What's new

OpenVPN, IPv6 tunnel and connectivity issues

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

AlexanderD

New Around Here
Hello Forum!
I need help with VPN setup.

TL/DR:
OpenVPN Server clients do not have an IPv6 connection. The router itself and the clients inside the local network work without problems with IPv6.

My setup:
AX86U - Merlin 386.5_2
IPv4 - real static IP (Automatic)
IPv6 - HE.net tunnel
AdguardHome (AMTM script)

The problem is that vpn clients cannot connect to the IPv6 internet. IPv4 internet connection works fine. Is it possible to configure a VPN server in such a way that its clients, among other things, can have access to the IPv6 Internet? Do I need to configure routing or is it a firewall issue?

There is another thread: https://www.snbforums.com/threads/merlin-openvpn-ipv6-on-macos.77974/
In it, the user describes a similar problem, but his configuration partially works.

Thank you.
 
the VPN Server makes a tunnel of its own, so it would have to be IPv6 enabled, wouldn't it?
(are you sure your ISP doesn't offer native IPv6? you could get rid of the HE.net DDNS...)
what I think you should consider replacing OpenVPN with is WireGuard...go check the current thread in the Add-ons forum. WireGuard was built for what you want.
 
the VPN Server makes a tunnel of its own, so it would have to be IPv6 enabled, wouldn't it?
(are you sure your ISP doesn't offer native IPv6? you could get rid of the HE.net DDNS...)
what I think you should consider replacing OpenVPN with is WireGuard...go check the current thread in the Add-ons forum. WireGuard was built for what you want.
Hello, thank you.

I use a server in which only "sending DNS to clients" is enabled in the advanced settings. The subnet setting for v4 and v6 is left by default. Unfortunately there is no native ipv6. But I have a static ipv4 address and therefore there is no problem with HE.net.

I saw the discussion thread you are talking about. I will study it. Thank you.
 
The problem is that vpn clients cannot connect to the IPv6 internet.
This is currently not supported.

Code:
  - NEW: IPv6 support for OpenVPN server.  Allows to remotely
         connect to your router's OpenVPN server over IPv6, and
         reach LAN clients over their IPv6 (redirecting IPv6
         Internet traffic does not work).
 
Hello, thank you.

I use a server in which only "sending DNS to clients" is enabled in the advanced settings. The subnet setting for v4 and v6 is left by default. Unfortunately there is no native ipv6. But I have a static ipv4 address and therefore there is no problem with HE.net.

I saw the discussion thread you are talking about. I will study it. Thank you.
I think we're coming to a fork in the road with what asus wants/where they're aimed at going and the capabilities being required of users and recognized in the hardware.
I've encouraged the dev(s)/adapters of that addon and the DNS addon to take a look at the greater firmware to determine if they can scrap some of the more antiquated stuff, build forward and stay legally compliant, but it's probably more daunting than I'm aware or have considered. For all I know, something like AiMesh will break, or asus/Broadcom will sue over something or or or...
 
Thank you. Can this be changed with any temporary solutions? Or can this be changed only by making a large number of patches in the firmware?
I couldn't get it to work, and since doing any form of IPv6 development is very time-consuming for me (as I need to do a complete lab setup to reproduce an IPv6-enabled ISP whenever I want to do any IPv6-related work), it currently has a very low priority for me, and will most likely require someone to contribute patches.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top