I am attempting to give my OpenVPN clients IPv6 connectivity with addresses from my Hurricane Electric /48. I'm running Merlin's 378.54_1 on an Asus RT-AC66U. Clients on my LAN are getting IPv6 addresses and connectivity without a problem from my 2001:xxxx:xxxx:xxx1::/64 subnet, and my OpenVPN tunnel works perfectly with IPv4 only, but adding IPv6 support on the server breaks both IPv4 and IPv6 connectivity.
Here is my working server config:
Client config:
Server log:
But then, when I add this to my OpenVPN custom config...
(with my actual subnet in place of the x's, of course) my client is assigned an IPv4 and IPv6 address, but there is no connectivity to the Internet or to destinations within the VPN using either IPv4 or IPv6.
The server log:
I imagine the "Invalid argument (code=22)" error is the cause of my problems, but most things I've read indicate this is often caused by the lack of a defined comp-lzo setting. I have comp-lzo adaptive set on both ends of the tunnel. Yes, my internal network and OpenVPN tunnel are using two different /64s. And yes, the same outcome happens when I push a route to my internal IPv6 from my OpenVPN IPv6.
Does anyone have an idea of what I may be doing wrong?
TL;DR: OpenVPN server returns "write to TUN/TAP : Invalid argument (code=22)" error when I try to push IPv6 through my IPv4 tunnel.
Here is my working server config:
Client config:
Code:
client
dev tun
proto udp
remote net.(myhost).com 1194
cipher bf-cbc
float
comp-lzo adaptive
keepalive 15 60
<ca>
...
</ca>
<cert>
...
</cert>
<key>
...
</key>
ns-cert-type server
resolv-retry infinite
nobind
Server log:
Code:
Jun 27 23:10:51 openvpn[2935]: ::ffff:184.xxx.xxx.xxx TLS: Initial packet from [AF_INET6]::ffff:184.xxx.xxx.xxx:60925, sid=546333ee 91fea058
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=net.(mydomain).com, name=changeme, emailAddress=mail@host.domain
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=(client), name=changeme, emailAddress=mail@host.domain
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 27 23:10:52 openvpn[2935]: ::ffff:184.xxx.xxx.xxx [(client)] Peer Connection Initiated with [AF_INET6]::ffff:184.xxx.xxx.xxx:60925
Jun 27 23:10:52 openvpn[2935]: (client)/::ffff:184.xxx.xxx.xxx MULTI_sva: pool returned IPv4=10.100.93.2, IPv6=(Not enabled)
Jun 27 23:10:52 openvpn[2935]: (client)/::ffff:184.xxx.xxx.xxx MULTI: Learn: 10.100.93.2 -> (client)/::ffff:184.xxx.xxx.xxx
Jun 27 23:10:52 openvpn[2935]: (client)/::ffff:184.xxx.xxx.xxx MULTI: primary virtual IP for (client)/::ffff:184.xxx.xxx.xxx: 10.100.93.2
Jun 27 23:10:55 openvpn[2935]: (client)/::ffff:184.xxx.xxx.xxx PUSH: Received control message: 'PUSH_REQUEST'
Jun 27 23:10:55 openvpn[2935]: (client)/::ffff:184.xxx.xxx.xxx send_push_reply(): safe_cap=940
Jun 27 23:10:55 openvpn[2935]: (client)/::ffff:184.xxx.xxx.xxx SENT CONTROL [(client)]: 'PUSH_REPLY,route 10.100.92.0 255.255.255.0,dhcp-option DNS 10.100.92.1,redirect-gateway def1,route-gateway 10.100.93.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.100.93.2 255.255.255.0' (status=1)
But then, when I add this to my OpenVPN custom config...
