Menu
What's new
By:
Filters Better Search

ipv6 and vpn client issues

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

amoney

Regular Contributor
Hi All

Router: RT-AC88U, Firmware: Merlin 384.9

I am running into an issue with IPV6 and vpn client. Followed the following guide to setup my router.

My policy rules (strict) are setup to send 192.168.1.0/24 to VPN.

When i have ipv6 setup as native. VPN client is up and running but none of my clients end up going through the vpn. I used am.i.mullvad.net to determine if i was conncted. It showed an ipv6 IP as the ip connected on the page. Do the policy rules have to change for ipv6?

If i change ipv6 setup to passthrough all clients do end up going through vpn. The page above shows client is connected to vpn and ipv4 ip shows up on that page.

So i am not sure what is the correct/appropriate setup for ipv6. For now i have disabled ipv6 completely.

Here is my vpn client conf

Code: 
client
dev tun
proto udp




remote us-ca.mullvad.net 1196


cipher AES-256-CBC
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3
remote-cert-tls server
ping 10
ping-restart 60
sndbuf 524288
rcvbuf 524288

fast-io



auth-user-pass
reneg-sec 0
tun-ipv6
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>





tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA

Any suggestions/recommendations on how should ipv6 native + vpn client work?
 
Asuswrt's OpenVPN implementation does not support IPv6 tunnels.

Also check your System Log for any error message.
 
RMerlin said:
Asuswrt's OpenVPN implementation does not support IPv6 tunnels.

Also check your System Log for any error message.
Click to expand...
Will do. In this case should the vpn client fail to come up or will it not follow the policy rules?
 
amoney said:
Will do. In this case should the vpn client fail to come up or will it not follow the policy rules?
Click to expand...

If you enabled the option to block Internet traffic while the tunnel is down then it could explain your problem.
 
RMerlin said:
If you enabled the option to block Internet traffic while the tunnel is down then it could explain your problem.
Click to expand...
Yes that option is enabled but traffic was never blocked.

IPv6 = Native, VPN Client is up but none of the clients connected are going through the VPN
IPv6 = passthrough, VPN Client is up and all the clients are going through the VPN.

For both these my vpn client config did not change. My assumption is that tun-ipv6 option means that the it would be an ipv6 tunnel.
 
Ah thats good to know.

I did some more debugging on my end. I enabled ipv6 native and added tun-ipv6 in vpn client.

On the router if i issue

Code: 
curl -s --interface tun11 http://ipv4.icanhazip.com/

It goes through the VPN. My raspberry pi is still going thorugh the VPN. However my mac and and android phone are not.

I dont see any related messages in syslog that might shed a light as to what might have happened.
 
You must log in or register to reply here.

Similar threads

D
ASUS RT-AX86U OpenVPN Server Error - Key Too Small
Replies
4
Views
232
Tech9
Tech9
J
RT-AC86U DNS leaks while using mullvad
Replies
1
Views
434
jsn2233
J
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
426
nino_070
N
C
Can someone help in why this OpenVPN config doesn't work with merlin?
Replies
7
Views
1K
ComputerSteve
C
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
1K
pattox
P
Similar threads
Thread starter Title Forum Replies Date
T Wireguard VPN Disable IPV6 Asuswrt-Merlin 0
Tom Jo-Jo Junior Shabadoo VPN as server - ipv4 over ipv6 Asuswrt-Merlin 0
U DDNS and ipv6: eth0 not getting WAN ipv6 address. Asuswrt-Merlin 0
jorhett IPv6 Traceroute broken in 388.6 ? Asuswrt-Merlin 8
K Have global ipv6 address but unable to access internet over ipv6 Asuswrt-Merlin 39
J Help - duckdns has started returning an IPv6 IP address Asuswrt-Merlin 1
M IPv6 and Router Advertisement adding route to delegated /56 via WAN interface Asuswrt-Merlin 0
A DNS/TLS IPv6. Asuswrt-Merlin 4
L When I access the System Log --> IPv6 tab the web server crashes Asuswrt-Merlin 0
V IPv6 Passthrough failure on USB WAN Asuswrt-Merlin 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 646 (members: 12, guests: 634)
Top