Project

General

Profile

Actions

Feature #7281

open

OpenVPN: Add support for IPv6 dynamic prefix selection

Added by Anonymous almost 8 years ago. Updated about 7 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
02/19/2017
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

When WAN is obtaining an IPv6 prefix that allows multiple prefix IDs (i.e. smaller than /64), allow selection of an IPv6 prefix ID in OpenVPN setup so that if the prefix changes in the future, OpenVPN would be automatically updated to support the new prefix. Currently, manually entering a valid /64 prefix is required.

Basically, this is extending the "Track Interface" functionality found in the standard network interfaces to OpenVPN.

Example:
My ISP provides me with 2001:aaaa:bbbb:cc00::/56.
I want to select prefix ID f0 for OpenVPN use (2001:aaaa:bbbb:ccf0::/64)
ISP prefix in the future changes to 2001:abcd:1234:aa00::/56
OpenVPN should automatically be updated to new prefix (2001:abcd:1234:aaf0::/64)

Obviously there should be validation to make sure that the prefix ID selected isn't already in use on another interface.

The only downside to this is that automatically restarting the OpenVPN service when such a change occurs would unexpectedly disconnect any users that are connected. Maybe show this as a warning if specifying a prefix ID is chosen over manually entering a prefix?

Actions #1

Updated by Corey Boyle about 7 years ago

I would love to see this as well.

Actions #2

Updated by Corey Boyle about 7 years ago

I'm actually using a ULA range for the IPv6 Tunnel Network, so that doesn't need to change, but the IPv6 Local network(s) does. That's where an alias for another interface would come in handy.

Actions #3

Updated by Corey Boyle about 7 years ago

Actually, turns out that IPv4 addresses are actually preferred over ULA by most OSs, so connections don't use v6 when a ULA network is used, which defeats the purpose. So... Making the OpenVPN config aware of the delegated prefix, would be great.

Actions

Also available in: Atom PDF