Code:
server-ipv6 2001:xxxx:xxxx:xxx2::/64
The server log:
Code:
Jun 27 23:22:03 openvpn[2999]: ::ffff:184.xxx.xxx.xxx TLS: Initial packet from [AF_INET6]::ffff:184.xxx.xxx.xxx:52396, sid=a878a21c d800441d
Jun 27 23:22:04 openvpn[2999]: ::ffff:184.xxx.xxx.xxx VERIFY OK: depth=1, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=net.(mydomain).com, name=changeme, emailAddress=mail@host.domain
Jun 27 23:22:04 openvpn[2999]: ::ffff:184.xxx.xxx.xxx VERIFY OK: depth=0, C=US, ST=CA, L=SanFrancisco, O=Fort-Funston, OU=changeme, CN=client, name=changeme, emailAddress=mail@host.domain
Jun 27 23:22:05 openvpn[2999]: ::ffff:184.xxx.xxx.xxx Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 27 23:22:05 openvpn[2999]: ::ffff:184.xxx.xxx.xxx Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 27 23:22:05 openvpn[2999]: ::ffff:184.xxx.xxx.xxx Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key
Jun 27 23:22:05 openvpn[2999]: ::ffff:184.xxx.xxx.xxx Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Jun 27 23:22:05 openvpn[2999]: ::ffff:184.xxx.xxx.xxx Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA
Jun 27 23:22:05 openvpn[2999]: ::ffff:184.xxx.xxx.xxx [client] Peer Connection Initiated with [AF_INET6]::ffff:184.xxx.xxx.xxx:52396
Jun 27 23:22:05 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx MULTI_sva: pool returned IPv4=10.100.93.2, IPv6=2001:xxxx:xxxx:xxxx::1000
Jun 27 23:22:05 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx MULTI: Learn: 10.100.93.2 -> client/::ffff:184.xxx.xxx.xxx
Jun 27 23:22:05 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx MULTI: primary virtual IP for client/::ffff:184.xxx.xxx.xxx: 10.100.93.2
Jun 27 23:22:05 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx MULTI: Learn: 2001:xxxx:xxxx:xxx2::1000 -> client/::ffff:184.xxx.xxx.xxx
Jun 27 23:22:05 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx MULTI: primary virtual IPv6 for client/::ffff:184.xxx.xxx.xxx: 2001:xxxx:xxxx:xxxx::1000
Jun 27 23:22:07 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx PUSH: Received control message: 'PUSH_REQUEST'
Jun 27 23:22:07 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx send_push_reply(): safe_cap=940
Jun 27 23:22:07 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx SENT CONTROL [client]: 'PUSH_REPLY,ifconfig-ipv6 2001:xxxx:xxxx:xxx2::1000/64 2001:xxxx:xxxx:xxx2::1,route 10.100.92.0 255.255.255.0,dhcp-option DNS 10.100.92.1,redirect-gateway def1,tun-ipv6,route-gateway 10.100.93.1,topology subnet,ping 15,ping-restart 60,ifconfig 10.100.93.2 255.255.255.0' (status=1)
Jun 27 23:22:17 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx write to TUN/TAP : Invalid argument (code=22)
Jun 27 23:22:18 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx write to TUN/TAP : Invalid argument (code=22)
Jun 27 23:22:19 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx write to TUN/TAP : Invalid argument (code=22)
Jun 27 23:22:20 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx write to TUN/TAP : Invalid argument (code=22)
……….
Jun 27 23:22:42 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx write to TUN/TAP : Invalid argument (code=22)
Jun 27 23:23:29 openvpn[2999]: event_wait : Interrupted system call (code=4)
Jun 27 23:23:29 openvpn[2999]: TITLE,OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jun 8 2015
Jun 27 23:23:29 openvpn[2999]: TIME,Sat Jun 27 23:23:29 2015,1435461809
Jun 27 23:23:29 openvpn[2999]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Jun 27 23:23:29 openvpn[2999]: CLIENT_LIST,client,::ffff:184.xxx.xxx.xxx,10.100.93.2,19473,4985,Sat Jun 27 23:22:03 2015,1435461723,UNDEF
Jun 27 23:23:29 openvpn[2999]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Jun 27 23:23:29 openvpn[2999]: ROUTING_TABLE,2001:xxxx:xxxx:xxx2::1000,client,::ffff:184.xxx.xxx.xxx,Sat Jun 27 23:22:05 2015,1435461725
Jun 27 23:23:29 openvpn[2999]: ROUTING_TABLE,10.100.93.2,client,::ffff:184.xxx.xxx.xxx,Sat Jun 27 23:22:42 2015,1435461762
Jun 27 23:23:29 openvpn[2999]: GLOBAL_STATS,Max bcast/mcast queue length,0
Jun 27 23:23:29 openvpn[2999]: END
Jun 27 23:24:42 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx [client] Inactivity timeout (--ping-restart), restarting
Jun 27 23:24:42 openvpn[2999]: client/::ffff:184.xxx.xxx.xxx SIGUSR1[soft,ping-restart] received, client-instance restarting
I imagine the "Invalid argument (code=22)" error is the cause of my problems, but most things I've read indicate this is often caused by the lack of a defined comp-lzo setting. I have comp-lzo adaptive set on both ends of the tunnel. Yes, my internal network and OpenVPN tunnel are using two different /64s. And yes, the same outcome happens when I push a route to my internal IPv6 from my OpenVPN IPv6.
Does anyone have an idea of what I may be doing wrong?
TL;DR: OpenVPN server returns "write to TUN/TAP : Invalid argument (code=22)" error when I try to push IPv6 through my IPv4 tunnel.