Page MenuHomeVyOS Platform
Create Task
Maniphest T3214

OpenVPN IPv6 fixes
Closed, ResolvedPublicBUG
Actions

Description

With some help from @c-po my IPv6 OpenVPN setup got closer to working after some template tweaks. After working on it a bit more it the nopool option isn't compatible when IPv6 is in operation. Along with that the ifconfig-pool statement that is generated for IPv4 should be left out.

My config is:
set interfaces openvpn vtun0 encryption cipher 'aes256'
set interfaces openvpn vtun0 hash 'sha512'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 server domain-name 'example.com'
set interfaces openvpn vtun0 server name-server '172.16.252.1'
set interfaces openvpn vtun0 server name-server 'fda8:c8dd:ab6a:570e::1'
set interfaces openvpn vtun0 server subnet '172.16.252.0/24'
set interfaces openvpn vtun0 server subnet 'fda8:c8dd:ab6a:570e::/64'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/vpn.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/vpn.key'

When I edit the generated config to remove nopool on server line and the ifconfig-pool statement the daemon starts and I have an OpenVPN setup that will pass IPv4 and IPv6 traffic.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Unspecified (please specify)

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedBUGordexT3214 OpenVPN IPv6 fixes
 ResolvedBUGc-poT5891 OpenVPN IPv6 config issue with 1.4-rc1

Event Timeline

shaferstockton created this task.Jan 14 2021, 2:48 AM
shaferstockton created this object in space S1 VyOS Public.
pasik added a subscriber: pasik.Jan 14 2021, 4:34 PM
craftbyte added a subscriber: craftbyte.EditedMar 26 2021, 11:02 PM

This would require editing the template at https://github.com/vyos/vyos-1x/blob/current/data/templates/openvpn/server.conf.tmpl#L77

dmbaturin added projects: VyOS 1.3 Equuleus, VyOS 1.4 Sagitta.May 29 2021, 8:03 AM
c-po added a comment.Jun 1 2021, 7:12 PM

@shaferstockton can you please post your entire generated openvpn.conf file?

shaferstockton added a comment.Jun 15 2021, 6:22 PM

Uploaded the config as generated.

Also recorded log messages and changes I made to the generated config so openvpn would start.

First start I got:

openvpn-vtun0[3276]: Options error: --server-ipv6 is incompatible with 'nopool' option

Removed nopool from server line from generated config.

After that I got:

openvpn-vtun0[3324]: Options error: --server already defines an ifconfig-pool, so you can't also specify --ifconfig-pool explicitly

Removed ifconfig-pool line from generated config.

vtun0.conf1 KBDownload

jjakob added a subscriber: jjakob.Jun 15 2021, 7:28 PM

Can you try any 1.3 rolling version before 2020-10-30 commit c8b7e5c ?

That commit marks the point where a lot of the code I wrote for handling IP pools was - without good reason - removed. I'm personally still running on 1.3-rolling-202008301049 and I can guarantee everything regarding openvpn, including IPv6, works in that version.

If you don't have old isos that you can try, you'll have to wait until the things that were removed and broken with that date, get readded and fixed. Unfortunately, while I had the time to contribute the original code, I don't have the time any more to fix the current mess, as it's not even my fault it got into this state.

gmurphy42 added a subscriber: gmurphy42.Jul 10 2021, 6:04 AM
syncer triaged this task as Normal priority.Oct 17 2021, 3:17 PM
syncer changed the subtype of this task from "Task" to "Bug".
syncer removed a project: VyOS 1.3 Equuleus.
ordex added a subscriber: ordex.Nov 1 2022, 12:29 AM
ordex added a comment.Nov 1 2022, 10:38 PM

I created a PR to solve this specific issue (and some more related to this): https://github.com/vyos/vyos-1x/pull/1637

Viacheslav edited projects, added VyOS 1.5 Circinus; removed VyOS 1.4 Sagitta.Sep 1 2023, 8:08 AM
Viacheslav changed the task status from Open to Needs testing.Sep 23 2023, 1:55 PM
Viacheslav assigned this task to ordex.
c-po closed this task as Resolved.Jan 6 2024, 8:01 PM
c-po added a subtask: T5891: OpenVPN IPv6 config issue with 1.4-rc1.
c-po set Issue type to Unspecified (please specify).
c-po closed subtask T5891: OpenVPN IPv6 config issue with 1.4-rc1 as Resolved.Jan 7 2024, 6:26 AM