23.1.9, OpenVPN clients dual IPv4 IPv6, IPv4 working, IPv6 isn't

[ferryvanaesch]

Hi,

I've set up an openvpn server, and it dishes out both IPv4 and IPv6 addresses. In the Advanced section of the server I've added 'push "redirect-gateway ipv6"', and so far all seems fine. Clients connect, they get both IPv4 and IPv6 addresses assigned, and on IPv4 things are all good. I set up a NAT to the WAN, they can browse the Internet, and connect to both the LAN and DMZ networks internally.
On IPv6: not so much. I can see traffic coming in from the clients using tcpdump, but it's dropped on the firewall without a trace in the logs.
The Firewall rule under OpenVPN has 1 simple rule, to allow everything that comes in from the clients: (IPv4+6, pass). Logging is enabled, and I can see log-entries for IPv4 traffic, just nothing for IPv6.

Where oh where does one go to analyse further?

Thanks for any help in advance.

Ferry.

PS. The networks are all dual stack, including the WAN connection.

[ferryvanaesch]

Red herring. Zenarmor was the culprit.

[franco]

May have not been this but one other thing that could be happening is when a specific interface is selected for the listening address in which case OpenVPN does not offer dual-stack support and OPNsense assumes the user meant IPv4 even though the OpenVPN configuration accepts mixed UDP/TCP values, but not a second address...


Cheers,
Franco

[GreenMatter]

I've set up an openvpn server, and it dishes out both IPv4 and IPv6 addresses…

Hi,


Would you mind to share your dual stack openvpn setup?