Project

General

Profile

Feature #2766

status_openvpn.php needs IPv6 support

Added by Chris Buechler about 4 years ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
OpenVPN
Target version:
Start date:
01/21/2013
Due date:
% Done:

100%


Description

status_openvpn.php needs IPv6 support, for instance to show the IPv6 assigned virtual address instead of just the v4 IP.

Associated revisions

Revision ec970b50
Added by Jim Pingle about 4 years ago

Add routing table display for each OpenVPN ssl/tls server instance, collapsed by default. Part of feature #2766

Revision 39f245c8
Added by Jim Pingle about 4 years ago

A couple fixes for openvpn routing table display. Feature #2766

Revision 6f17547a
Added by Jim Pingle 3 months ago

Update OpenVPN SSL/TLS server status to reflect changes in OpenVPN 2.4. Ticket #2766

Revision cbfd0754
Added by Jim Pingle 3 months ago

Add IPv6 virtual address to SSL/TLS client output, formatting corrections/enhancement for SSL/TLS client and server. Ticket #2766

Revision bffa3185
Added by Jim Pingle 3 months ago

Show IPv6 for static key servers, too. Fixes #2766

Revision 9b3518d0
Added by Jim Pingle 3 months ago

Print IPv6 addresses in the widget, too. Ticket #2766

Revision 2906d139
Added by Jim Pingle 3 months ago

Fix printing of local/remote host in OpenVPN status for Client Instances. If the client was not connected it was printing a ":" and nothing else in the field which was odd/confusing. Ticket #2766

History

#1 Updated by Jim Pingle about 4 years ago

  • Assignee set to Jim Pingle

Doesn't look like the OpenVPN management interface reports this back in the status line as it does for others, at least for SSL/TLS I see no mention of the client's IPv6 IP in the CLIENT_LIST response. It does show in the ROUTING_TABLE responses but there is no way to distinguish the client's IPv6 IP in the responses from any other single IPv6 routed IP.

I checked status outputs 1, 2, and 3, no difference.

I'll have to check on static key and IPv6-native. If the above case is true, we may have to push this back to 2.2 and hope they address it upstream in the meantime, or patch it ourselves.

If nothing else, we could add the OpenVPN routing table output to the status page, as it does show what networks are routed to each connected user/common name. Not at clean/nice as seeing it on a single row though.

#2 Updated by Chris Buechler about 4 years ago

if this is just something that isn't available in OpenVPN 2.3.0, then let's just move the target to 2.2.

#3 Updated by Jim Pingle about 4 years ago

  • Target version changed from 2.1 to 2.2

After poking some more there just isn't a way to get the info from the management interface that I can see. If you connect a tunnel up to an IPv6 peer the management interface just leaves the field blank in the output.

The routing table method will have to do for now.

#4 Updated by Jim Pingle almost 3 years ago

  • Target version changed from 2.2 to 2.3

This still isn't entirely possible in the most current version of OpenVPN (2.3.3 as of this update) for mixed IPv4 and IPv6 setups. OpenVPN reports the IPv6 routes for the internal routing table OK, but it does not print the IPv6 address along with the IPv4 address in a mixed/dual setup. For IPv6 only clients it's OK.

Link to the OpenVPN Wiki article on IPv6 support in their management interface:
http://community.openvpn.net/openvpn/wiki/IPv6SupportInManagementInterface

Moving this off to a future version to revisit at a later time. The above link mentions a patch being reviewed, but the last update is 12 months ago.

#5 Updated by Chris Buechler over 1 year ago

  • Target version deleted (2.3)

still missing in most recent OpenVPN currently available, 2.3.8.

#6 Updated by Jim Pingle 5 months ago

Still missing in OpenVPN 2.3.12

#7 Updated by Jim Pingle 4 months ago

Still missing in OpenVPN 2.3.13

#8 Updated by Jim Pingle 3 months ago

  • Target version set to 2.4.0

It's finally there in OpenVPN 2.4!

And since it's caused the status page to report fields incorrectly, it needs to come in for pfSense 2.4

#9 Updated by Jim Pingle 3 months ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#10 Updated by Jim Pingle 3 months ago

  • Status changed from Feedback to Resolved

Works!

Also available in: Atom PDF