OpenVPN Server with IPv6 support doen´t work

Need help configuring your VPN? Just post here and you'll get that help.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
mlrtimbf
OpenVpn Newbie
Posts: 3
Joined: Sat Jan 13, 2018 9:14 am

OpenVPN Server with IPv6 support doen´t work

Post by mlrtimbf » Sat Jan 13, 2018 9:22 am

Hi, I try to set my OpenVPN Server with IPv6 support.

I have a Server on NetCiup with IPv6 support, but my clients don´t seem to get one.
Here is my server.conf (I changed the real IPv6 addresses:

Code: Select all

proto udp
port 12345
dev tun

ca ca.crt
cert server.crt
key server.key
dh dh2048.pem

server 10.8.0.0 255.255.255.0
server-ipv6 1111:2222:3:4444:bbbb::/112
ifconfig-pool-persist ipp.txt

push "route-ipv6 1111:2222:3:4444:bbbb::1 1"
push "route-ipv6 2000::/3"

push "redirect-gateway def1 bypass-dhcp"
push "redirect-gateway ipv6"

push "dhcp-option DNS 208.67.222.222"
push "dhcp-option DNS 208.67.220.220"

keepalive 10 120

tls-auth ta.key 0
key-direction 0

cipher AES-256-CBC
auth SHA512
tls-version-min 1.2
tls-cipher TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256:TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256

comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
verb 3

script-security 2
client-connect openvpn_client-connect.sh
learn-address ndp-proxy-setup.sh
Also I set up these iptables rules:

Code: Select all

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A INPUT -m conntrack --ctstate INVALID -j DROP
ip6tables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
ip6tables -A INPUT -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -p ipv6-icmp -j ACCEPT
ip6tables -A FORWARD -s 1111:2222:3:4444::/64 -j ACCEPT
ip6tables -A INPUT -j REJECT
When I connect with I client I get (Among otrher things) this error:

Code: Select all

Sat Jan 13 10:18:59 2018 ERROR: Windows route add ipv6 command failed: returned error code 1
But my clients get´s an IPv6 (ipconfig):

Code: Select all

Ethernet-Adapter Ethernet 3:

   Verbindungsspezifisches DNS-Suffix:
   IPv6-Adresse. . . . . . . . . . . : 1111:2222:3:4444:bbbb::1000
   Verbindungslokale IPv6-Adresse  . : fe80::2cd5:13fb:323e:4c00%50
   IPv4-Adresse  . . . . . . . . . . : 10.8.0.6
   Subnetzmaske  . . . . . . . . . . : 255.255.255.252
When I test my connection on http://test-ipv6.com/ it says that I don´t have an IPv6 address.

Any idea where the problem could be?

Thanks a lot!
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Server with IPv6 support doen´t work

Post by TinCanTech » Sat Jan 13, 2018 11:10 am

Please post the complete client log (remove personal data)
Top
mlrtimbf
OpenVpn Newbie
Posts: 3
Joined: Sat Jan 13, 2018 9:14 am

Re: OpenVPN Server with IPv6 support doen´t work

Post by mlrtimbf » Sat Jan 13, 2018 7:04 pm

Here it is:

