I have installed the OpenVPN package with the ipv6 payload patch and it works with tun, but not with tap. If the client connects, it doesn't set any ipv6 address, sometimes only ipv4. I need the tap interface for my bridge on the server side.
In more words:
I've got from my provider only one /64 for my Xen Dom0. For every virtual host I have to create a ipv6 /128 route to the VM.
My idea was to give the vpn client one IP from the /64. To get it working, the VPN XenDomU host has (at this time) 10 virtual interfaces and for every one, there ist one IPV6 address routed. Inside the virtual host, all the 10 interfaces and the tap from the OpenVPN are together in one bridge (brctl addbr/addif ....) .
The bridge itself has one IP from the /64 and on every connected client, there is a small script, to set up the ipv6 address and two routes. One to the OpenVPN Server itself and the default gw _over_ the IP address from OpenVPN. It works, but I need for every client a separate script (also for osx ...)
But the problem is, that - if I choose tap - the client doesn't set up any ipv6 address. If I do everything with with tun, the clients get the routes and IPv6 addresses, but I can't put a tun device into a bridge, what is needed for my setup.
So, what is wrong on the client side?
Some logs from a client:
Code: Select all
Wed Feb 23 15:48:20 2011 us=462220 SENT CONTROL [vpn]: 'PUSH_REQUEST' (status=1)
Wed Feb 23 15:48:20 2011 us=469462 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 2a01:4f8:130:6021::83 fd8b:97b6:1::1,route-ipv6 fd8b:97b6:6b35::/64,route-ipv6 2a01:4f8:130:6021::81/128,tun-ipv6,route-gateway 192.168.55.1,ifconfig 192.168.55.4 255.255.255.0'
Wed Feb 23 15:48:20 2011 us=469549 OPTIONS IMPORT: --ifconfig/up options modified
Wed Feb 23 15:48:20 2011 us=469562 OPTIONS IMPORT: route options modified
Wed Feb 23 15:48:20 2011 us=469571 OPTIONS IMPORT: route-related options modified
Wed Feb 23 15:48:20 2011 us=469714 IPv6 routes on TAP devices are going to fail on some platforms (need gateway spec)
Wed Feb 23 15:48:20 2011 us=469728 ROUTE6: default_gateway=UNDEF
Wed Feb 23 15:48:20 2011 us=470552 TUN/TAP device tap0 opened
Wed Feb 23 15:48:20 2011 us=470573 TUN/TAP TX queue length set to 100
Wed Feb 23 15:48:20 2011 us=470590 do_ifconfig, tt->ipv6=1
Wed Feb 23 15:48:20 2011 us=470616 /sbin/ip link set dev tap0 up mtu 1500
Wed Feb 23 15:48:20 2011 us=479739 /sbin/ip addr add dev tap0 192.168.55.4/24 broadcast 192.168.55.255
Wed Feb 23 15:48:20 2011 us=481942 add_route_ipv6(fd8b:97b6:6b35::/64 -> fd8b:97b6:1::1 metric 0) dev tap0
Wed Feb 23 15:48:20 2011 us=481970 /sbin/ip -6 route add fd8b:97b6:6b35::/64 dev tap0
Wed Feb 23 15:48:20 2011 us=482737 add_route_ipv6(2a01:4f8:130:6021::81/128 -> fd8b:97b6:1::1 metric 0) dev tap0
Wed Feb 23 15:48:20 2011 us=482758 /sbin/ip -6 route add 2a01:4f8:130:6021::81/128 dev tap0
Wed Feb 23 15:48:20 2011 us=483411 Initialization Sequence Completed
Code: Select all
# openvpn --version
OpenVPN 2.1.1j x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [eurephia] [MH] [PF_INET6] [IPv6 payload 20100307-1] built on Jun 29 2010
Originally developed by James Yonan
Copyright (C) 2002-2010 OpenVPN Technologies, Inc. <sales@openvpn.net>
$ ./configure --build=x86_64-linux-gnu --prefix=/usr --includedir=${prefix}/include --mandir=${prefix}/share/man --infodir=${prefix}/share/info --sysconfdir=/etc --localstatedir=/var --libexecdir=${prefix}/lib/openvpn --disable-maintainer-mode --disable-dependency-tracking --enable-pthread --enable-password-save --enable-iproute2 --with-iproute-path=/sbin/ip --disable-depr-random-resolv
Compile time defines: ENABLE_CLIENT_SERVER ENABLE_DEBUG ENABLE_EUREPHIA ENABLE_FRAGMENT ENABLE_HTTP_PROXY ENABLE_MANAGEMENT ENABLE_MULTIHOME ENABLE_PASSWORD_SAVE ENABLE_PORT_SHARE ENABLE_SOCKS USE_CRYPTO USE_LIBDL USE_LZO USE_PF_INET6 USE_PKCS11 USE_PTHREAD USE_SSL
Code: Select all
33: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 100
link/ether 36:e7:63:60:b7:6f brd ff:ff:ff:ff:ff:ff
inet 192.168.55.4/24 brd 192.168.55.255 scope global tap0
inet6 fe80::34e7:63ff:fe60:b76f/64 scope link
valid_lft forever preferred_lft forever
thank for reading
*solved*
Installed the git version and it works
