Hi,
I've created a OpenVPN Access Server virtual machine on GCP to access the virtual machines in the same VPC.
My localhost can access the cloud nodes over IPv4 through the VPN tunnel but not over IPv6.
I've used the following guide: https://openvpn.net/vpn-server-resource ... ss-server/
I'm not sure what parameters are exactly needed to have the same behaviour as IPv4 routing.
I need IPv6 to use SRv6 between the hosts in my local lab and the virtual machines in the cloud.
Which exact configuration is needed and in which files? Are the routes automatically set up like for IPv4?
Thanks in advance.
How to enable IPv6 traffic through the tunnel?
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 19, 2023 8:00 am
-
- OpenVpn Newbie
- Posts: 2
- Joined: Fri May 19, 2023 8:00 am
Re: How to enable IPv6 traffic through the tunnel?
Edit:
I used the following commands.
cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"
However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.
The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64
The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:
---
2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2
2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06
2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a
2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::
2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable
2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF
2023-05-23 06:39:41 TUN/TAP device tun0 opened
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0
2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL
2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1
2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101
---
GDG6: remote_host_ipv6=n/a---
sitnl_send: rtnl: generic error (-101): Network is unreachable
ROUTE6: default_gateway=UNDEF
Those entries are very interesting...
I used the following commands.
cd /usr/local/openvpn_as/scripts
sudo ./confdba -mk "vpn.routing6.enable" -v "true"
sudo ./confdba -mk "vpn.client.routing6.reroute_gw" -v "true"
sudo ./confdba -mk "vpn.server.daemon.vpn_network6.0" -v "fd4a:e7ae:b84b:/112"
sudo ./confdba -mk "ip6tables.vpn.disable.filter" -v "true"
sudo ./confdba -mk "ip6tables.vpn.disable.mangle" -v "true"
sudo ./confdba -mk "vpn.server.nat6" -v "false"
However, I can only ping the IPv6 address of the OpenVPN AS from my client, not the hosts in the same VPC subnet. Pinging from OpenVPN AS VM works fine.
The VPC subet has the prefixes 10.100.100.0/24 and fd20:90b:c34f:7000:0:0:0:0/64
The address fd20:90b:c34f:7000:0:6:0:0 is the one of the OpenVPN AS (Ubuntu 22.04).
The client logged following entries when connecting:
---
2023-05-23 06:39:41 net_route_v4_best_gw query: dst 0.0.0.0
2023-05-23 06:39:41 net_route_v4_best_gw result: via 192.168.250.1 dev ens2
2023-05-23 06:39:41 ROUTE_GATEWAY 192.168.250.1/255.255.255.0 IFACE=ens2 HWADDR=57:54:00:1e:36:06
2023-05-23 06:39:41 GDG6: remote_host_ipv6=n/a
2023-05-23 06:39:41 net_route_v6_best_gw query: dst ::
2023-05-23 06:39:41 sitnl_send: rtnl: generic error (-101): Network is unreachable
2023-05-23 06:39:41 ROUTE6: default_gateway=UNDEF
2023-05-23 06:39:41 TUN/TAP device tun0 opened
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v4_add: 172.27.232.2/21 dev tun0
2023-05-23 06:39:41 net_iface_mtu_set: mtu 1500 for tun0
2023-05-23 06:39:41 net_iface_up: set tun0 up
2023-05-23 06:39:41 net_addr_v6_add: fd4a:e7ae:b84b:9c2::8002/113 dev tun0
2023-05-23 06:39:46 ROUTE remote_host is NOT LOCAL
2023-05-23 06:39:46 net_route_v4_add: <Public-IP> via 192.168.250.1 dev [NULL] table 0 metric -1
2023-05-23 06:39:46 net_route_v4_add: 10.100.100.0/24 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 net_route_v4_add: 172.27.224.0/20 via 172.27.232.1 dev [NULL] table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: ::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(8000::/1 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 8000::/1 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(2000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric 101
2023-05-23 06:39:46 add_route_ipv6(3000::/4 -> fd4a:e7ae:b84b:9c2::8001 metric 101) dev tun0
2023-05-23 06:39:46 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric 101
---
GDG6: remote_host_ipv6=n/a---
sitnl_send: rtnl: generic error (-101): Network is unreachable
ROUTE6: default_gateway=UNDEF
Those entries are very interesting...