Opened 3 years ago

Last modified 6 months ago

#1043 new Feature Wish

IPv6 addresses are not loaded with ifconfig-pool-persist file

Reported by: eshieldx Owned by:
Priority: major Milestone: release 2.6
Component: Configuration Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: IPv6, pool, ipp.txt
Cc:

Description

Hello,

I've noticed a bug that specified ipv6 addresses for given clients are not loaded from file upon ovpn server start. So, there is no way to configure static IPv6 mappings for clients :(

In log file there is a string with "TODO: IPV6", but it seems like it's never been implemented.

Thanks.

Change History (5)

comment:1 Changed 3 years ago by Antonio

Type: Bug / DefectFeature Wish

yeah, apparently this is still not implemented.

You can alternatively use '--ifconfig-ipv6-push' in CCD files to push static IPv6 addresses to clients.

But patches are welcome :-)

comment:2 Changed 3 years ago by Gert Döring

Priority: trivialmajor

What ordex says - static IPv6 addresses can be assigned with ccd/ and ifconfig-ipv6-push (or using a client-connect script or plugin).

Due to the way the pool handling currently works, IPv6 addresses from the pool are tied to the IPv4 address - to fix this, one would need to write separate pool handling for IPv6. It will have to be done if we want to make OpenVPN work in an IPv6-only environment (*no* IPv4 inside the tunnel) but this is not a high priority item.

Certainly not "trivial", though.

comment:3 Changed 3 years ago by eshieldx

thanks for clarification, will try to play with ccd.

comment:4 Changed 3 years ago by Antonio

https://patchwork.openvpn.net/patch/387/
and
https://patchwork.openvpn.net/patch/362/

(both currently under review) should help with this. You can try testing these patches if interested.

comment:5 Changed 6 months ago by Gert Döring

Keywords: IPv6 pool ipp.txt added
Milestone: release 2.6
Version: OpenVPN 2.4.5 (Community Ed)OpenVPN git master branch (Community Ed)

So, the "ipv6 only pool" functionality is in, but it will not actually *help* with the original question.

The ipp.txt file contains both IPv4 and IPv6 addresses for dual-stack pools, but the mapping is indirect - the address is used to construct a "pool index", and that index is later used to assign addresses to the connecting client.

Which works well enough for v4-only or v6-only pools, but for a dual-stack pool, the "IPv4-to-base-address" mapping is used for the index, and the IPv6 address is ignored. Only if there is no v4, the v6 address is used.

Long story short: ipp.txt is unsuitable to assign fixed IPv4 and IPv6 addresses, unless they happen to have the same pool index (= offset from the start). If you want fixed IPv6 address and use a dual-stack pool, use ccd/ifconfig-ipv6-push.

To change this, we'd need to introduce the concept of "multiple independent pools" (each with their own ipp.txt), and then we can have independent v4 and v6 mappings. There is another feature request that wants multiple IPv4 pools for different classes of users, which could go nicely along with this.

Thus, reclassifying as "feature wish" and "milestone 2.6"

Note: See TracTickets for help on using tickets.