IPv6 over openVPN is broken in 22.7.7

Started by rac-hh, November 03, 2022, 06:41:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 03, 2022, 06:41:10 PM
After upgrade the client gets an IPv6 address as before but cannot connect over IPv6.
November 03, 2022, 06:57:22 PM #1
Actual details would be nice, but likely the same as https://forum.opnsense.org/index.php?topic=30901.msg149005#msg149005


Cheers,
Franco
November 04, 2022, 10:10:14 AM #2 Last Edit: November 04, 2022, 10:21:51 AM by rac-hh
I test the update on a copy of another system with different IPs.
I changed ovpn-linkup according to the hotfix and restarted the ovpn server.
Interface and routing looks the same on both systems. Here the updated version:

# ifconfig ovpns1
ovpns1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        inet6 fe80::70f9:5bf:be20:a07a%ovpns1 prefixlen 64 scopeid 0x7
        inet6 fd00:0:ac:d1::1 prefixlen 64
        inet 172.16.38.1 --> 172.16.38.2 netmask 0xffffff00
        groups: tun openvpn
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        Opened by PID 41745
# route -n6 show fd00:0:ac:d1::1
   route to: fd00:0:ac:d1::1
destination: fd00:0:ac:d1::1
        fib: 0
  interface: lo0
      flags: <UP,HOST,DONE,STATIC,PINNED>
recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0     16384         1         0
# route -n6 show fd00:0:ac:d1::125
   route to: fd00:0:ac:d1::125
destination: fd00:0:ac:d1::
       mask: ffff:ffff:ffff:ffff::
        fib: 0
  interface: ovpns1
      flags: <UP,DONE,PINNED>
recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
       0         0         0         0      1500         1         0
# tcpdump -ni ovpns1 ip6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ovpns1, link-type NULL (BSD loopback), capture size 262144 bytes
09:53:02.526654 IP6 fd00:0:ac:d1::125 > fd00:0:ac:d1::1: ICMP6, echo request, seq 44, length 40
09:53:07.140131 IP6 fd00:0:ac:d1::125 > fd00:0:ac:d1::1: ICMP6, echo request, seq 45, length 40
09:53:12.135485 IP6 fd00:0:ac:d1::125 > fd00:0:ac:d1::1: ICMP6, echo request, seq 46, length 40
^C

So traffic from the client arrives but is not answered.

Also tested applying the hotfix and rebooting.
November 04, 2022, 10:46:56 AM #3
If you update to 22.7.7_1 and apply the patch you end up with the buggy 22.7.7.

If 22.7.7_1 without patch won't help you it's a different issue.


Cheers,
Franco
November 05, 2022, 08:36:42 AM #4
Same here with 22.7.7_1.
Cannot ping the sense's ULA (LAN and OVPN) or any other v6 destination.

For WG it still works fine.
i am not an expert... just trying to help...
November 05, 2022, 10:36:59 PM #5
In addition ping from sense to client´s ULA works fine:

Code Select
# /sbin/ping -6 -c '3' 'fd00:13:14::1000'
PING6(56=40+8+8 bytes) fd00:13:14::1 --> fd00:13:14::1000
16 bytes from fd00:13:14::1000, icmp_seq=0 hlim=64 time=88.484 ms
i am not an expert... just trying to help...
November 10, 2022, 09:01:29 AM #6
After cloning a 22.7.6 system again and direct upgrade to 22.7.7_1 IPv6 works as expected.
November 10, 2022, 09:06:45 AM #7
I only restarted OVPN server after update from 22.7.7 to 22.7.7_1, not the sense itself.
I assume the update from 22.7.6 to actual version required a reboot, I will give it a try later.
i am not an expert... just trying to help...
Print
Go Up Pages1
User actions