Opened 7 years ago
Last modified 2 years ago
#1043 new Feature Wish
decouple IPv4 and IPv6 pool persistence so "static IPv6 in ipp.txt" works
Reported by: | eshieldx | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | release 2.7 |
Component: | Configuration | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | IPv6, pool, ipp.txt |
Cc: |
Description
Hello,
I've noticed a bug that specified ipv6 addresses for given clients are not loaded from file upon ovpn server start. So, there is no way to configure static IPv6 mappings for clients :(
In log file there is a string with "TODO: IPV6", but it seems like it's never been implemented.
Thanks.
Change History (6)
comment:1 Changed 7 years ago by
Type: | Bug / Defect → Feature Wish |
---|
comment:2 Changed 7 years ago by
Priority: | trivial → major |
---|
What ordex says - static IPv6 addresses can be assigned with ccd/ and ifconfig-ipv6-push
(or using a client-connect
script or plugin).
Due to the way the pool handling currently works, IPv6 addresses from the pool are tied to the IPv4 address - to fix this, one would need to write separate pool handling for IPv6. It will have to be done if we want to make OpenVPN work in an IPv6-only environment (*no* IPv4 inside the tunnel) but this is not a high priority item.
Certainly not "trivial", though.
comment:4 Changed 6 years ago by
https://patchwork.openvpn.net/patch/387/
and
https://patchwork.openvpn.net/patch/362/
(both currently under review) should help with this. You can try testing these patches if interested.
comment:5 Changed 4 years ago by
Keywords: | IPv6 pool ipp.txt added |
---|---|
Milestone: | → release 2.6 |
Version: | OpenVPN 2.4.5 (Community Ed) → OpenVPN git master branch (Community Ed) |
So, the "ipv6 only pool" functionality is in, but it will not actually *help* with the original question.
The ipp.txt file contains both IPv4 and IPv6 addresses for dual-stack pools, but the mapping is indirect - the address is used to construct a "pool index", and that index is later used to assign addresses to the connecting client.
Which works well enough for v4-only or v6-only pools, but for a dual-stack pool, the "IPv4-to-base-address" mapping is used for the index, and the IPv6 address is ignored. Only if there is no v4, the v6 address is used.
Long story short: ipp.txt is unsuitable to assign fixed IPv4 and IPv6 addresses, unless they happen to have the same pool index (= offset from the start). If you want fixed IPv6 address and use a dual-stack pool, use ccd/ifconfig-ipv6-push
.
To change this, we'd need to introduce the concept of "multiple independent pools" (each with their own ipp.txt), and then we can have independent v4 and v6 mappings. There is another feature request that wants multiple IPv4 pools for different classes of users, which could go nicely along with this.
Thus, reclassifying as "feature wish" and "milestone 2.6"
comment:6 Changed 2 years ago by
Milestone: | release 2.6 → release 2.7 |
---|---|
Summary: | IPv6 addresses are not loaded with ifconfig-pool-persist file → decouple IPv4 and IPv6 pool persistence so "static IPv6 in ipp.txt" works |
No time to tackle this for 2.6 - changing milestone to 2.7
yeah, apparently this is still not implemented.
You can alternatively use '--ifconfig-ipv6-push' in CCD files to push static IPv6 addresses to clients.
But patches are welcome :-)