Project

General

Profile

Actions

Bug #9212

closed

OpenVPN Client can't connect over IPv6 in "multihome"

Added by benoit moreau about 6 years ago. Updated about 5 years ago.

Status:
Not a Bug
Priority:
Normal
Assignee:
-
Category:
OpenVPN
Target version:
-
Start date:
12/18/2018
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.4_1
Affected Architecture:

Description

When the protocol option is set to "UDP IPv4 and IPv6 on all interfaces (multihome)", the OpenVPN Client will fail to connect over IPv6 and will return to IPv4 to work after about 1 minute.

In log I have:

write UDP: Can't assign requested address (code=49) 

It works over IPv6 when I set the protocol option to "UDP over IPv6 only"


Files

pfsense issue.png (79.5 KB) pfsense issue.png benoit moreau, 11/21/2019 04:35 PM
Actions #1

Updated by Jim Pingle about 5 years ago

  • Status changed from New to Incomplete

The description is a bit vague:

  • Is pfSense the server in this scenario, or the client?
  • If the client is not pfSense, is this error observed in the client or server logs?

In other words: Is the server set to multihome and a remote client fails to connect, or is pfSense acting as a client set to multihome connecting to a remote server?

Also, does the device encountering the error have a usable (GUA, not link-local) IPv6 address?

Actions #2

Updated by benoit moreau about 5 years ago

Oh, I totally forgot about this problem.

I finally found the solution and I think the problem comes from OpenVPN and not from pfSense.

This is not easy to explain, so when the client connects to the VPN, OpenVPN uses the IPv6 address of the incoming interface to bind the connection and fails when the incoming interface has no public IPv6 (link-local)

You can see my configuration in the image.

And the workaround is just to add an public IPv6 as "virtual IP" on the WAN interface and change the DNS entry.

Actions #3

Updated by Jim Pingle about 5 years ago

  • Status changed from Incomplete to Not a Bug

OK, that does sound more like an OpenVPN or config issue.

Actions

Also available in: Atom PDF