Page 1 of 1

No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Posted: Mon Nov 29, 2021 2:45 pm
by panicked_kernel
I have an OpenVPN server I've set up on an AWS EC2 instance that is pulling an IPV6 address, and can traceroute6 and ping6 ipv6.google.com. The client can do neither and does not return an address when using online tests like ipleak, or testipv6. The server and client can ping6 and traceroute6 each other.

The client appears to pull the correct address locally, and via ip -6 route. IPV4 has always worked fine without issue. Everything appears good on the AWS side per their instructions here: https://docs.aws.amazon.com/vpc/latest/ ... -ipv6-cidr Security groups are pretty wide open for ipv6 as well.

I am assuming it's my routing, but I'm not really sure at this point as I'm no ipv6 or routing expert. Please help! I've been scouring the web for a bit now looking for answers.

Relevant config info:

ipv6 addr of AWS instance:

Code: Select all

aaaa:bbbb:cccc:dddd::/64

server.conf

Code: Select all

local 172.31.44.1
port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
server-ipv6 aaaa:bbbb:cccc:dddd:80::/112
push "redirect-gateway-ipv6 def1 bypass-dhcp-ipv6"
push "route-ipv6 aaaa:bbbb:cccc:dddd::/64"
push "route-ipv6 2000::/3"
push "route 172.31.44.1 255.255.255.255 net_gateway"
push "dhcp-option DNS6 2001:4860:4860::8888"
push "dhcp-option DNS6 2001:4860:4860::8844"

/etc/sysctl.conf

Code: Select all

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1

ip6tables:

Code: Select all

-A INPUT -p udp --dport 443 -j ACCEPT
-A FORWARD -m state --state NEW -i tun0 -o eth0 -s aaaa:bbbb:cccc:dddd::/64 -j ACCEPT
-A FORWARD -m state --state NEW -i eth0 -o tun0 -d aaaa:bbbb:cccc:dddd::/64 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Re: No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Posted: Mon Nov 29, 2021 3:06 pm
by TinCanTech
panicked_kernel wrote:
Mon Nov 29, 2021 2:45 pm
push "redirect-gateway-ipv6 def1 bypass-dhcp-ipv6"
push "route-ipv6 aaaa:bbbb:cccc:dddd::/64"
push "route-ipv6 2000::/3"
push "route 172.31.44.1 255.255.255.255 net_gateway"
Delete the above ^.

Code: Select all

push "redirect-gateway def1 bypass-dhcp ipv6"
And use that, instead.

And you must use IPv6 NAT, which you need to search for on Amazon.

Re: No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Posted: Tue Nov 30, 2021 3:21 pm
by panicked_kernel
Hey, thanks so much for your response. I'm going to take some time to look into this and report back later.

cheers