Disable IPV6 in OpenVPN cloud?

Next-generation cloud-hosted OpenVPN business solution.
Post Reply
MarcoTvM
OpenVpn Newbie
Posts: 1
Joined: Tue Mar 29, 2022 5:12 pm

Disable IPV6 in OpenVPN cloud?

Post by MarcoTvM » Tue Mar 29, 2022 5:18 pm

After setting up things in the cloud, the Teltonika RUT950 is not able to connect to the VPN, as it seems due to IPV6 issues.
Is there a way to disable IPV6 in the OpenVPN cloud settings?

Below is the log excerpt when updating the OpenVPN config when trying to get this connected:

Code: Select all

Tue Mar 29 19:02:33 2022 daemon.warn openvpn(client_asml_p3)[12956]: DEPRECATED OPTION: --cipher set to  'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.                                      
Tue Mar 29 19:02:33 2022 daemon.notice openvpn(client_asml_p3)[12956]: OpenVPN 2.5.2 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]                                             
Tue Mar 29 19:02:33 2022 daemon.notice openvpn(client_asml_p3)[12956]: library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10                                                                                  
Tue Mar 29 19:02:33 2022 daemon.notice openvpn(client_asml_p3)[12956]: Outgoing Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication                                     
Tue Mar 29 19:02:33 2022 daemon.notice openvpn(client_asml_p3)[12956]: Incoming Control Channel Authentication: Using 256 bit message hash 'SHA256' for HMAC authentication                                     
Tue Mar 29 19:03:13 2022 daemon.err openvpn(client_asml_p3)[12956]: RESOLVE: Cannot resolve host address : nl-ams.gw.openvpn.com:1194 (Name or service not known)                                                
Tue Mar 29 19:03:14 2022 daemon.notice openvpn(client_asml_p3)[12956]: Socket Buffers: R=[8388608->8388608] S=[8388608->8388608]                                                                                
Tue Mar 29 19:03:14 2022 daemon.warn openvpn(client_asml_p3)[12956]: NOTE: setsockopt TCP_NODELAY=1 failed                                                                                                      
Tue Mar 29 19:03:14 2022 daemon.notice openvpn(client_asml_p3)[12956]: UDP link local: (not bound)      
Tue Mar 29 19:03:14 2022 daemon.notice openvpn(client_asml_p3)[12956]: UDP link remote: [AF_INET]109.201.136.204:1194                                                                                           
Tue Mar 29 19:03:15 2022 daemon.notice openvpn(client_asml_p3)[12956]: TLS: Initial packet from [AF_INET]109.201.136.204:1194, sid=169b160c 22c32acc                                                            
Tue Mar 29 19:03:17 2022 daemon.notice openvpn(client_asml_p3)[12956]: VERIFY OK: depth=1, CN=CloudVPN Prod CA                                                                                                  
Tue Mar 29 19:03:17 2022 daemon.notice openvpn(client_asml_p3)[12956]: VERIFY KU OK                     
Tue Mar 29 19:03:17 2022 daemon.notice openvpn(client_asml_p3)[12956]: Validating certificate extended key usage                                                                                                
Tue Mar 29 19:03:17 2022 daemon.notice openvpn(client_asml_p3)[12956]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication                                        
Tue Mar 29 19:03:17 2022 daemon.notice openvpn(client_asml_p3)[12956]: VERIFY EKU OK                    
Tue Mar 29 19:03:17 2022 daemon.notice openvpn(client_asml_p3)[12956]: VERIFY OK: depth=0, CN=nl-ams-dc1-b1.cloud.openvpn.net                                                                                   
Tue Mar 29 19:03:25 2022 daemon.notice openvpn(client_asml_p3)[12956]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 2048 bit RSA, signature: RSA-SHA256             
Tue Mar 29 19:03:25 2022 daemon.notice openvpn(client_asml_p3)[12956]: [nl-ams-dc1-b1.cloud.openvpn.net] Peer Connection Initiated with [AF_INET]109.201.136.204:1194                                           
Tue Mar 29 19:03:26 2022 daemon.notice openvpn(client_asml_p3)[12956]: SENT CONTROL [nl-ams-dc1-b1.cloud.openvpn.net]: 'PUSH_REQUEST' (status=1)                                                                
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: PUSH: Received control message: 'PUSH_REPLY,route-gateway 100.96.1.33,ifconfig 100.96.1.34 255.255.255.240,ifconfig-ipv6 fd:0:0:8102::2/64 fd:0:0:8102::1,client-ip 109.37.155.123,ping 8,ping-restart 40,reneg-sec 3600,cipher AES-256-GCM,compress stub-v2,peer-id 16047,topology subnet,explicit-exit-notify,remote-cache-lifetime 86400,block-outside-dns,route 100.96.0.0 255.224.0.0,route-ipv6 fd:0:0:8000::/49,route 100.80.0.0 255.240.0.0,route-ipv6 fd:0:0:4000::/50,dhcp-option DNS 100.96.1.33,auth-tokenSESS_ID,auth-token-user ZWNvdGFwL2Nvbm5lY3Rvci9lODJhOTkxNy1jMzVjLTRkODYtYWRhYS1hYWRlNTY5YjA1YzVfZjBlYWQzM2UtZmEwMy00ZjUzLWI1OTUtNzIzN2RkMGJlOWE1'          
Tue Mar 29 19:03:27 2022 daemon.err openvpn(client_asml_p3)[12956]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:4: client-ip (2.5.2)                                  
Tue Mar 29 19:03:27 2022 daemon.err openvpn(client_asml_p3)[12956]: Options error: option 'reneg-sec' cannot be used in this context ([PUSH-OPTIONS])                                                           
