Page 1 of 1
Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Aug 07, 2022 3:43 pm
by Thoma
Hello,
My ISP now offers IPv6 connectivity.
I tried to connect with my current configuration file.
And it still works fine on IPv4.
However, it does not work on IPv6.
netstat does not show any listening port on udp6
How do I change my configuration file below to be able to connect on IPv4 and IPv6?
Code: Select all
proto udp
port 1194
dev tun
ca server/keys/ca.crt
cert server/keys/server.crt
key server/keys/server.key # This file should be kept secret
dh server/keys/dh2048.pem
tls-auth server/keys/ta.key 0
key-direction 0
cipher AES-256-CBC
ifconfig-pool-persist server/ipp.txt
server 10.8.0.0 255.255.255.0
push "dhcp-option DNS 192.168.xxx.254"
push "route 192.168.xxx.0 255.255.255.0"
keepalive 10 120
client-to-client
user nobody
group nogroup
persist-key
persist-tun
comp-lzo
tls-version-min 1.2
verb 6
log-append /var/log/openvpn/openvpn.log
status /var/log/openvpn/openvpn-status.log
Thanks in advance for your help
Thoma
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Aug 07, 2022 3:57 pm
by TinCanTech
You will need --proto udp6 and then to configure your network to pass UDPv6 packets to your server.
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Aug 07, 2022 4:12 pm
by Thoma
Hi TinCanTech,
If I replace proto udp with proto udp6 then it works with IPv6 but, and this is normal, no longer with IPv4.
Is there a way to make both (IPv4 and IPv6) work together?
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Aug 07, 2022 5:41 pm
by TinCanTech
Thoma wrote: ↑Sun Aug 07, 2022 4:12 pm
Is there a way to make both (IPv4 and IPv6) work
together?
Define
together ..
Cutting to the chase: No.
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Aug 07, 2022 6:01 pm
by Thoma
What I mean by
Together is listening on IPv4 side and also on IPv6 side.
What I expect from the command:
Code: Select all
netstat --numeric-ports -lu | grep 1194
is:
Code: Select all
udp 0 0 0.0.0.0:1194 0.0.0.0:*
udp6 0 0 [::]:1194 [::]:*
but so far I can only get one or the other.
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Aug 07, 2022 11:27 pm
by TinCanTech
Experiment with multiple server instances but, at this time, OpenVPN does not do V4 and v6 simultaneously
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Mon Aug 08, 2022 7:56 am
by Thoma
Ugh! Bad luck...
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Mon Aug 08, 2022 6:07 pm
by TinCanTech
It turns out that I am wrong.
OpenVPN can use IPv6 and IPv4 on one server instance. All you need is --
proto udp6
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Sun Dec 29, 2024 6:50 pm
by elcrdaya
TinCanTech wrote: ↑Mon Aug 08, 2022 6:07 pm
It turns out that I am wrong.
OpenVPN can use IPv6 and IPv4 on one server instance. All you need is --
proto udp6
I'm trying to configure similar that one OpenVPN server can listen on both IPv4 and IPv6 addresses simultaneously to establish the tunnel. I have doen similar setup and it worked fine if I bind specific IP (v4/v6) with `--local`.
Now I'm trying to remove `--local` and use `--proto udp6` only to bind both IPv4 and IPv6 addresses
but it's only bind to IPv6, and the connection can't be established
Code: Select all
netstat -tuln | grep 443
udp6 0 0 :::443 :::*
udp6 0 0 :::443 :::*
Any idea?
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Thu Jan 02, 2025 9:16 am
by rob-pe1chl
There should be only one such line! Maybe you have started the program twice?
Also, there is no issue with this, it is like TunCanTech wrote above: the udp6 socket will accept both IPv4 and IPv6.
I have it working just fine with only the "proto udp6" line in the config.
Maybe you have some other component like a router or firewall that drops the IPv4 traffic or handles it by itself.
Re: Unable to listen on both ipv4 and ipv6 at same time
Posted: Thu Jan 02, 2025 5:23 pm
by elcrdaya
Thank you to confirm. I have two OpenVPN servers running, that's why there are two lines. You are correct, after deeper look at the packets, IPv4 traffic did arrived to the network interface with "proto udp6" defined. I have firewall rules that dropped the packets.
If I have multiple interfaces, will this setup listen on all the interfaces with all the IP addresses?