server doesn't bind to IPv6 and IPv4 address when using proto udp6
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Aug 10, 2022 3:01 pm
server doesn't bind to IPv6 and IPv4 address when using proto udp6
Hi,
Should server bind to IPv6 and IPv4 address if I use proto udp6 ?
If I use proto udp then it says that it can't determine which protocol I would like to use and binds to IPv4 address. If I use proto udp6 then it binds just to IPv6.
OpenVPN 2.5.7 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 25 2022
FreeBSD fw1-test.6clabs.com 13.1-RELEASE FreeBSD 13.1-RELEASE stable/22.7-n250212-a26d6065f1f SMP amd64
root@fw1-test:/usr/ports # sockstat -l | grep open
root openvpn 75619 4 stream /tmp/php-fastcgi.socket-1
root openvpn 75619 6 stream /var/etc/openvpn/server2.sock
root openvpn 75619 9 udp6 2607:fae0:a000:5::78:1194 *:*
root@fw1-test:~ # sysctl -a | grep v6only
net.inet6.ip6.v6only: 0
Any idea?
Cheers, Jan Zorz
Should server bind to IPv6 and IPv4 address if I use proto udp6 ?
If I use proto udp then it says that it can't determine which protocol I would like to use and binds to IPv4 address. If I use proto udp6 then it binds just to IPv6.
OpenVPN 2.5.7 amd64-portbld-freebsd13.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jul 25 2022
FreeBSD fw1-test.6clabs.com 13.1-RELEASE FreeBSD 13.1-RELEASE stable/22.7-n250212-a26d6065f1f SMP amd64
root@fw1-test:/usr/ports # sockstat -l | grep open
root openvpn 75619 4 stream /tmp/php-fastcgi.socket-1
root openvpn 75619 6 stream /var/etc/openvpn/server2.sock
root openvpn 75619 9 udp6 2607:fae0:a000:5::78:1194 *:*
root@fw1-test:~ # sysctl -a | grep v6only
net.inet6.ip6.v6only: 0
Any idea?
Cheers, Jan Zorz
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
Your config file will have the answer ..
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Aug 10, 2022 3:01 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
Server config
dev ovpns2
verb 1
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp6
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 2607:fae0:a000:5::78
ifconfig 10.16.16.1 10.16.16.2
ifconfig-ipv6 2607:fae0:a000:e16::1 2607:fae0:a000:e16::2
lport 1194
management /var/etc/openvpn/server2.sock unix
push "route 67.221.246.248 255.255.255.248"
push "route-ipv6 2607:fae0:a000:11::/64"
route 67.221.250.224 255.255.255.224
route 67.221.250.160 255.255.255.224
route-ipv6 2607:fae0:b000:6000::/64
route-ipv6 2607:fae0:b000:/64
secret /var/etc/openvpn/server2.secret
comp-lzo adaptive
persist-remote-ip
float
verb 1
dev-type tun
dev-node /dev/tun2
writepid /var/run/openvpn_server2.pid
script-security 3
daemon
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
proto udp6
cipher AES-256-CBC
auth SHA512
up /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkup
down /usr/local/etc/inc/plugins.inc.d/openvpn/ovpn-linkdown
local 2607:fae0:a000:5::78
ifconfig 10.16.16.1 10.16.16.2
ifconfig-ipv6 2607:fae0:a000:e16::1 2607:fae0:a000:e16::2
lport 1194
management /var/etc/openvpn/server2.sock unix
push "route 67.221.246.248 255.255.255.248"
push "route-ipv6 2607:fae0:a000:11::/64"
route 67.221.250.224 255.255.255.224
route 67.221.250.160 255.255.255.224
route-ipv6 2607:fae0:b000:6000::/64
route-ipv6 2607:fae0:b000:/64
secret /var/etc/openvpn/server2.secret
comp-lzo adaptive
persist-remote-ip
float
This is running on opnsense firewall. Local directive is automatically generated from WAN interface address... I can add directives to "Advanced" window if needed.
If we make this one work I can take this to opnsense community and make improvement suggestions there so their config tool would spit out correct configuration.
Cheers and thnx, Jan
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Aug 10, 2022 3:01 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
Hmm... seems that adding "local ::" to advanced tab (and to the end of config) makes things a bit better:
root@fw1-test:~ # sockstat -l | grep open | grep udp
root openvpn 93620 9 udp46 *:1194 *:*
But now it's listening on all interfaces... how to limit it to just listening on WAN?
Cheers, Jan
root@fw1-test:~ # sockstat -l | grep open | grep udp
root openvpn 93620 9 udp46 *:1194 *:*
But now it's listening on all interfaces... how to limit it to just listening on WAN?
Cheers, Jan
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
That is how Openvpn works.
If you do not specify --local then it listens on all interfaces/addresses.
If you do not specify --local and do specify --proto udp6 then it listens on IPv6 and IPv4 UDP.
If you do specify --local then pick your --proto, default is udp4, I believe.
If you do not specify --local then it listens on all interfaces/addresses.
If you do not specify --local and do specify --proto udp6 then it listens on IPv6 and IPv4 UDP.
If you do specify --local then pick your --proto, default is udp4, I believe.
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Aug 10, 2022 3:01 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
Yes, if I don't specify "local ::" then it's listening on all interfaces on both protocols. I still did not find a proper combination that it would listen on both protocols but just on one interface.
Is there a way to say something like:
proto udp
local IPv6_addr, IPv4_addr
so it would bind only to two addresses on specified interface? Or even better:
proto udp
local vtnet0
and it would bind to all addresses (IPv6 and IPv4) on that interface?
Cheers, Jan
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
The short answer is No.
If you do not specify --local then Openvpn binds to all interfaces/addresses.
It is not possible to bind to a specific interface, only address is supported by --local.
If you do specify --local then Openvpn only uses one --proto.
If you do not specify --local then Openvpn binds to all interfaces/addresses.
It is not possible to bind to a specific interface, only address is supported by --local.
If you do specify --local then Openvpn only uses one --proto.
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Aug 10, 2022 3:01 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
Ok, thnx for your answer. However, we have udp, udp4 and udp6. Shouldn't udp be dual-stack? In FreeBSD it's called udp46TinCanTech wrote: ↑Thu Aug 11, 2022 1:02 pmIf you do specify --local then Openvpn only uses one --proto.
root openvpn 93620 9 udp46 *:1194 *:*
Something to consider in development?
Cheers, Jan
-
- OpenVPN Protagonist
- Posts: 11137
- Joined: Fri Jun 03, 2016 1:17 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
It has been and is being considered in development.
If you prefer then you can ask the developers yourself.
There is the openvpn developers mailing list openvpn-devel at lists.sourceforge.net
or IRC channel #openvpn-devel on libera.chat
If you prefer then you can ask the developers yourself.
There is the openvpn developers mailing list openvpn-devel at lists.sourceforge.net
or IRC channel #openvpn-devel on libera.chat
-
- OpenVpn Newbie
- Posts: 6
- Joined: Wed Aug 10, 2022 3:01 pm
Re: server doesn't bind to IPv6 and IPv4 address when using proto udp6
Thnx, appreciated!