I did use the simple way by adding 'option multihome 1' to the openvpn config file.

Regards,
Hartmut


> 
> On 2023-12-15 11:08, e9hack wrote:
>  > Hi,
>  >
>  > I've trouble with openvpn over ipv6. It isn't possible to connect to my router from outside via ipv6, because openvpn uses the wrong ipv6 address as source. I get from my provider two prefixes (a 56 and 64 bit). The wan interface gets assigned a random address from the 64 bit prefix. I'm using 3 local interfaces that have been assigned a 64-bit prefix derived from the 56-bit prefix. This are the ipv6 global addresses on my interfaces:
>  >
>  > pppoe-wan Link encap:Point-to-Point Protocol
>  >            inet6 addr: 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb/64 Scope:Global
>  >
>  > br-lan    Link encap:Ethernet  HWaddr 50:xx:xx:xx:xx:xx
>  >            inet6 addr: 2003:cccc:dd12:27ac::1/64 Scope:Global
>  >
>  > br-guest1 Link encap:Ethernet  HWaddr 56:xx:xx:xx:xx:xx
>  >            inet6 addr: 2003:cccc:dd12:27e1::1/64 Scope:Global
>  >
>  > br-guest2 Link encap:Ethernet  HWaddr 5A:xx:xx:xx:xx:xx
>  >            inet6 addr: 2003:cccc:dd12:27e2::1/64 Scope:Global
>  >
>  > openvpn uses all the time the address from br-guest1 as source address. I did monitor this with tcpdump:
>  >
>  > root at OpenWRT:~# tcpdump -n -i pppoe-wan ip6 and port 1194
>  > tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
>  > listening on pppoe-wan, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes
>  > 09:20:06.656182 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
>  > 09:20:06.657636 IP6 2003:cccc:dd12:27e1::1.1194 > 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
>  > 09:20:21.294559 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
>  > 09:20:21.296070 IP6 2003:cccc:dd12:27e1::1.1194 > 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
>  > 09:20:50.938655 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
>  > 09:20:50.939972 IP6 2003:cccc:dd12:27e1::1.1194 > 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
>  >
>  > What can I change, that openvpn uses the ipv6 address from the wan interface?
>  >
>  > Regards,
>  > Hartmut
>  >
>  > _______________________________________________
>  > openwrt-devel mailing list
>  > openwrt-devel at lists.openwrt.org
>  > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
> 
> 
> _______________________________________________
> openwrt-devel mailing list
> openwrt-devel at lists.openwrt.org
> https://lists.openwrt.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list