How to enable IPv6 traffic through the tunnel?

Business solution to host your own OpenVPN server with web management interface and bundled clients.
Post Reply
ladi1905
OpenVpn Newbie
Posts: 2
Joined: Fri May 19, 2023 8:00 am

How to enable IPv6 traffic through the tunnel?

Post by ladi1905 » Fri May 19, 2023 8:11 am

Hi,

I've created a OpenVPN Access Server virtual machine on GCP to access the virtual machines in the same VPC.
My localhost can access the cloud nodes over IPv4 through the VPN tunnel but not over IPv6.
I've used the following guide: https://openvpn.net/vpn-server-resource ... ss-server/

I'm not sure what parameters are exactly needed to have the same behaviour as IPv4 routing.
I need IPv6 to use SRv6 between the hosts in my local lab and the virtual machines in the cloud.
Which exact configuration is needed and in which files? Are the routes automatically set up like for IPv4?

Thanks in advance.

ladi1905
OpenVpn Newbie
Posts: 2
Joined: Fri May 19, 2023 8:00 am

Re: How to enable IPv6 traffic through the tunnel?

Post by ladi1905 » Tue May 23, 2023 7:18 am

Edit:

I used the following commands.

cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:09c2::/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"

However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.

The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64

The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:

---

2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0

2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2

2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06

2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a

2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::

2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable

2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF

2023-05-23 06:39:41 TUN/TAP device tun0 opened

2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0

2023-05-23 06:39:41 net_iface_up: set tun0 up

2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0

2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0

2023-05-23 06:39:41 net_iface_up: set tun0 up

2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0

2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL

2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1

2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101

2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101

2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0

2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101

---

GDG6: remote_host_ipv6=n/a---

sitnl_send: rtnl: generic error (-101): Network is unreachable

ROUTE6: default_gateway=UNDEF

Those entries are very interesting...

Post Reply