Unable to listen on both ipv4 and ipv6 at same time

This forum is for admins who are looking to build or expand their OpenVPN setup.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
Thoma
OpenVpn Newbie
Posts: 4
Joined: Wed Oct 03, 2018 1:28 pm

Unable to listen on both ipv4 and ipv6 at same time

Post by Thoma » Sun Aug 07, 2022 3:43 pm

Hello,

My ISP now offers IPv6 connectivity.
I tried to connect with my current configuration file.
And it still works fine on IPv4.
However, it does not work on IPv6.

netstat does not show any listening port on udp6 :(

How do I change my configuration file below to be able to connect on IPv4 and IPv6?

Code: Select all

proto udp
port 1194
dev tun
ca server/keys/ca.crt
cert server/keys/server.crt
key server/keys/server.key  # This file should be kept secret
dh server/keys/dh2048.pem
tls-auth server/keys/ta.key 0
key-direction 0
cipher AES-256-CBC
ifconfig-pool-persist server/ipp.txt

server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 192.168.xxx.254"
push "route 192.168.xxx.0 255.255.255.0"
keepalive 10 120
client-to-client

user nobody
group nogroup
persist-key
persist-tun
comp-lzo
tls-version-min 1.2

verb 6

log-append  /var/log/openvpn/openvpn.log
status /var/log/openvpn/openvpn-status.log
Thanks in advance for your help

Thoma

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by TinCanTech » Sun Aug 07, 2022 3:57 pm

You will need --proto udp6 and then to configure your network to pass UDPv6 packets to your server.

Thoma
OpenVpn Newbie
Posts: 4
Joined: Wed Oct 03, 2018 1:28 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by Thoma » Sun Aug 07, 2022 4:12 pm

Hi TinCanTech,

If I replace proto udp with proto udp6 then it works with IPv6 but, and this is normal, no longer with IPv4.
Is there a way to make both (IPv4 and IPv6) work together?

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by TinCanTech » Sun Aug 07, 2022 5:41 pm

Thoma wrote:
Sun Aug 07, 2022 4:12 pm
Is there a way to make both (IPv4 and IPv6) work together?
Define together ..

Cutting to the chase: No.

Thoma
OpenVpn Newbie
Posts: 4
Joined: Wed Oct 03, 2018 1:28 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by Thoma » Sun Aug 07, 2022 6:01 pm

What I mean by Together is listening on IPv4 side and also on IPv6 side.

What I expect from the command:

Code: Select all

netstat --numeric-ports -lu | grep 1194
is:

Code: Select all

udp        0      0 0.0.0.0:1194            0.0.0.0:*
udp6       0      0 [::]:1194               [::]:*
but so far I can only get one or the other.

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by TinCanTech » Sun Aug 07, 2022 11:27 pm

Experiment with multiple server instances but, at this time, OpenVPN does not do V4 and v6 simultaneously

Thoma
OpenVpn Newbie
Posts: 4
Joined: Wed Oct 03, 2018 1:28 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by Thoma » Mon Aug 08, 2022 7:56 am

Ugh! Bad luck...

TinCanTech
OpenVPN Protagonist
Posts: 11139
Joined: Fri Jun 03, 2016 1:17 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by TinCanTech » Mon Aug 08, 2022 6:07 pm

It turns out that I am wrong. :oops:

OpenVPN can use IPv6 and IPv4 on one server instance. All you need is --proto udp6

elcrdaya
OpenVpn Newbie
Posts: 3
Joined: Tue Dec 17, 2024 8:01 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by elcrdaya » Sun Dec 29, 2024 6:50 pm

TinCanTech wrote:
Mon Aug 08, 2022 6:07 pm
It turns out that I am wrong. :oops:

OpenVPN can use IPv6 and IPv4 on one server instance. All you need is --proto udp6
I'm trying to configure similar that one OpenVPN server can listen on both IPv4 and IPv6 addresses simultaneously to establish the tunnel. I have doen similar setup and it worked fine if I bind specific IP (v4/v6) with `--local`.
Now I'm trying to remove `--local` and use `--proto udp6` only to bind both IPv4 and IPv6 addresses

but it's only bind to IPv6, and the connection can't be established

Code: Select all

netstat -tuln | grep 443
udp6       0      0 :::443                  :::*
udp6       0      0 :::443                  :::*
Any idea?

rob-pe1chl
OpenVpn Newbie
Posts: 7
Joined: Sat Oct 09, 2021 6:07 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by rob-pe1chl » Thu Jan 02, 2025 9:16 am

There should be only one such line! Maybe you have started the program twice?
Also, there is no issue with this, it is like TunCanTech wrote above: the udp6 socket will accept both IPv4 and IPv6.
I have it working just fine with only the "proto udp6" line in the config.
Maybe you have some other component like a router or firewall that drops the IPv4 traffic or handles it by itself.

elcrdaya
OpenVpn Newbie
Posts: 3
Joined: Tue Dec 17, 2024 8:01 pm

Re: Unable to listen on both ipv4 and ipv6 at same time

Post by elcrdaya » Thu Jan 02, 2025 5:23 pm

Thank you to confirm. I have two OpenVPN servers running, that's why there are two lines. You are correct, after deeper look at the packets, IPv4 traffic did arrived to the network interface with "proto udp6" defined. I have firewall rules that dropped the packets.

If I have multiple interfaces, will this setup listen on all the interfaces with all the IP addresses?

Post Reply