Menu
What's new
By:
Filters Better Search

Openvpn leaking IPV6

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

A

ankhazam

Senior Member
Hi,
I have a issue with my AX88U. I set up the Openvpn server to:
  • use VPN to access both LAN and WAN
  • advertise DNS to clients
  • no extra custom config.
The case is when I connect to the router from a client that has both IPV4 and IPV6... only the IPV4 traffic is routed through the tunnel whereas IPV6 is ignored and leaks using my client local connection...

Is it possible to harden the tunnel so that:
1) both IPV4 and IPV6 go through the tunnel (my AX88U ISP supports IPV6) or
2) force the client (W10, Android) to use the IPV4 tunnel and disable IPV6 upon connecting to the server...

Having to manually disable IPv6 stack on W10 is a tedious solution and on Android it is even impossible.

Thanks,
Ank
 
I don't have ipv6 on my Asus but I do understand your problem.
If you don't/can't tunnel both ipv4 and ipv6, a client that has ipv6 will use that stack and traffic will user local network rather that going via openvpn tunnel.
Asus' openvpn server is 2.4something and ipv6 support in openvpn is since 2.3.
So, in theory, interface should allow you to configure tunnel for both ipv4 and ipv6. (again, I can check that, I don't have ipv6 on Asus so I don't know if the interface gets "smarter" when it knows you gave ipv6).

If the Asus interface doesn't allow that...I don't know/think editing /tmp/etc/openvpn/server1/config.ovpn will persist.
And also manually editing client.ovpn on your laptop.
 
Exactly.. hence I would see solutions:
1) try to configure the Openvpn on router so that in TUN mode it serves both IPV4 and IPV6...
@RMerlin, would that be possible? I managed to make it work in TAP mode... but Android does support that

2) create a client config file and/or configure the server so that it forces both ipv4 and ipv6 traffic through the TAP adapter or any other way that would successfully disable/debilitate/disarm/locally loopback? :D the client's native IPV6 stack so that it only support the IPV4 traffic over the tunnel whilst connected.
 
You must log in or register to reply here.

Similar threads

L
IPv6 Passthrough behind CGNAT: Can I access the local network from the Internet with the Public iPv6 address?
Replies
2
Views
648
d5aqoep
d5aqoep
Loukios
IPv4 over IPv6?
2
Replies
23
Views
1K
sfx2000
sfx2000
icanfly
custom domains report NXDOMAIN for IPv6 DNS and fail to resolve in Alpine OS
Replies
2
Views
506
sfx2000
sfx2000
I
Router have connectivity but client doesn't
Replies
1
Views
284
iTheMask
I
Tom Jo-Jo Junior Shabadoo
VPN as server - ipv4 over ipv6
Replies
0
Views
499
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
Similar threads
Thread starter Title Forum Replies Date
N Solved openVPN server GT-AX6000 stock FW ASUSWRT - Official 7
L IPv6 Passthrough behind CGNAT: Can I access the local network from the Internet with the Public iPv6 address? ASUSWRT - Official 2
L AX88U IPv6 not working with T-Mobile Home Internet ASUSWRT - Official 1
doge Asus ROG Rapture GT-AXE16000 - dual wan (failover : fiber + cellular box) + ipv6 (for "matter" smart devices and apple) ASUSWRT - Official 5
TheLyppardMan IPv6 - should I change? ASUSWRT - Official 1
T Solved Any way to programmatically update the ipv6 firewall? ASUSWRT - Official 3
O VLAN and IPV6 ASUSWRT - Official 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 891 (members: 12, guests: 879)
Top