Tue Mar 29 19:03:27 2022 daemon.err openvpn(client_asml_p3)[12956]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:13: remote-cache-lifetime (2.5.2)                     
Tue Mar 29 19:03:27 2022 daemon.err openvpn(client_asml_p3)[12956]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:14: block-outside-dns (2.5.2)                         
Tue Mar 29 19:03:27 2022 daemon.warn openvpn(client_asml_p3)[12956]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this                                   
Tue Mar 29 19:03:27 2022 daemon.err openvpn(client_asml_p3)[12956]: Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:21: auth-token-user (2.5.2)                           
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: timers and/or timeouts modified                                                                                          
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: explicit notify parm(s) modified                                                                                         
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: compression parms modified                                                                                               
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: --ifconfig/up options modified                                                                                           
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: route options modified                                                                                                   
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: route-related options modified                                                                                           
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified                                                                         
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: peer-id set      
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: adjusting link_mtu to 1624                                                                                               
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: OPTIONS IMPORT: data channel crypto options modified                                                                                     
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: Data Channel: using negotiated cipher 'AES-256-GCM'                                                                                      
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key                                                                 
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key                                                                 
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_route_v4_best_gw query: dst 0.0.0.0                                                                                                  
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_route_v4_best_gw result: via 0.0.0.0 dev wwan0                                                                                       
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: GDG6: remote_host_ipv6=n/a       
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_route_v6_best_gw query: dst ::                                                                                                       
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_route_v6_best_gw result: via :: dev lo                                                                                               
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: TUN/TAP device tun0 opened       
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_iface_mtu_set: mtu 1500 for tun0                                                                                                     
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_iface_up: set tun0 up        
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_addr_v4_add: 100.96.1.34/28 dev tun0                                                                                                 
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_iface_mtu_set: mtu 1500 for tun0                                                                                                     
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_iface_up: set tun0 up        
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: net_addr_v6_add: fd:0:0:8102::2/64 dev tun0                                                                                              
Tue Mar 29 19:03:27 2022 daemon.warn openvpn(client_asml_p3)[12956]: sitnl_send: rtnl: generic error (-13): Permission denied                                                                                   
Tue Mar 29 19:03:27 2022 daemon.err openvpn(client_asml_p3)[12956]: Linux can't add IPv6 to interface tun0                                                                                                      
Tue Mar 29 19:03:27 2022 daemon.notice openvpn(client_asml_p3)[12956]: Exiting due to fatal error       
root@Teltonika-RUT950:~#
Also if this IPv6 can be enabled on the Teltonika RUT950 which might solve the problem too, I'd like to know.

At this moment, I'm a bit at a loss how to get this to work.

Post Reply