OpenVPN + IPv6

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
User avatar
pvassalli
OpenVpn Newbie
Posts: 10
Joined: Wed Mar 02, 2011 9:16 am

OpenVPN + IPv6

Post by pvassalli » Wed Mar 02, 2011 9:45 am

I'm trying to realize an openvpn client+server over IPv6 using freenet6 (gogonet).
My server version of OpenVPN is : OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009, on ubuntu 9.10

the ifconfig command is:
##############################
tap0 Link encap:Ethernet HWaddr 7a:ff:86:1d:ce:cb
inet6 addr: fe80::78ff:86ff:fe1d:cecb/64 Scope:Link
inet6 addr: 2001:5c0:1400:b::9f29/128 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:676 (676.0 B)

tun Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:5c0:1400:b::9f29/128 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:98 errors:0 dropped:0 overruns:0 frame:0
TX packets:88 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:6997 (6.9 KB) TX bytes:6538 (6.5 KB)
##############################

where tun is the IPV6 interface lent by freenet6


the openvpn configuration is:
##############################
dev tap
secret myhost.key
up /etc/openvpn/myhost.up
log /var/log/openvpn/myserver.log
##############################

and the myhost.up script is:
##############################
#!/bin/sh
ifconfig $dev up
ifconfig $dev add 2001:5c0:1400:b::9f29/128
##############################


on the client side is the same.
My client version of openvpn is: OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009, on ubuntu 9.04

the ifconfig command is:
##############################
tun Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:5c0:1400:b::93ef/128 Scope:Global UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:3 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:200 (200.0 B) TX bytes:0 (0.0 B)
##############################

where tun is the IPV6 interface lent by freenet6


the openvpn configuration is:
##############################
remote homeboxpv01.broker.freenet6.net
float
dev tap
secret myhost.key
up /etc/openvpn/myhost.up
log /var/log/openvpn/myclient.log
##############################

and the myhost.up script is:
##############################
#!/bin/sh
ifconfig $dev up
ifconfig $dev add 2001:5c0:1400:b::93ef/128
##############################


When I start openvpn on the server side I get this:

##############################
tail -f /var/log/openvpn/myserver.log
Wed Mar 2 09:38:50 2011 OpenVPN 2.1_rc19 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Oct 13 2009
Wed Mar 2 09:38:50 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Wed Mar 2 09:38:50 2011 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Mar 2 09:38:50 2011 /usr/sbin/openvpn-vulnkey -q myhost.key
Wed Mar 2 09:38:50 2011 TUN/TAP device tap0 opened
Wed Mar 2 09:38:50 2011 /etc/openvpn/myhost.up tap0 1500 1576 init
Wed Mar 2 09:38:50 2011 UDPv4 link local (bound): [undef]:1194
Wed Mar 2 09:38:50 2011 UDPv4 link remote: [undef]
##############################


When I start openvpn on the client side I get this:
##############################
tail -f /var/log/openvpn/myclient.log
Thu Feb 17 04:47:26 2000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 17 04:47:26 2000 /usr/sbin/openvpn-vulnkey -q myhost.key
/usr/sbin/openvpn-vulnkey:22: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5
Thu Feb 17 04:47:27 2000 TUN/TAP device tap0 opened
Thu Feb 17 04:47:27 2000 /etc/openvpn/myhost.up tap0 1500 1576 init
Thu Feb 17 04:47:27 2000 UDPv4 link local (bound): [undef]:1194
Thu Feb 17 04:47:27 2000 UDPv4 link remote: 81.171.72.11:1194
Thu Feb 17 04:47:27 2000 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)
##############################


The ip address 81.171.72.11 is not the right one (it is the ipv4 of my machine, but it is a freenet server, not my machine), it should connect to the ipv6 of the server.
How can I force it?
Thank you all guys!!!
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: OpenVPN + IPv6

Post by janjust » Wed Mar 02, 2011 9:47 am

you can force it by using a specially built version of openvpn - the current versions of openvpn (2.1 nor the upcoming 2.2) support connecting to an IPv6 endpoint.
Top
User avatar
pvassalli
OpenVpn Newbie
Posts: 10
Joined: Wed Mar 02, 2011 9:16 am

Re: OpenVPN + IPv6

Post by pvassalli » Wed Mar 02, 2011 9:57 am

dear janjust, I am in need to download:
http://swupdate.openvpn.net/community/r ... -2.1.4.zip
and compile it in which way?
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: OpenVPN + IPv6

Post by janjust » Wed Mar 02, 2011 10:12 am

downloading the 2.1.4 code won't help - you need a special patch which is available on the internet, e.g.
http://juanjosec.blogspot.com/2009/09/o ... patch.html
Top
User avatar
pvassalli
OpenVpn Newbie
Posts: 10
Joined: Wed Mar 02, 2011 9:16 am

Re: OpenVPN + IPv6

Post by pvassalli » Wed Mar 02, 2011 10:32 am

Thank you janjust, I have found it directly in a .deb package.
Now when the client starts:

tail -f /var/log/openvpn/myclient.log
Thu Feb 17 05:37:35 2000 OpenVPN 2.1.1j i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 25 2010
Thu Feb 17 05:37:35 2000 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.
Thu Feb 17 05:37:35 2000 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Thu Feb 17 05:37:35 2000 /usr/sbin/openvpn-vulnkey -q myhost.key
/usr/sbin/openvpn-vulnkey:22: DeprecationWarning: the md5 module is deprecated; use hashlib instead
import md5
Thu Feb 17 05:37:36 2000 TUN/TAP device tun0 opened
Thu Feb 17 05:37:36 2000 /etc/openvpn/myhost.up tun0 1500 1544 init
Thu Feb 17 05:37:36 2000 UDPv4 link local (bound): [undef]
Thu Feb 17 05:37:36 2000 UDPv4 link remote: [AF_INET]81.171.72.11:1194
Thu Feb 17 05:37:46 2000 read UDPv4 [ECONNREFUSED]: Connection refused (code=111)

Now, as you told me, I can see: [PF_INET6] [IPv6 payload 20100307-1], that was not present before.
But again, it tryes to connect via ipv4.
So, now what is the matter with configuration?
Top
User avatar
janjust
Forum Team
Posts: 2703
Joined: Fri Aug 20, 2010 2:57 pm
Location: Amsterdam
Contact:
Contact janjust

Re: OpenVPN + IPv6

Post by janjust » Wed Mar 02, 2011 10:45 am

I don't know what options the ipv6 patch has added, but I do see that your DNS name resolves to an IPv4 address first, then to an IPv6 address. Run 'openvpn --help' and check for ipv6 parameters to overrule this behavior, if at all possible.
Top
Post Reply

Return to “Server Administration”