vpnmgr let OpenVPN support IPv6 connection (No routing)

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

zhsrain

New Around Here
Due to the lack of IPv4 public IP address, we hope to use IPv6 to connect OpenVPN to access the intranet. The actual test is available. We only need to modify the protocol

proto tcp-server

To be amended as follows:

proto tcp6-server

Can Merlin add it to the management page?
 

SomeWhereOverTheRainBow

Very Senior Member
Due to the lack of IPv4 public IP address, we hope to use IPv6 to connect OpenVPN to access the intranet. The actual test is available. We only need to modify the protocol

proto tcp-server

To be amended as follows:

proto tcp6-server

Can Merlin add it to the management page?
Unfortunately the infrastructure of asuswrt(and asuswrt-merlin) have not advanced enough to support ipv6 over openvpn even though the built in openvpn version supports it. This infrastructure is required to properly handle /establish the routes necessary for ipv6 traffic flow over openvpn.
 

SomeWhereOverTheRainBow

Very Senior Member
You would think a router that supports ipv6 connectivity would have established the proper support for ipv6 on openvpn , but this is not the case. We probably have a cloud of "ipv6 protocol is too new" for another 10 years as far as asuswrt is concerned.
 

zhsrain

New Around Here
Unfortunately the infrastructure of asuswrt(and asuswrt-merlin) have not advanced enough to support ipv6 over openvpn even though the built in openvpn version supports it. This infrastructure is required to properly handle /establish the routes necessary for ipv6 traffic flow over openvpn.

In practice, only IPv6 is used for external connection. When OpenVPN is connected, the internal network is still connected with IPv4. This situation has met most of the requirements
 

Jack Yaz

Part of the Furniture
From what I gather its not as simple as a single line change this isn't a vpnmgr issue, it is openvpn support itself
 

SomeWhereOverTheRainBow

Very Senior Member
From what I gather its not as simple as a single line change this isn't a vpnmgr issue, it is openvpn support itself
it would be nice if we could get the message across to the powers that be that this would be a nice feature to incorporate next as far as openvpn goes either on asuswrt or on asuswrt-merlin. it is a shame that it is just wishful thinking.
 

zhsrain

New Around Here
I'm sure it will work after modifying tcp6. In addition, I need to modify the firewall or use tap mode. I only use IPv6 to establish the connection, but actually I still run on IPv4 internally
 

Attachments

  • x1.png
    x1.png
    40.5 KB · Views: 34
  • x2.png
    x2.png
    229.5 KB · Views: 32

zhsrain

New Around Here
From what I gather its not as simple as a single line change this isn't a vpnmgr issue, it is openvpn support itself

I'm sure it will work after modifying tcp6. In addition, I need to modify the firewall or use tap mode. I only use IPv6 to establish the connection, but actually I still run on IPv4 internally
 

SomeWhereOverTheRainBow

Very Senior Member
I'm sure it will work after modifying tcp6. In addition, I need to modify the firewall or use tap mode. I only use IPv6 to establish the connection, but actually I still run on IPv4 internally
Keep in mind false positive may exist because tcp6-server allows for Anet4 or Anet6 connections, which means even if you specify tcp6-server this could just be falling back to v4 once it realizes there are no v6 routes.
 

RMerlin

Asuswrt-Merlin dev
it would be nice if we could get the message across to the powers that be that this would be a nice feature to incorporate next as far as openvpn goes either on asuswrt or on asuswrt-merlin. it is a shame that it is just wishful thinking.

I am already well aware of this. Reality is, adding IPv6 support would be a major project, and I lack both the time and the resources to do such a thing. Starting with the fact that my ISP does not support IPv6, and isn't expected to do so for many years, making it impossible for me to test anything.
 

SomeWhereOverTheRainBow

Very Senior Member
I am already well aware of this. Reality is, adding IPv6 support would be a major project, and I lack both the time and the resources to do such a thing. Starting with the fact that my ISP does not support IPv6, and isn't expected to do so for many years, making it impossible for me to test anything.
Yes I imagine the burden should more direct at asus versus for you to have to take on the burden yourself. You do a great job as is.
 

RMerlin

Asuswrt-Merlin dev
Yes I imagine the burden should more direct at asus versus for you to have to take on the burden yourself. You do a great job as is.

Asus and I have separate OpenVPN implementations. While they originally used the Tomato port that I did for Asuswrt, they have since completely rewritten it and made it closed source. We no longer share any OpenVPN-related code (aside from the ovpn import code present in the httpd server).
 

zhsrain

New Around Here
Keep in mind false positive may exist because tcp6-server allows for Anet4 or Anet6 connections, which means even if you specify tcp6-server this could just be falling back to v4 once it realizes there are no v6 routes.

In China, IPv4 is very rare. It is the demand of most people to establish a connection with IPv6 and then be able to communicate with each other in the intranet
 

zhsrain

New Around Here
Asus and I have separate OpenVPN implementations. While they originally used the Tomato port that I did for Asuswrt, they have since completely rewritten it and made it closed source. We no longer share any OpenVPN-related code (aside from the ovpn import code present in the httpd server).

Thank you very much. In fact, I only need OpenVPN which can use IPv6 connection, and I don't need IPv6 Routing rules. In fact, it is still an intranet based on IPv4. So I want to ask if it can be provided to the configuration page as an option
 

RMerlin

Asuswrt-Merlin dev
Thank you very much. In fact, I only need OpenVPN which can use IPv6 connection, and I don't need IPv6 Routing rules. In fact, it is still an intranet based on IPv4. So I want to ask if it can be provided to the configuration page as an option

A half-baked implementation would be worse, because then people would be confused as to why some stuff doesn't work properly whenever they are using an IPv6.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top