If you are using dual-stack ipv4/ipv6, please read this

This forum is for general conversation and user-user networking.
bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Thu Sep 15, 2016 4:17 pm

I posted a question in server administration section but didn't get any response, so I'm trying here. Here is a link to the post https://forums.openvpn.net/viewtopic.php?f=4&t=22420.

My question pertains to browser default protocol and fallback, verified using ipv6-test.com and test-ipv6.com. For some unknown reason, when the openvpn connection is running, browsers (chrome, edge, ie11) will not default to ipv6 and the fallback to the other protocol is unreliable. Over native ipv6 or using a hurricane electric tunnel, browsers default to ipv6 and fallback to ipv4 instantaneously. I've tried connecting to numerous different server locations but the result is always the same.

I'm trying to determine if this problem is caused by the server configuration or alternatively is a problem with openvpn itself. It would be very helpful and much appreciated if any openvpn users who are using dual-stack can check this for me by using ipv6-test.com and test-ipv6.com. If it's happening for other servers, then it might be a problem with openvpn, in which case, I'll report it as a possible bug.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2252
Joined: Fri Jun 03, 2016 1:17 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby TinCanTech » Thu Sep 15, 2016 4:53 pm

You are using Mullvad's proprietary vpn product not openvpn and you do not have access to Mullvad's servers so this issue will not be accepted as an openvpn bug.

The only suggestion I can offer you is to setup your own true openvpn server and client and see what results you get. If your problem persists then you could consider reporting your issue as an openvpn bug.

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Thu Sep 15, 2016 6:16 pm

I've tried connecting to their servers both using their client and also using the openvpn client. It made no difference. The behaviour is the same. I've tried connecting to all of their servers around the world and it also made no difference. That's why I'm asking if anyone else using openvpn with a dual-stack configuration (with a service provider other than Mullvad) is experiencing this issue. I hadn't thought of creating my own server.

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Tue Oct 25, 2016 8:31 pm

TinCanTech wrote:You are using Mullvad's proprietary vpn product not openvpn and you do not have access to Mullvad's servers so this issue will not be accepted as an openvpn bug.

The only suggestion I can offer you is to setup your own true openvpn server and client and see what results you get. If your problem persists then you could consider reporting your issue as an openvpn bug.

At your suggestion, I tried to get an openvpn client / server configuration operating using the PCs I have available, which are Windows 10 and using the router I have available, which is pfsense. (I have two independent networks with their own internet connection, one is a native dual-stack and the other uses a hurricane electric tunnel for ipv6.) I was able to get the client and server connected but I could not get the server working to the point where I could use the vpn connection to browse the internet from the client. I'm not saying it won't work, but I don't have the expertise to get it working. I looked for a posted example of a windows 10 server supporting dual stack but I did not find one. At this stage, I don't know if it's not working due to the configuration of the openvpn client or server, the windows server, the router or some combination of them.

Also, I followed up with Mullvad with your remark that their product is a "proprietary vpn product not openvpn." Their response was that they are using unmodified openvpn code. For the record, I can connect to their vpn servers using the native openvpn software or their client. It works the exactly the same so the suggestion that this is their problem comes across as a deflection. I opened up "private tunnel account, but it doesn't support ipv6.

All I can say at this stage is that irrespective of which browser I use (IE11, edge or chrome), when I run ipv6-test.com and test-ipv6.com, they all report that the default protocol is ipv4. Also, failback from ipv4 to ipv6 is "unreliable".

I'm would be willing to test this further if I could, but I've hit a wall. If anyone reading this has a working dual-stack client and server set up, please take a moment to run ipv6-test.com and test-ipv6.com to see what the test results are WRT the default browser protocol and fallback.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2252
Joined: Fri Jun 03, 2016 1:17 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby TinCanTech » Tue Oct 25, 2016 10:47 pm

Mullvads download is proprietary .. You are at the mercy of their servers.

There is a --pull-filter in openvpn 2.4 .. if you want to go there !

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Wed Oct 26, 2016 12:49 am

TinCanTech wrote:Mullvads download is proprietary .. You are at the mercy of their servers.

There is a --pull-filter in openvpn 2.4 .. if you want to go there !

Mullvad told me they are using unmodified openvpn code. They provide excellent support and I have no reason to not believe them. Are you claiming they are lying? If so, on what basis?

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2252
Joined: Fri Jun 03, 2016 1:17 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby TinCanTech » Sun Oct 30, 2016 11:33 am

Mullvad's download for Windows is an executable installer, for which, it is difficult to verify if openvpn.exe has been modified. I am not saying they have tampered with openvpn but I am not saying they have not.

