Page MenuHomeVyOS Platform

OpenVPN IPv6 fixes
Open, Requires assessmentPublic

Description

With some help from @c-po my IPv6 OpenVPN setup got closer to working after some template tweaks. After working on it a bit more it the nopool option isn't compatible when IPv6 is in operation. Along with that the ifconfig-pool statement that is generated for IPv4 should be left out.

My config is:
set interfaces openvpn vtun0 encryption cipher 'aes256'
set interfaces openvpn vtun0 hash 'sha512'
set interfaces openvpn vtun0 mode 'server'
set interfaces openvpn vtun0 server domain-name 'example.com'
set interfaces openvpn vtun0 server name-server '172.16.252.1'
set interfaces openvpn vtun0 server name-server 'fda8:c8dd:ab6a:570e::1'
set interfaces openvpn vtun0 server subnet '172.16.252.0/24'
set interfaces openvpn vtun0 server subnet 'fda8:c8dd:ab6a:570e::/64'
set interfaces openvpn vtun0 tls ca-cert-file '/config/auth/ca.crt'
set interfaces openvpn vtun0 tls cert-file '/config/auth/vpn.crt'
set interfaces openvpn vtun0 tls dh-file '/config/auth/dh.pem'
set interfaces openvpn vtun0 tls key-file '/config/auth/vpn.key'

When I edit the generated config to remove nopool on server line and the ifconfig-pool statement the daemon starts and I have an OpenVPN setup that will pass IPv4 and IPv6 traffic.

Details

Difficulty level
Unknown (require assessment)
Version
-
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)