IPv6 privacy extension on server side

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
jacgl
OpenVpn Newbie
Posts: 1
Joined: Sat Nov 11, 2017 10:17 pm

IPv6 privacy extension on server side

Post by jacgl » Sat Nov 11, 2017 10:33 pm

Hi,
I try to use ipv6 udp as a transport between win10 client and linux server (tun). Server side (arch linux) has privacy extension for IPv6 ON.
What impressed me, the connection fails on TLS error just at the very beginning. This is because the server response is from another ipv6 address than client comunicates to. Server frame is received from "temporary dynamic" address, which simply generates error.
Is there any way to work with privacy extensions?
Regards,
Jacek

knuffel007
OpenVpn Newbie
Posts: 1
Joined: Sun Oct 18, 2020 11:10 am

Re: IPv6 privacy extension on server side

Post by knuffel007 » Sun Oct 18, 2020 11:21 am

Hi jacgl
I have the exactly same issue, it is only a few years/releases later (2.5 rc2) and my server is a windows machine. The OpenVPN server replies on a temporary IPv6 address when it got contacted before on it's permanent IPv6 address by the client. It fails - in a first place because firewalls will block the reply due to the unknown sender address.
Did you get any hints how to work around this issue without switching off the privacy extension?
Ronald

Post Reply