Code: Select all
port 1194
proto udp
dev tun
ca pki/ca.crt
cert pki/issued/hub.crt
key pki/private/hub.key
dh pki/dh.pem
topology subnet
server 10.6.0.0 255.255.255.0
push "route 172.30.1.0 255.255.255.0"
keepalive 60 600
tls-auth ta.key 0
key-direction 0
cipher AES-256-GCM
auth SHA256
auth-nocache
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
verb 3
explicit-exit-notify 1
I have a set of servers and only gateway server has a public ip (ipv4) and other servers are behind it with private ip (172.30.1.0/24).
Gateway server is running openvpn server daemon, and I can connect all resources behind it through openvpn.
(gateway server = openvpn server)
For years, there were absolutely no problems.
However, recently my mobile carrier keeps giving me only pure ipv6 and problem occured.
When I connect openvpn server through ipv4 environment (PC or mobile with WIFI) there is no problem as usual.
But when I connect openvpn server through ipv6 environment (iPhone with LTE),
1. I CAN connect the gateway server. iOS OpenVPN app works fine. No abnormal logs are found.
2. When I access other servers behind gateway, SOME APPS WORK but SOME DON'T!
2a. Safari CAN access every httpd server behind gateway.
2b. iSH Shell by Theodore Dubois CAN access every sshd/httpd server behind gateway.
2c. FE File Explorer PRO by Skyjos CAN access every sshd/smb server behind gateway.
2d. RDP client by microsoft CANNOT access windows server behind gateway.
2e. Termius by Termius Corp CANNOT access sshd server behind gateway.
2f. Evermusic PRO by Artem Meleshko CANNOT access smbd server behind gateway.
2g. I tested several iOS ping apps and about half works and other half doesn't.
If I add "redirect-gateway def1" or "redirect-gateway ipv6" to server configuration,
all above apps work fine but all network traffics are forwarding through gateway, which is unwanted effect.
This is very weird. And I don't guess which is correct way to solve it.
The 3rd party app developers should enhance their apps for ipv6 compatibilities?
Or the iOS OpenVPN Connect App itself should be updated to support ipv6 environment later?
Or shall I add and/or change some openvpn server or client option?
Client - iOS 14.3/OpenVPN Connect 3.2.2
Server - OpenVPN 2.5.0 x86_64
Thank you in advance.