server-ipv6 settings: only /64../112 supported right now (not /125)

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
maloff
OpenVpn Newbie
Posts: 1
Joined: Sun Jun 25, 2017 11:36 am

server-ipv6 settings: only /64../112 supported right now (not /125)

Post by maloff » Sun Jun 25, 2017 11:58 am

I am trying to add IPv6 to my OpenVPN server which is based on Digitalocean's droplet (VPS) with Ubuntu 17.04 (IPv4 tunnels work fine).

Digitalocean assigns to a VPS only 16 IPv6 addresses from a /64 subnet (which is basically only an /124 network my server can use. All other IPs are allocated to other VPSes of other customers). The quote from Digitalocean's control panel:

Code: Select all

PUBLIC IPV6 ADDRESS:
2a03:b0c0:2:d0::XXXX:X001
PUBLIC IPV6 GATEWAY:
2a03:b0c0:2:d0::1 
CONFIGURABLE ADDRESS RANGE:
2a03:b0c0:2:d0::XXXX:X000 - 2a03:b0c0:2:d0::XXXX:X00f
Digitalocean does not provide additional IPv6 blocks to VPSes, so I split my small /124 subnet into 2 /125s (first one for my server and the next one for OpenVPN's clients) and setup OpenVPN as follows:
[oconf]
# ipv6
server-ipv6 2a03:b0c0:2:d0::XXXX:X009/125
tun-ipv6
push tun-ipv6
ifconfig-ipv6 2a03:b0c0:2:d0::XXXX:X009 2a03:b0c0:2:d0::XXXX:X010
push "route-ipv6 2000::/3"
;redirect-gateway ipv6
[/oconf]

Only to get this error:

Code: Select all

Options error: --server-ipv6 settings: only /64../112 supported right now (not /125)
Any ideas why legal small subnets are not supported or what I am doing wrong?

TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: server-ipv6 settings: only /64../112 supported right now (not /125)

Post by TinCanTech » Sun Jun 25, 2017 6:20 pm

maloff wrote:Options error: --server-ipv6 settings: only /64../112 supported right now (not /125)
The developers have been very busy and this is not a priority at this time ..

Skaperen
OpenVPN Power User
Posts: 89
Joined: Fri Aug 05, 2011 3:02 pm
Contact:

Re: server-ipv6 settings: only /64../112 supported right now (not /125)

Post by Skaperen » Sat Jul 08, 2017 6:29 am

112 is a strange number for the implementation to end at. i could understand 64 or maybe 96. they must be handling this in units of 16 bits and only supporting 7 such units (16*7==112).

switch vps provider to cloudvps.com. they provide a whole /64 even to a vps. they have plenty of those in 2a02:348::/32. digital ocean should be able to do the same thing in 2604:a880::/32. fyi, i have a vps at both and 14 /56's at aws and have run OpenVPN at all of them.

Skaperen
OpenVPN Power User
Posts: 89
Joined: Fri Aug 05, 2011 3:02 pm
Contact:

Re: server-ipv6 settings: only /64../112 supported right now (not /125)

Post by Skaperen » Thu Jul 20, 2017 1:05 am

i closed down my VPS at DO. i still have a VPS at CV. i can do my ipv6 testing from AWS (14 different /56s split into a /64 per AZ/subnet). i probably should add some network testing tools in my pan-region VPN setup AMI.

Post Reply