No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Need help configuring your VPN? Just post here and you'll get that help.
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Post Reply
panicked_kernel
OpenVpn Newbie
Posts: 2
Joined: Mon Nov 29, 2021 2:38 pm

No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Post by panicked_kernel » Mon Nov 29, 2021 2:45 pm

I have an OpenVPN server I've set up on an AWS EC2 instance that is pulling an IPV6 address, and can traceroute6 and ping6 ipv6.google.com. The client can do neither and does not return an address when using online tests like ipleak, or testipv6. The server and client can ping6 and traceroute6 each other.

The client appears to pull the correct address locally, and via ip -6 route. IPV4 has always worked fine without issue. Everything appears good on the AWS side per their instructions here: https://docs.aws.amazon.com/vpc/latest/ ... -ipv6-cidr Security groups are pretty wide open for ipv6 as well.

I am assuming it's my routing, but I'm not really sure at this point as I'm no ipv6 or routing expert. Please help! I've been scouring the web for a bit now looking for answers.

Relevant config info:

ipv6 addr of AWS instance:

Code: Select all

aaaa:bbbb:cccc:dddd::/64

server.conf

Code: Select all

local 172.31.44.1
port 443
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh.pem
auth SHA512
tls-crypt tc.key
topology subnet
server 10.8.0.0 255.255.255.0
push "redirect-gateway def1 bypass-dhcp"
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nogroup
persist-key
persist-tun
verb 3
crl-verify crl.pem
explicit-exit-notify
server-ipv6 aaaa:bbbb:cccc:dddd:80::/112
push "redirect-gateway-ipv6 def1 bypass-dhcp-ipv6"
push "route-ipv6 aaaa:bbbb:cccc:dddd::/64"
push "route-ipv6 2000::/3"
push "route 172.31.44.1 255.255.255.255 net_gateway"
push "dhcp-option DNS6 2001:4860:4860::8888"
push "dhcp-option DNS6 2001:4860:4860::8844"

/etc/sysctl.conf

Code: Select all

net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.proxy_ndp=1

ip6tables:

Code: Select all

-A INPUT -p udp --dport 443 -j ACCEPT
-A FORWARD -m state --state NEW -i tun0 -o eth0 -s aaaa:bbbb:cccc:dddd::/64 -j ACCEPT
-A FORWARD -m state --state NEW -i eth0 -o tun0 -d aaaa:bbbb:cccc:dddd::/64 -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

User avatar
TinCanTech
Forum Team
Posts: 10724
Joined: Fri Jun 03, 2016 1:17 pm

Re: No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Post by TinCanTech » Mon Nov 29, 2021 3:06 pm

panicked_kernel wrote:
Mon Nov 29, 2021 2:45 pm
push "redirect-gateway-ipv6 def1 bypass-dhcp-ipv6"
push "route-ipv6 aaaa:bbbb:cccc:dddd::/64"
push "route-ipv6 2000::/3"
push "route 172.31.44.1 255.255.255.255 net_gateway"
Delete the above ^.

Code: Select all

push "redirect-gateway def1 bypass-dhcp ipv6"
And use that, instead.

And you must use IPv6 NAT, which you need to search for on Amazon.

panicked_kernel
OpenVpn Newbie
Posts: 2
Joined: Mon Nov 29, 2021 2:38 pm

Re: No IPV6 internet connectivity on client side of OpenVPN AWS EC2 server?

Post by panicked_kernel » Tue Nov 30, 2021 3:21 pm

Hey, thanks so much for your response. I'm going to take some time to look into this and report back later.

cheers

Post Reply