Code: Select all
port 1194 proto udp dev tun ca pki/ca.crt cert pki/issued/hub.crt key pki/private/hub.key dh pki/dh.pem topology subnet server 10.6.0.0 255.255.255.0 push "route 172.30.1.0 255.255.255.0" keepalive 60 600 tls-auth ta.key 0 key-direction 0 cipher AES-256-GCM auth SHA256 auth-nocache user nobody group nobody persist-key persist-tun status openvpn-status.log log openvpn.log verb 3 explicit-exit-notify 1
I have a set of servers and only gateway server has a public ip (ipv4) and other servers are behind it with private ip (172.30.1.0/24).
Gateway server is running openvpn server daemon, and I can connect all resources behind it through openvpn.
(gateway server = openvpn server)
For years, there were absolutely no problems.
However, recently my mobile carrier keeps giving me only pure ipv6 and problem occured.
When I connect openvpn server through ipv4 environment (PC or mobile with WIFI) there is no problem as usual.
But when I connect openvpn server through ipv6 environment (iPhone with LTE),
1. I CAN connect the gateway server. iOS OpenVPN app works fine. No abnormal logs are found.
2. When I access other servers behind gateway, SOME APPS WORK but SOME DON'T!
2a. Safari CAN access every httpd server behind gateway.
2b. iSH Shell by Theodore Dubois CAN access every sshd/httpd server behind gateway.
2c. FE File Explorer PRO by Skyjos CAN access every sshd/smb server behind gateway.
2d. RDP client by microsoft CANNOT access windows server behind gateway.
2e. Termius by Termius Corp CANNOT access sshd server behind gateway.
2f. Evermusic PRO by Artem Meleshko CANNOT access smbd server behind gateway.
2g. I tested several iOS ping apps and about half works and other half doesn't.
If I add "redirect-gateway def1" or "redirect-gateway ipv6" to server configuration,
all above apps work fine but all network traffics are forwarding through gateway, which is unwanted effect.
This is very weird. And I don't guess which is correct way to solve it.
The 3rd party app developers should enhance their apps for ipv6 compatibilities?
Or the iOS OpenVPN Connect App itself should be updated to support ipv6 environment later?
Or shall I add and/or change some openvpn server or client option?
Client - iOS 14.3/OpenVPN Connect 3.2.2
Server - OpenVPN 2.5.0 x86_64
Thank you in advance.