IPv6 connectivity on server works fine.
IPv4 VPN works correctly.
IPv6 VPN does not work at all.
OpenVPN server 2.3.14-1
OpenVPN GUI client 11.4
Server:
Code: Select all
#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 1.2.3.4 netmask 255.255.255.0 broadcast 1.2.3.255
inet6 fe80::250:56ff:febc:731a prefixlen 64 scopeid 0x20<link>
inet6 2001:1111:2222:3333::11 prefixlen 64 scopeid 0x0<global>
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 192.168.111.1 netmask 255.255.255.0 destination 192.168.111.1
inet6 2001:1111:2222:3333::1 prefixlen 64 scopeid 0x0<global>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
#route -6 -n
Destination Next Hop Flag Met Ref Use If
::/96 :: !n 1024 0 0 lo
0.0.0.0/96 :: !n 1024 0 0 lo
2001:1111:2222:3333::/64 :: U 256 0 0 eth0
2001:1111:2222:3333::/64 :: U 256 0 0 tun0
fe80::/64 :: U 256 1 20 eth0
::/0 fe80::1 UG 1 1 829 eth0
::/0 :: !n -1 1 946 lo
::1/128 :: Un 0 2 47 lo
2001:1111:2222:3333::/128 :: Un 0 1 0 lo
2001:1111:2222:3333::/128 :: Un 0 1 0 lo
2001:1111:2222:3333::1/128 :: Un 0 1 0 lo
2001:1111:2222:3333::11/128 :: Un 0 2 203 lo
fe80::/128 :: Un 0 1 0 lo
fe80::250:56ff:febc:731a/128 :: Un 0 2 662 lo
ff00::/8 :: U 256 1 242 eth0
ff00::/8 :: U 256 1 4 tun0
::/0 :: !n -1 1 946 lo
#cat sysctl.conf
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.autoconf = 1
net.ipv6.conf.all.accept_ra = 0
net.ipv4.ip_forward = 1
#lsmod | grep ipv6
nf_reject_ipv6 13717 1 ip6t_REJECT
nf_conntrack_ipv6 18894 6
nf_defrag_ipv6 35104 1 nf_conntrack_ipv6
nf_nat_ipv6 14131 1 ip6table_nat
nf_nat 26147 3 nf_nat_ipv4,nf_nat_ipv6,xt_nat
nf_conntrack 111302 6 nf_nat,nf_nat_ipv4,nf_nat_ipv6,xt_conntrack,nf_conntrack_ipv4,nf_conntrack_ipv6
#iptables -nvL
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
4 512 all * * ::/0 ::/0 state RELATED,ESTABLISHED
603 50699 ACCEPT all tun0 * ::/0 ::/0
4 512 ACCEPT all * tun0 ::/0 ::/0
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-adm-prohibited
Chain OUTPUT (policy ACCEPT 706 packets, 53256 bytes)
pkts bytes target prot opt in out source destination
Code: Select all
c:\ipconfig
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : TAP-Windows Adapter V9
Physical Address. . . . . . . . . : 00-FF-6F-54-70-95
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:1111:2222:3333::1000(Preferred)
Link-local IPv6 Address . . . . . : fe80::91b2:541f:9a5a:6ff7%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.111.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 192.168.111.254
DHCPv6 IAID . . . . . . . . . . . : 167837551
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-26-CE-34-D4-C9-EF-4F-FD-5B
DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
2001:4860:4860::8844
8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled
c:\>route print
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 2000::/3 fe80::8
10 276 2001:1111:2222:3333::/64 On-link
10 276 2001:1111:2222:3333::/64 fe80::8
10 276 2001:1111:2222:3333::1000/128
On-link
10 276 fe80::/64 On-link
10 276 fe80::91b2:541f:9a5a:6ff7/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Code: Select all
mode server
tls-server
topology subnet
port 443
proto tcp
dev tun
tun-ipv6
server-ipv6 2001:1111:2222:3333::/64
push "route-ipv6 2000::/3"
push "redirect-gateway def1"
push "dhcp-option DNS6 2001:4860:4860::8888"
push "dhcp-option DNS6 2001:4860:4860::8844"
comp-lzo
persist-key
persist-tun
Code: Select all
client
dev tun
cipher AES-256-CBC
proto tcp
resolv-retry infinite
nobind
persist-key
persist-tun
comp-lzo
Code: Select all
CLIENT c:\> ping -6 fe80::8%24
Pinging fe80::8%24 with 32 bytes of data:
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
PING: transmit failed. General failure.
Ping statistics for fe80::8%24:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
SERVER $ping6 fe80::8%tun0
PING fe80::8%tun0(fe80::8%tun0) 56 data bytes
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
ping: sendmsg: Network is unreachable
CLIENT PS C:\> get-wmiobject win32_networkadapter | select-object ServiceName, MACAddress, AdapterType, Index, Name
ServiceName : tap0901
MACAddress : 00:FF:6F:54:70:95
AdapterType : Ethernet 802.3
Index : 24
Name : TAP-Windows Adapter V9
I presume it's the same with TCP/UDP packets.
It's not problem of upstream gateway - I checked various IPv6 addresses from 2001:1111:2222:3333::/64 and they're routed correctly.