IPV6 tunnel terminates after a few seconds.
Posted: Sun Oct 15, 2023 11:52 pm
Dear OPENVPN forum,
I am creating an ipv6 openvpn network with V6 addresses (IPV6 is the transport layer between client and server).
the client (rasberry pi) can ping the servers v6 address forever, but the moment the vpn starts, the tunnel fails and soon the client cannot even ping the server:
root@fberry:/etc/openvpn# ping6 -c 2 AAAA:BBBB:CCCC:5d::1
PING AAAA:BBBB:CCCC:5d::1(AAAA:BBBB:CCCC:5d::1) 56 data bytes
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=1 ttl=50 time=127 ms
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=2 ttl=50 time=125 ms
--- AAAA:BBBB:CCCC:5d::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 124.578/125.599/126.621/1.081 ms
root@fberry:/etc/openvpn# killall openvpn;sleep 1;openvpn --daemon --config /etc/openvpn/v6.conff;ping6 AAAA:BBBB:CCCC:5d::1
PING AAAA:BBBB:CCCC:5d::1(AAAA:BBBB:CCCC:5d::1) 56 data bytes
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=1 ttl=50 time=126 ms
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=2 ttl=50 time=125 ms
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=3 ttl=50 time=125 ms
(PING TERMINATES HERE)
...after which the V6 client network is hosed and i need to restart the raspberry pi client.
i suspect that the client transport packets are somehow going through the tunnel, instead of directly to the server over the internet. not sure....
i have tried many config changes, including even this blog, which states i must split my /64 server network into two /65 networks, and give openvpn the upper range of addresses:-
https://community.openvpn.net/openvpn/wiki/IPv6
client and server logs and configs here:-
http://www.andrewroutley.net/internet/openvpn/
DOES ANYONE HAVE A WORKING IPV6 TRANSPORT LAYER CLIENT/SERVER CONFIG THAT USES CERTIFICATES? that might be the fastest path to success.... all examples i have found on internet blogs don't work....
any help appreciated!
andrew.
I am creating an ipv6 openvpn network with V6 addresses (IPV6 is the transport layer between client and server).
the client (rasberry pi) can ping the servers v6 address forever, but the moment the vpn starts, the tunnel fails and soon the client cannot even ping the server:
root@fberry:/etc/openvpn# ping6 -c 2 AAAA:BBBB:CCCC:5d::1
PING AAAA:BBBB:CCCC:5d::1(AAAA:BBBB:CCCC:5d::1) 56 data bytes
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=1 ttl=50 time=127 ms
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=2 ttl=50 time=125 ms
--- AAAA:BBBB:CCCC:5d::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1ms
rtt min/avg/max/mdev = 124.578/125.599/126.621/1.081 ms
root@fberry:/etc/openvpn# killall openvpn;sleep 1;openvpn --daemon --config /etc/openvpn/v6.conff;ping6 AAAA:BBBB:CCCC:5d::1
PING AAAA:BBBB:CCCC:5d::1(AAAA:BBBB:CCCC:5d::1) 56 data bytes
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=1 ttl=50 time=126 ms
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=2 ttl=50 time=125 ms
64 bytes from AAAA:BBBB:CCCC:5d::1: icmp_seq=3 ttl=50 time=125 ms
(PING TERMINATES HERE)
...after which the V6 client network is hosed and i need to restart the raspberry pi client.
i suspect that the client transport packets are somehow going through the tunnel, instead of directly to the server over the internet. not sure....
i have tried many config changes, including even this blog, which states i must split my /64 server network into two /65 networks, and give openvpn the upper range of addresses:-
https://community.openvpn.net/openvpn/wiki/IPv6
client and server logs and configs here:-
http://www.andrewroutley.net/internet/openvpn/
DOES ANYONE HAVE A WORKING IPV6 TRANSPORT LAYER CLIENT/SERVER CONFIG THAT USES CERTIFICATES? that might be the fastest path to success.... all examples i have found on internet blogs don't work....
any help appreciated!
andrew.