Bug #7894
closed
Open VPN not redirecting traffic over tunnel. Remote IPV6 shows as public IP when "Force all client generated traffic through the tunnel." option is enabled and all IPV6 through pfsense is blocked
0%
Description
Hello All,
I just updated to the newest dev build and connected to it remotely and had a shocking supprise. For some reason when I go to google and type "what is my ip" I get an IPV6 address that my cell phone is using which is connectd through a hotspot which is connected via wifi to my laptop. This laptop then has an openvpn UDP tunnel into my other site's network and all traffic should be forwarded through the tunnel and out that server but unfortunatly it is not. I only use IPV4 except on the cell phone where it obtains either IPV4 or IPV6 which should be no issue since the laptop and pfsense are not setup to even use IPV6.In my openvpn settings which have not changed through many many upgrades, I have the following options setup which makes me worried there is a bug and leakage is occurring. "Force all client generated traffic through the tunnel" and "Don't forward IPv6 traffic" options checked as well as firewall rules to drop all IPV6 traffic inbound and outbound.
Please see my version information below:
If needed I can provide any debug dumps you may need, just let me know and I will send them. Greetz to all the devs that contribute to this wonderful project. Thanks! -Ereb0s
2.3.5-DEVELOPMENT (amd64)
built on Tue Sep 26 10:07:12 CDT 2017
FreeBSD 10.3-RELEASE-p20
The system is on the latest version.
Version information updated at 2017-09-26 20:55
Updated by Shawn Moss almost 8 years ago
So after a bit more trouble shooting, I am leaning against this being a bug in PfSense and possibly in my linux build. It turns out my IPv4 network settings in linux are set to auto DHCP and my IPv6 settings are set to Automatic for the connection to the cell phone hot spot. When I set the IPv6 settings for the wifi connection to "Ignore" and check the outside IP before connecting to the VPN and after, they do indeed change and traffic is routed out the Pfsense openvpn tunnel. If I enable automatic IPv6 how it was originally and check external IP address before and after connecting to the VPN, both are the same. This sounds like a bug in fedora linux 26 so I will post a bug there. If a dev wants to double check it, let me know if you want a debug dump of pfsense. This is low priority at this point.
Thanks again. -Ereb0s
Updated by Jim Pingle almost 8 years ago
- Status changed from New to Not a Bug
- Target version deleted (
2.3.5)
Yeah that would have to be on the client side. It might even be using its own IPv6 tunneling protocol like Teredo