The real problems you are facing are three fold:
  • Number one is Mullvad's server configuration and what they intend to support.
    You will have to take issues with their service up with them.
  • Number two is the software you want to use once connected is not doing what you expect or prefer.
    As above.
  • Number three is that currently, Openvpn support of IPv6 is still in an incomplete state.
    Openvpn devs are confident that openvpn IPv6 code (so far) is good, solid code but it is still missing some functionality. Example: Openvpn cannot set an IPv6 DNS server on windows at this time.
    This is because Openvpn is Free Open Source Software created and maintained by volunteers and they have only so much time to offer.
You are in a testing phase and it is not going so well so I would recommend you try this:
  • Setup your server and client on Linux; Using either a real system or a Virtual Machine, either are suitable, I run half a dozen Openvpn servers and clients on Linux VMs. Personally, I found Debian and Ubuntu to be the simplest.
  • Use the Latest openvpn version (2.4) because it has the most to offer.
  • Consider subscribing to the mailing list as another source of help.
  • Experiment: We welcome quality feedback.
I highly recommend you read the entire HOWTO: For OpenVPN Community Edition more than once. I refer back to it all the time.

There is also an abundance of documentation found here:
https://community.openvpn.net/openvpn/wiki/TitleIndex

And as a last resort, try using google and their site: feature (another tool I rely upon).

I hope that helps you find some direction.

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Tue Nov 08, 2016 5:04 am

TinCanTech wrote:Mullvad's download for Windows is an executable installer, for which, it is difficult to verify if openvpn.exe has been modified. I am not saying they have tampered with openvpn but I am not saying they have not.

The real problems you are facing are three fold:
  • Number one is Mullvad's server configuration and what they intend to support.
    You will have to take issues with their service up with them.
  • Number two is the software you want to use once connected is not doing what you expect or prefer.
    As above.
  • Number three is that currently, Openvpn support of IPv6 is still in an incomplete state.
    Openvpn devs are confident that openvpn IPv6 code (so far) is good, solid code but it is still missing some functionality. Example: Openvpn cannot set an IPv6 DNS server on windows at this time.
    This is because Openvpn is Free Open Source Software created and maintained by volunteers and they have only so much time to offer.
You are in a testing phase and it is not going so well so I would recommend you try this:
  • Setup your server and client on Linux; Using either a real system or a Virtual Machine, either are suitable, I run half a dozen Openvpn servers and clients on Linux VMs. Personally, I found Debian and Ubuntu to be the simplest.
  • Use the Latest openvpn version (2.4) because it has the most to offer.
  • Consider subscribing to the mailing list as another source of help.
  • Experiment: We welcome quality feedback.
I highly recommend you read the entire HOWTO: For OpenVPN Community Edition more than once. I refer back to it all the time.

There is also an abundance of documentation found here:
https://community.openvpn.net/openvpn/wiki/TitleIndex

And as a last resort, try using google and their site: feature (another tool I rely upon).

I hope that helps you find some direction.

Thank you for the reply. I have to say it begs the question why you're casting doubt about Mullvad and making allegations about their product rather than simply proving that the problem of the browser not defaulting to ipv6 and not reliably falling back to the default protocol doesn't exist in a "true" openvpn client / server. Talk is cheap. If they are at fault as opposed to "true" openvpn, why not post some results that show the browser defaulting to ipv6 and fallback working in a dual-stack client / server configuration and put this to rest. (While you're at it, post the configurations so they can be independently replicated.)

The only reason I'm trying to get a dual-stack openvpn server running is to prove or disprove whether the issues I'm experiencing with the browser default protocol and fallback are exhibited when running a "true" dual-stack openvpn server, since you're saying it won't be considered a problem unless I do that. The lack of documented examples makes this a lot more difficult than it should be to get openvpn servers running. So far, I've been able to get an ipv4 configuration working (although not very reliably), but I'm still trying to get a dual-stack configuration working. (I'm currently using windows but setting up a ubuntu server to try on linux.) Since openvpn supposedly supports dual-stack on windows and linux, you would think there would be information about setting up windows and linux servers somewhere on the openvpn website, but I haven't found anything so far. If you know of a reference, please post it. (Again, I'm not talking about the pki and the client-server connection. I have the client / server working, but the traffic from the vpn server is not routing to the gateway.)

With all due respect, the complete information required to get an ipv4-only server working isn't in the how-to for either linix or windows, let alone for a dual-stack server. The how-to and man pages cover the pki and the connection between the client and server very thoroughly, but neither address the configuration of the server to route the traffic from the vpn through the gateway. This information is what you'd expect to find the how-to section called "Routing all client traffic (including web-traffic) through the VPN", but it's not there. There's a one-line reference to iptables for linix, but nothing whatsoever about windows. I don't think anyone can reasonably claim this is well documented.

WRT windows, I found this thread https://forums.openvpn.net/viewtopic.php?f=7&t=20765 called "[Solved] Windows 10 OpenVPN Server NAT with redirect-gateway". It mentions internet connection sharing, regedit and the Routing and Remote Access Service (RRAS), but I found that information is not accurate. I found that regedit and RRAS were not required on my system for an ipv4 server. There is another recommendation to use the advanced adapter settings to set the gateway. I tried that as well, but it didn't work at all. It would be helpful and would save users a lot of time and frustration if there was an official tutorial on this in the how-to.