Client Log

Sat Jan 13 19:37:05 2018 NOTE: --user option is not implemented on Windows
Sat Jan 13 19:37:05 2018 NOTE: --group option is not implemented on Windows
Sat Jan 13 19:37:05 2018 OpenVPN 2.4.4 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Sep 26 2017
Sat Jan 13 19:37:05 2018 Windows version 6.2 (Windows 8 or greater) 64bit
Sat Jan 13 19:37:05 2018 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.10
Sat Jan 13 19:37:05 2018 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25340
Sat Jan 13 19:37:05 2018 Need hold release from management interface, waiting...
Sat Jan 13 19:37:06 2018 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25340
Sat Jan 13 19:37:06 2018 MANAGEMENT: CMD 'state on'
Sat Jan 13 19:37:06 2018 MANAGEMENT: CMD 'log all on'
Sat Jan 13 19:37:06 2018 MANAGEMENT: CMD 'echo all on'
Sat Jan 13 19:37:06 2018 MANAGEMENT: CMD 'hold off'
Sat Jan 13 19:37:06 2018 MANAGEMENT: CMD 'hold release'
Sat Jan 13 19:37:06 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 13 19:37:06 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 13 19:37:06 2018 TCP/UDP: Preserving recently used remote address: [AF_INET]XXX.XXX.XXX.XXX:XXXX
Sat Jan 13 19:37:06 2018 Socket Buffers: R=[65536->65536] S=[65536->65536]
Sat Jan 13 19:37:06 2018 UDP link local: (not bound)
Sat Jan 13 19:37:06 2018 UDP link remote: [AF_INET]XXX.XXX.XXX.XXX:XXXX
Sat Jan 13 19:37:06 2018 MANAGEMENT: >STATE:1515868626,WAIT,,,,,,
Sat Jan 13 19:37:06 2018 MANAGEMENT: >STATE:1515868626,AUTH,,,,,,
Sat Jan 13 19:37:06 2018 TLS: Initial packet from [AF_INET]XXX.XXX.XXX.XXX:XXXX, sid=cdc58bcd f9a1dfde
Sat Jan 13 19:37:06 2018 VERIFY OK: depth=1, C=C, ST=sZ, L=L, O=O, OU=OU, CN=CN CA, name=server, emailAddress=openvpn@domian.de
Sat Jan 13 19:37:06 2018 VERIFY KU OK
Sat Jan 13 19:37:06 2018 Validating certificate extended key usage
Sat Jan 13 19:37:06 2018 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Jan 13 19:37:06 2018 VERIFY EKU OK
Sat Jan 13 19:37:06 2018 VERIFY OK: depth=0, C=C, ST=ST, L=L, O=O, OU=OU, CN=server, name=server, emailAddress=openvpn@domian.de
Sat Jan 13 19:37:06 2018 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA256, 2048 bit RSA
Sat Jan 13 19:37:06 2018 [server] Peer Connection Initiated with [AF_INET]XXX.XXX.XXX.XXX:XXXX
Sat Jan 13 19:37:08 2018 MANAGEMENT: >STATE:1515868628,GET_CONFIG,,,,,,
Sat Jan 13 19:37:08 2018 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
Sat Jan 13 19:37:08 2018 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 1111:2222:3:4444:bbbb::1000/112 1111:2222:3:4444:bbbb::1,route-ipv6 1111:2222:3:4444:bbbb::1/1,route-ipv6 2000::/3,redirect-gateway def1 bypass-dhcp,redirect-gateway ipv6,dhcp-option DNS 208.67.222.222,dhcp-option DNS 208.67.220.220,tun-ipv6,route 10.8.0.1,topology net30,ping 10,ping-restart 120,ifconfig 10.8.0.6 10.8.0.5'
Sat Jan 13 19:37:08 2018 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Sat Jan 13 19:37:08 2018 OPTIONS IMPORT: timers and/or timeouts modified
Sat Jan 13 19:37:08 2018 OPTIONS IMPORT: --ifconfig/up options modified
Sat Jan 13 19:37:08 2018 OPTIONS IMPORT: route options modified
Sat Jan 13 19:37:08 2018 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Sat Jan 13 19:37:08 2018 Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 13 19:37:08 2018 Outgoing Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 13 19:37:08 2018 Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Sat Jan 13 19:37:08 2018 Incoming Data Channel: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Jan 13 19:37:08 2018 interactive service msg_channel=0
Sat Jan 13 19:37:08 2018 ROUTE_GATEWAY 192.168.8.1/255.255.255.0 I=5 HWADDR=00:28:f8:89:89:89
Sat Jan 13 19:37:08 2018 GDG6: remote_host_ipv6=n/a
Sat Jan 13 19:37:08 2018 NOTE: GetBestInterfaceEx returned error: Element nicht gefunden. (code=1168)
Sat Jan 13 19:37:08 2018 ROUTE6: default_gateway=UNDEF
Sat Jan 13 19:37:08 2018 open_tun
Sat Jan 13 19:37:08 2018 TAP-WIN32 device [Ethernet 3] opened: \\.\Global\{08E8DFAB-4376-461E-8A8C-BD694248D8A8}.tap
Sat Jan 13 19:37:08 2018 TAP-Windows Driver Version 9.21
