What's new

vpnmgr let OpenVPN support IPv6 connection (No routing)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

zhsrain

New Around Here
Due to the lack of IPv4 public IP address, we hope to use IPv6 to connect OpenVPN to access the intranet. The actual test is available. We only need to modify the protocol

proto tcp-server

To be amended as follows:

proto tcp6-server

Can Merlin add it to the management page?
 
Due to the lack of IPv4 public IP address, we hope to use IPv6 to connect OpenVPN to access the intranet. The actual test is available. We only need to modify the protocol

proto tcp-server

To be amended as follows:

proto tcp6-server

Can Merlin add it to the management page?
Unfortunately the infrastructure of asuswrt(and asuswrt-merlin) have not advanced enough to support ipv6 over openvpn even though the built in openvpn version supports it. This infrastructure is required to properly handle /establish the routes necessary for ipv6 traffic flow over openvpn.
 
You would think a router that supports ipv6 connectivity would have established the proper support for ipv6 on openvpn , but this is not the case. We probably have a cloud of "ipv6 protocol is too new" for another 10 years as far as asuswrt is concerned.
 
Unfortunately the infrastructure of asuswrt(and asuswrt-merlin) have not advanced enough to support ipv6 over openvpn even though the built in openvpn version supports it. This infrastructure is required to properly handle /establish the routes necessary for ipv6 traffic flow over openvpn.

In practice, only IPv6 is used for external connection. When OpenVPN is connected, the internal network is still connected with IPv4. This situation has met most of the requirements
 
From what I gather its not as simple as a single line change this isn't a vpnmgr issue, it is openvpn support itself
it would be nice if we could get the message across to the powers that be that this would be a nice feature to incorporate next as far as openvpn goes either on asuswrt or on asuswrt-merlin. it is a shame that it is just wishful thinking.
 
I'm sure it will work after modifying tcp6. In addition, I need to modify the firewall or use tap mode. I only use IPv6 to establish the connection, but actually I still run on IPv4 internally
 

Attachments

  • x1.png
    x1.png
    40.5 KB · Views: 134
  • x2.png
    x2.png
    229.5 KB · Views: 149
From what I gather its not as simple as a single line change this isn't a vpnmgr issue, it is openvpn support itself

I'm sure it will work after modifying tcp6. In addition, I need to modify the firewall or use tap mode. I only use IPv6 to establish the connection, but actually I still run on IPv4 internally
 
I'm sure it will work after modifying tcp6. In addition, I need to modify the firewall or use tap mode. I only use IPv6 to establish the connection, but actually I still run on IPv4 internally
Keep in mind false positive may exist because tcp6-server allows for Anet4 or Anet6 connections, which means even if you specify tcp6-server this could just be falling back to v4 once it realizes there are no v6 routes.
 
it would be nice if we could get the message across to the powers that be that this would be a nice feature to incorporate next as far as openvpn goes either on asuswrt or on asuswrt-merlin. it is a shame that it is just wishful thinking.

I am already well aware of this. Reality is, adding IPv6 support would be a major project, and I lack both the time and the resources to do such a thing. Starting with the fact that my ISP does not support IPv6, and isn't expected to do so for many years, making it impossible for me to test anything.
 
I am already well aware of this. Reality is, adding IPv6 support would be a major project, and I lack both the time and the resources to do such a thing. Starting with the fact that my ISP does not support IPv6, and isn't expected to do so for many years, making it impossible for me to test anything.
Yes I imagine the burden should more direct at asus versus for you to have to take on the burden yourself. You do a great job as is.
 
Yes I imagine the burden should more direct at asus versus for you to have to take on the burden yourself. You do a great job as is.

Asus and I have separate OpenVPN implementations. While they originally used the Tomato port that I did for Asuswrt, they have since completely rewritten it and made it closed source. We no longer share any OpenVPN-related code (aside from the ovpn import code present in the httpd server).
 
Keep in mind false positive may exist because tcp6-server allows for Anet4 or Anet6 connections, which means even if you specify tcp6-server this could just be falling back to v4 once it realizes there are no v6 routes.

In China, IPv4 is very rare. It is the demand of most people to establish a connection with IPv6 and then be able to communicate with each other in the intranet
 
Asus and I have separate OpenVPN implementations. While they originally used the Tomato port that I did for Asuswrt, they have since completely rewritten it and made it closed source. We no longer share any OpenVPN-related code (aside from the ovpn import code present in the httpd server).

Thank you very much. In fact, I only need OpenVPN which can use IPv6 connection, and I don't need IPv6 Routing rules. In fact, it is still an intranet based on IPv4. So I want to ask if it can be provided to the configuration page as an option
 
Thank you very much. In fact, I only need OpenVPN which can use IPv6 connection, and I don't need IPv6 Routing rules. In fact, it is still an intranet based on IPv4. So I want to ask if it can be provided to the configuration page as an option

A half-baked implementation would be worse, because then people would be confused as to why some stuff doesn't work properly whenever they are using an IPv6.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top