OpenVPN, IPv6 tunnel and connectivity issues

AlexanderD

New Around Here
Hello Forum!
I need help with VPN setup.

TL/DR:
OpenVPN Server clients do not have an IPv6 connection. The router itself and the clients inside the local network work without problems with IPv6.

My setup:
AX86U - Merlin 386.5_2
IPv4 - real static IP (Automatic)
IPv6 - HE.net tunnel
AdguardHome (AMTM script)

The problem is that vpn clients cannot connect to the IPv6 internet. IPv4 internet connection works fine. Is it possible to configure a VPN server in such a way that its clients, among other things, can have access to the IPv6 Internet? Do I need to configure routing or is it a firewall issue?

There is another thread: https://www.snbforums.com/threads/merlin-openvpn-ipv6-on-macos.77974/
In it, the user describes a similar problem, but his configuration partially works.

Thank you.
 

heysoundude

Part of the Furniture
the VPN Server makes a tunnel of its own, so it would have to be IPv6 enabled, wouldn't it?
(are you sure your ISP doesn't offer native IPv6? you could get rid of the HE.net DDNS...)
what I think you should consider replacing OpenVPN with is WireGuard...go check the current thread in the Add-ons forum. WireGuard was built for what you want.
 

AlexanderD

New Around Here
the VPN Server makes a tunnel of its own, so it would have to be IPv6 enabled, wouldn't it?
(are you sure your ISP doesn't offer native IPv6? you could get rid of the HE.net DDNS...)
what I think you should consider replacing OpenVPN with is WireGuard...go check the current thread in the Add-ons forum. WireGuard was built for what you want.
Hello, thank you.

I use a server in which only "sending DNS to clients" is enabled in the advanced settings. The subnet setting for v4 and v6 is left by default. Unfortunately there is no native ipv6. But I have a static ipv4 address and therefore there is no problem with HE.net.

I saw the discussion thread you are talking about. I will study it. Thank you.
 

RMerlin

Asuswrt-Merlin dev
The problem is that vpn clients cannot connect to the IPv6 internet.
This is currently not supported.

Code:
  - NEW: IPv6 support for OpenVPN server.  Allows to remotely
         connect to your router's OpenVPN server over IPv6, and
         reach LAN clients over their IPv6 (redirecting IPv6
         Internet traffic does not work).
 

heysoundude

Part of the Furniture
Hello, thank you.

I use a server in which only "sending DNS to clients" is enabled in the advanced settings. The subnet setting for v4 and v6 is left by default. Unfortunately there is no native ipv6. But I have a static ipv4 address and therefore there is no problem with HE.net.

I saw the discussion thread you are talking about. I will study it. Thank you.
I think we're coming to a fork in the road with what asus wants/where they're aimed at going and the capabilities being required of users and recognized in the hardware.
I've encouraged the dev(s)/adapters of that addon and the DNS addon to take a look at the greater firmware to determine if they can scrap some of the more antiquated stuff, build forward and stay legally compliant, but it's probably more daunting than I'm aware or have considered. For all I know, something like AiMesh will break, or asus/Broadcom will sue over something or or or...
 

RMerlin

Asuswrt-Merlin dev
Thank you. Can this be changed with any temporary solutions? Or can this be changed only by making a large number of patches in the firmware?
I couldn't get it to work, and since doing any form of IPv6 development is very time-consuming for me (as I need to do a complete lab setup to reproduce an IPv6-enabled ISP whenever I want to do any IPv6-related work), it currently has a very low priority for me, and will most likely require someone to contribute patches.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top