openvpn issue

[Paul D]

Anything useful here which could go in a PR or two on github?

I've added multihome to luci:

a5ed5976f4cf70a36863e69da8c055f855545f87

The --local param seems to be in there already.



On 2023-12-18 17:30, e9hack wrote:
> Am 18.12.2023 um 16:22 schrieb Paul D:
>>
>> How does pppoe-wan get its IP?
> It is retrieved by odhcp6c.
> 
>> You may not be able to do much about that, but you can hint which IPv6 
>> an interface gets using the assignment length, hint and prefix settings.
>>
>>
>> I don't use openvpn, but perhaps it has something like this? I guess 
>> it would try to pick a source IP with the 'lowest' IPv6 from an 
>> available /64?
> It isn't the lowest address. In my case it is all the time the ipv6 
> address from br-guest1, even if I exchange the ip6hint value between the 
> three local interfaces.
> 
> 
> I could solve the problem. First I did modify /etc/init.d/openvpn by 
> adding an interface trigger which does restart openvpn with parameter 
> '--local <IPV6 from wan>'. Second, I did use the simple way by adding 
> 'option multihome 1' to the openvpn config file.
> 
> Regards,
> Hartmut
> 
> 
>>
>> On 2023-12-15 11:08, e9hack wrote:
>>  > Hi,
>>  >
>>  > I've trouble with openvpn over ipv6. It isn't possible to connect 
>> to my router from outside via ipv6, because openvpn uses the wrong 
>> ipv6 address as source. I get from my provider two prefixes (a 56 and 
>> 64 bit). The wan interface gets assigned a random address from the 64 
>> bit prefix. I'm using 3 local interfaces that have been assigned a 
>> 64-bit prefix derived from the 56-bit prefix. This are the ipv6 global 
>> addresses on my interfaces:
>>  >
>>  > pppoe-wan Link encap:Point-to-Point Protocol
>>  >            inet6 addr: 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb/64 
>> Scope:Global
>>  >
>>  > br-lan    Link encap:Ethernet  HWaddr 50:xx:xx:xx:xx:xx
>>  >            inet6 addr: 2003:cccc:dd12:27ac::1/64 Scope:Global
>>  >
>>  > br-guest1 Link encap:Ethernet  HWaddr 56:xx:xx:xx:xx:xx
>>  >            inet6 addr: 2003:cccc:dd12:27e1::1/64 Scope:Global
>>  >
>>  > br-guest2 Link encap:Ethernet  HWaddr 5A:xx:xx:xx:xx:xx
>>  >            inet6 addr: 2003:cccc:dd12:27e2::1/64 Scope:Global
>>  >
>>  > openvpn uses all the time the address from br-guest1 as source 
>> address. I did monitor this with tcpdump:
>>  >
>>  > root at OpenWRT:~# tcpdump -n -i pppoe-wan ip6 and port 1194
>>  > tcpdump: verbose output suppressed, use -v[v]... for full protocol 
>> decode
>>  > listening on pppoe-wan, link-type LINUX_SLL (Linux cooked v1), 
>> snapshot length 262144 bytes
>>  > 09:20:06.656182 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 
>> 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
>>  > 09:20:06.657636 IP6 2003:cccc:dd12:27e1::1.1194 > 
>> 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
>>  > 09:20:21.294559 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 
>> 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
>>  > 09:20:21.296070 IP6 2003:cccc:dd12:27e1::1.1194 > 
>> 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
>>  > 09:20:50.938655 IP6 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668 > 
>> 2003:cccc:ddff:1242:bbbb:bbbb:bbbb:bbbb.1194: UDP, length 86
>>  > 09:20:50.939972 IP6 2003:cccc:dd12:27e1::1.1194 > 
>> 2a01:eeee:ffff:56b6:aaaa:aaaa:aaaa:aaaa.62668: UDP, length 98
>>  >
>>  > What can I change, that openvpn uses the ipv6 address from the wan 
>> interface?
>>  >
>>  > Regards,
>>  > Hartmut
>>  >
>>  > _______________________________________________
>>  > openwrt-devel mailing list
>>  > openwrt-devel at lists.openwrt.org
>>  > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>>
>>
>> _______________________________________________
>> openwrt-devel mailing list
>> openwrt-devel at lists.openwrt.org
>> https://lists.openwrt.org/mailman/listinfo/openwrt-devel
>