1
18.7 Legacy Series / IPv6 routing via OpenVPN won't work
« on: June 24, 2018, 06:28:19 pm »
Hello,
I am working in the configuration of some router using OPNsense.
Here is the desired behavior:
- Two internal VLANs: one "direct" and the other "secure".
- Two "WANs": the main one: on the internet (IPv4 & IPv6) and the other is a OpenVPN client (to AirVPN).
I want to redirect the "direct" lan to the main WAN, and the "secure" lan to the VPN client.
Here are the issue:
I cannot make this to work in IPv6.
Let me explain:
- IPv6 works perfectly for the "direct" lan, the clients are on a /64 public subnet and the routing is working fine.
- IPv4 works perfectly on both LANs, using NAT with a /24 subnet for the "direct" lan, and redirect gateway to OpenVPN for the "secure" lan.
But:
- IPv6 never gets out when coming from the "secure" lan to the vpn.
Here is what I have found while digging into the issue:
- The VPN client works correctly both in IPv4 and IPv6.
- I can make this configuration work by manually setting IPv6 addresses on the VPN interface (using xxxx:xxxx::1 for the gateway, and the VPN assigned IP for the interface IP).
- It seems that, on VPN connect, the IPv6 settings are not assigned to the interface (like it's done for IPv4).
Am I right ?
Thanks a lot,
Quentin
I am working in the configuration of some router using OPNsense.
Here is the desired behavior:
- Two internal VLANs: one "direct" and the other "secure".
- Two "WANs": the main one: on the internet (IPv4 & IPv6) and the other is a OpenVPN client (to AirVPN).
I want to redirect the "direct" lan to the main WAN, and the "secure" lan to the VPN client.
Here are the issue:
I cannot make this to work in IPv6.
Let me explain:
- IPv6 works perfectly for the "direct" lan, the clients are on a /64 public subnet and the routing is working fine.
- IPv4 works perfectly on both LANs, using NAT with a /24 subnet for the "direct" lan, and redirect gateway to OpenVPN for the "secure" lan.
But:
- IPv6 never gets out when coming from the "secure" lan to the vpn.
Here is what I have found while digging into the issue:
- The VPN client works correctly both in IPv4 and IPv6.
- I can make this configuration work by manually setting IPv6 addresses on the VPN interface (using xxxx:xxxx::1 for the gateway, and the VPN assigned IP for the interface IP).
- It seems that, on VPN connect, the IPv6 settings are not assigned to the interface (like it's done for IPv4).
Am I right ?
Thanks a lot,
Quentin