WRT linux, I found this thread https://forums.openvpn.net/viewtopic.php?f=5&t=22303&p=63931&hilit=digitalocean.com#p63931 called "Help a total noob trying to set up OpenVPN on ubuntu". The OP found the digital ocean tutorial and was attempting to get it working. Your remark was, "That is a crappy tutorial. Try arch-linux wiki for openvpn." I found the same digital ocean tutorial and I was going to use it until I found that thread. How is someone supposed to know the digital ocean tutorial is "crappy" unless they stumble over this thread? It would be helpful if there was an official tutorial on this in the how-to.

I'm really amazed that there aren't any official tutorials or examples on the openvpn website. Normally for any given software package, the official website is where you would expect to find accurate and up to date information that helps users get a system working properly and saves them from wasting their time looking elsewhere for potentially dubious information and/or reinventing the wheel.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2252
Joined: Fri Jun 03, 2016 1:17 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby TinCanTech » Tue Nov 08, 2016 12:55 pm

You have not even proven that Mullvad intend to support IPv6 ...

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Tue Nov 08, 2016 5:21 pm

TinCanTech wrote:You have not even proven that Mullvad intend to support IPv6 ...

Are you serious?!? Instead of focusing on Mullvad, why not simply answer the question. It should be a very straight-forward question for someone with a dual-stack client/server to answer. Either the browser defaults to ipv6 (which it should if ipv6 is working properly) and falls back to ipv4 properly or not.

User avatar
TinCanTech
OpenVPN Protagonist
Posts: 2252
Joined: Fri Jun 03, 2016 1:17 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby TinCanTech » Tue Nov 08, 2016 9:54 pm

To make a few points clear:
bimmerdriver wrote:I'd really appreciate if anyone using openvpn with ipv6 enabled is experiencing the same issues that I described in the original post,
bimmerdriver wrote:which are ^browsers defaulting to ipv4 rather than ipv6 and having intermittently slow fallback to the alternate protocol.
    You are having problems with your browser protocol fallback ..
bimmerdriver wrote:Unless there is a problem with all of Mullvad's server configurations,
    Which we do not support.
bimmerdriver wrote:this seems like a problem with openvpn.
    No .. it is a problem as detailed above.

bimmerdriver wrote:why not simply answer the question. It should be a very straight-forward question for someone with a dual-stack client/server to answer. Either the browser defaults to ipv6 (which it should if ipv6 is working properly) and falls back to ipv4 properly or not.
There is no simple answer and we don't support browsers.

And by the way, your analytical skills need improvement.

As a starter, please read this:
HOWTO: Request Help !

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Thu Nov 10, 2016 4:09 am

TinCanTech wrote:To make a few points clear:
bimmerdriver wrote:I'd really appreciate if anyone using openvpn with ipv6 enabled is experiencing the same issues that I described in the original post,
bimmerdriver wrote:which are ^browsers defaulting to ipv4 rather than ipv6 and having intermittently slow fallback to the alternate protocol.
    You are having problems with your browser protocol fallback ..
bimmerdriver wrote:Unless there is a problem with all of Mullvad's server configurations,
    Which we do not support.
bimmerdriver wrote:this seems like a problem with openvpn.
    No .. it is a problem as detailed above.

bimmerdriver wrote:why not simply answer the question. It should be a very straight-forward question for someone with a dual-stack client/server to answer. Either the browser defaults to ipv6 (which it should if ipv6 is working properly) and falls back to ipv4 properly or not.
There is no simple answer and we don't support browsers.

And by the way, your analytical skills need improvement.

As a starter, please read this:
HOWTO: Request Help !

For someone who purports to be providing help, you have a pathetic attitude and you are apparently incapable of reading and comprehending basic english. I won't bother to respond to your ridiculous attempts to be funny.

bimmerdriver
OpenVPN User
Posts: 49
Joined: Thu Sep 08, 2016 7:56 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby bimmerdriver » Thu Nov 10, 2016 4:27 am

If anyone has an intelligent response, please send me a PM. Otherwise, I would appreciate if one of the mods would lock this thread.

dreadfull
OpenVpn Newbie
Posts: 1
Joined: Thu Mar 16, 2017 12:02 am

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby dreadfull » Thu Mar 16, 2017 12:04 am

Hi, I am experiencing slow speeds when IPV6 tunnelling is enabled alongside with ipv4. Something like 10% of speed when only ipv4 is enabled.

That's a late response :)

User avatar
disqualified
OpenVPN User
Posts: 30
Joined: Fri Jun 03, 2016 7:13 pm

Re: If you are using dual-stack ipv4/ipv6, please read this

Postby disqualified » Thu Mar 16, 2017 12:43 am

dreadfull wrote:That's a late response
did i miss the boat ?


Return to “Off Topic, Related”

Who is online

Users browsing this forum: No registered users and 1 guest