Project

General

Profile

Actions

Bug #6663

closed

IPv6 OpenVPN client is down after reboot

Added by Dmitriy K over 8 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Category:
OpenVPN
Target version:
Start date:
07/30/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.3.2
Affected Architecture:

Description

Setup:
  1. WAN PPPoE WAN
  2. HE.NET tunnel on WAN
  3. Static IPv6 on LAN
Steps to reproduce:
  • Create a UDP6 TAP OpenVPN client
  • Create and enable an iface for the client [for example, OVPN_AMS]
  • Reboot router
Expected:
  • OVPN_AMS is up
Actual:
  • OVPN_AMS is down. There is an error in the log: "TCP/UDP: Socket bind failed on local address [AF_INET6]2001:470:<censored>::: Can't assign requested address"

pfSense 2.3.0 does not have such bug as far as I can recall. It appeared in 2.3.1 but I was too lazy to report.

Actions #1

Updated by Jim Pingle over 8 years ago

  • Target version changed from 2.3.2-p1 to 2.4.0
Actions #2

Updated by Jim Thompson about 8 years ago

  • Assignee set to Jim Pingle

Pingle pls confirm

Actions #3

Updated by Jim Pingle about 8 years ago

  • Status changed from New to Confirmed
  • Assignee deleted (Jim Pingle)
  • Priority changed from High to Normal

Confirmed, doesn't need PPPoE. An OpenVPN instance on an assigned GIF interface is enough. It's acting as though the GIF interface is not configured when OpenVPN attempts to start.

Nov 7 15:02:06     openvpn     9665     OpenVPN 2.3.12 amd64-portbld-freebsd11.0 [SSL (OpenSSL)] [LZO] [MH] [IPv6] built on Oct 20 2016
Nov 7 15:02:06     openvpn     9665     library versions: OpenSSL 1.0.2j-freebsd 26 Sep 2016, LZO 2.09
Nov 7 15:02:06     openvpn     9988     NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Nov 7 15:02:06     openvpn     9988     TCP/UDP: Socket bind failed on local address [AF_INET6]2001:xxxx:xxxx:xxxx::2:1194: Can't assign requested address
Nov 7 15:02:06     openvpn     9988     Exiting due to fatal error 
Actions #4

Updated by Renato Botelho almost 8 years ago

  • Status changed from Confirmed to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

It happened in cases where specific IPv6 is selected to bind and interface is in 'tentative' state, as happened in the past with dpinger. I've pushed a fix, what depends of php-pfSense-module 0.33

Actions #5

Updated by Renato Botelho almost 8 years ago

I've mispelled ticket # on 5280fd8d21c71c6997e1855f8b96265bd81ccb99

Actions #6

Updated by Jim Pingle almost 8 years ago

  • Status changed from Feedback to Resolved

Updated a VM that had two UPD6 OpenVPN servers on a HE.net GIF WAN and they were both running after the update. On older snaps they would not start automatically.

Actions

Also available in: Atom PDF