Sat Jan 13 19:37:08 2018 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.8.0.6/255.255.255.252 on interface {08E8DFAB-4376-461E-8A8C-BD694248D8A8} [DHCP-serv: 10.8.0.5, lease-time: 31536000]
Sat Jan 13 19:37:08 2018 Successful ARP Flush on interface [50] {08E8DFAB-4376-461E-8A8C-BD694248D8A8}
Sat Jan 13 19:37:08 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Sat Jan 13 19:37:08 2018 MANAGEMENT: >STATE:1515868628,ASSIGN_IP,,10.8.0.6,,,,,1111:2222:3:4444:bbbb::1000
Sat Jan 13 19:37:09 2018 NETSH: C:\WINDOWS\system32\netsh.exe interface ipv6 set address interface=50 1111:2222:3:4444:bbbb::1000 store=active
Sat Jan 13 19:37:09 2018 add_route_ipv6(1111:2222:3:4444:bbbb::/112 -> 1111:2222:3:4444:bbbb::1000 metric 0) dev Ethernet 3
Sat Jan 13 19:37:09 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 1111:2222:3:4444:bbbb::/112 interface=50 fe80::8 store=active
Sat Jan 13 19:37:09 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 TEST ROUTES: 2/2 succeeded len=1 ret=1 a=0 u/d=up
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\route.exe ADD XXX.XXX.XXX.XXX MASK 255.255.255.255 192.168.8.1
Sat Jan 13 19:37:14 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=55 and dwForwardType=4
Sat Jan 13 19:37:14 2018 Route addition via IPAPI succeeded [adaptive]
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.8.0.5
Sat Jan 13 19:37:14 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sat Jan 13 19:37:14 2018 Route addition via IPAPI succeeded [adaptive]
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.8.0.5
Sat Jan 13 19:37:14 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sat Jan 13 19:37:14 2018 Route addition via IPAPI succeeded [adaptive]
Sat Jan 13 19:37:14 2018 MANAGEMENT: >STATE:1515868634,ADD_ROUTES,,,,,,
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\route.exe ADD 10.8.0.1 MASK 255.255.255.255 10.8.0.5
Sat Jan 13 19:37:14 2018 ROUTE: CreateIpForwardEntry succeeded with dwForwardMetric1=35 and dwForwardType=4
Sat Jan 13 19:37:14 2018 Route addition via IPAPI succeeded [adaptive]
Sat Jan 13 19:37:14 2018 add_route_ipv6(::/1 -> 1111:2222:3:4444:bbbb::1 metric -1) dev Ethernet 3
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route ::/1 interface=50 fe80::8 store=active
Sat Jan 13 19:37:14 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 add_route_ipv6(2000::/3 -> 1111:2222:3:4444:bbbb::1 metric -1) dev Ethernet 3
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 2000::/3 interface=50 fe80::8 store=active
Sat Jan 13 19:37:14 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 add_route_ipv6(::/3 -> 1111:2222:3:4444:bbbb::1 metric -1) dev Ethernet 3
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route ::/3 interface=50 fe80::8 store=active
Sat Jan 13 19:37:14 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 add_route_ipv6(2000::/4 -> 1111:2222:3:4444:bbbb::1 metric -1) dev Ethernet 3
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 2000::/4 interface=50 fe80::8 store=active
Sat Jan 13 19:37:14 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 add_route_ipv6(3000::/4 -> 1111:2222:3:4444:bbbb::1 metric -1) dev Ethernet 3
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route 3000::/4 interface=50 fe80::8 store=active
Sat Jan 13 19:37:14 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 add_route_ipv6(fc00::/7 -> 1111:2222:3:4444:bbbb::1 metric -1) dev Ethernet 3
Sat Jan 13 19:37:14 2018 C:\WINDOWS\system32\netsh.exe interface ipv6 add route fc00::/7 interface=50 fe80::8 store=active
Sat Jan 13 19:37:14 2018 env_block: add PATH=C:\WINDOWS\System32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
Sat Jan 13 19:37:14 2018 Initialization Sequence Completed
Sat Jan 13 19:37:14 2018 MANAGEMENT: >STATE:1515868634,CONNECTED,SUCCESS,10.8.0.6,XXX.XXX.XXX.XXX,XXXX,,,1111:2222:3:4444:bbbb::1000



Thanks
Top
TinCanTech
OpenVPN Protagonist
Posts: 11137
Joined: Fri Jun 03, 2016 1:17 pm

Re: OpenVPN Server with IPv6 support doen´t work

Post by TinCanTech » Sun Jan 14, 2018 1:47 pm

I don't see any errors ..
Top
Post Reply

Return to “Configuration”