Hello,
I installed Openvpn and it works well thought IPV4.
But I’m not able to make the connection if I’m on an IPV6 network.
Does anyone get this issue ?
It would help to have more information. I assume you want to connect with a GNU/Linux client from outside your home network to your FreedomBox, which is connected to your home router. I also assume the home router is NATing.
- Can you
ping6the IPv6 address of your router form outside? (don’t use the hostname to make sure it’s not a DNS problem) - Can you reach the port that you forwarded on your router? (e.g.
nc -vz <host> <port>) - Does that connection reach your FreedomBox? (e.g.
tcpdump) - What does the OpenVPN log on both machines say? (
journalctl -u NetworkManager)
Regards,
Hex
2 Likes
I have never tested OpenVPN over IPv6 properly. When I checked, it seems like OpenVPN with FreedomBox configuration is only listening on 0.0.0.0:1194 (not listening on IPv6 addresses). When I added the list proto udp6 line to /etc/openvpn/server/freedombox.conf it started listening on *:1194 this time and this should make connecting from IPv6 addresses possible.
@koolok, please try doing this. If this works, it is good opportunity for us to add proper IPv6 support in OpenVPN.
1 Like
I will mark this issue as solved.
Sorry to revive an old thread.
I have done the above and from my home network I can connect to the openvpn server. However, when on another network I cannot. I assume I need to open the appropriate port on my modem/router.
-
The router’s port forwarding interface asks for the local IP address. Is this one of the IPv6 addresses I find in Plinth under Network > “Freedombox WAN” (which is in the external firewall zone)? Which one (the longer or shorter one)?
-
Is the port 1194 (as for IPv4)?
Thanks!
You need ask your router to forward port 1194 with protocol UDP to your FreedomBox IPv4 address that looks like x.x.x.x. Make sure that FreedomBox’s IP address is static one (that is router gives it the same IP address every time). This can be done by ‘allocating’ the IP address to FreedomBox. Most router allows this. This should set you up for IPv4.
IPv6 if done right, you won’t need port forwarding because router don’t do NAT on them and give you a global IPv6 address that you can use from outside. Also, I don’t believe typically routers implement port forwarding for IPv6. If yours does, you can also setup port forwarding for that with long IP address.
Thanks @sunil. Some more detailed information:
-
On the server I replaced
proto udpwithproto udp6in/etc/openvpn/server/freedombox.conf, then rebooted. -
On the client I added the long IPv6 address and changed
proto udptoproto udp6to theprofile.ovpnfile. It now looks like:
…
remote XXXX:XXXX:XXXX:XXXX:XXXX:XXX:XXX:XXXX 1194
proto udp6
…
When I run sudo openvpn --configure profile.ovpn I get the following information:
Thu Nov 14 17:52:44 2019 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Feb 20 2019
Thu Nov 14 17:52:44 2019 library versions: OpenSSL 1.1.1d 10 Sep 2019, LZO 2.10
Thu Nov 14 17:52:44 2019 TCP/UDP: Preserving recently used remote address: [AF_INET6]XXXX:XXXX:XXXX:XXXX:XXXX:XXX:XXX:XXXX:1194
Thu Nov 14 17:52:44 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Thu Nov 14 17:52:44 2019 UDPv6 link local: (not bound)
Thu Nov 14 17:52:44 2019 UDPv6 link remote: [AF_INET6]XXXX:XXXX:XXXX:XXXX:XXXX:XXX:XXX:XXXX:1194
Thu Nov 14 17:52:44 2019 write UDPv6: Network is unreachable (code=101)
Thu Nov 14 17:52:44 2019 Network unreachable, restarting
Thu Nov 14 17:52:44 2019 SIGUSR1[soft,network-unreachable] received, process restarting
Thu Nov 14 17:52:44 2019 Restart pause, 5 second(s)
Note I can connect to my Freedombox via the browser by typing the following in the URL panel: https://[XXXX:XXXX:XXXX:XXXX:XXXX:XXX:XXX:XXXX] (i.e., using the long IPv6 address found in Plinth > System > Networks).
Any suggestions?