Opened 6 years ago
Last modified 16 months ago
#1084 new Feature Wish
net_gateway is only working for IPv4
Reported by: | belette2B | Owned by: | Gert Döring |
---|---|---|---|
Priority: | major | Milestone: | release 2.7 |
Component: | IPv6 | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | net_gateway ipv6 |
Cc: |
Description
Related to conversation on #openvpn with ordex, net_gateway is not converting to IPv6 gateway when used in 'route-ipv6 A:A:A:A/64 net_gateway'
This is not a bug but a feature request.
Usecase: using stunnel on top of OpenVPN, I have to add the OpenVPN IPv6/64 to the client side for maintening the stunnel and not passsing the stunel into OpenVPN as this break it.
Change History (6)
comment:1 Changed 6 years ago by
comment:2 Changed 6 years ago by
I agree that the use case is not clear (it wasn't mentioned on IRC).
However, I am not sure how the "detect gateway, install /128 bypass route" would help. The bypass route is installed for the server IP, which in this case is localhost. Am I wrong?
If I understood this properly, he wants to exclude the remote endpoint of the stunnel from being tunneled over the VPN itself.
comment:3 Changed 5 years ago by
The use case is *identical* for IPv6 than it is for IPv4 -- changing protocol does not change anything.
In general this directive is used to have a selected number of IP addresses (both IPv4 and IPv6) that are not routed through the VPN but whose traffic goes out the network interface.
This is to improve speed to endpoints that we know don't need encryption and to reduce overall VPN traffic and infrastructure costs.
comment:5 Changed 4 years ago by
Component: | Generic / unclassified → IPv6 |
---|---|
Milestone: | → release 2.6 |
Owner: | set to Gert Döring |
Version: | OpenVPN 2.1.4 (Community Ed) → OpenVPN git master branch (Community Ed) |
comment:6 Changed 16 months ago by
Milestone: | release 2.6 → release 2.7 |
---|
Did not proceed the way it should have in the 2.6 timeframe - but we still want this, so bumping the milestone to 2.7
not sure I understand the use case? you point openvpn to "localhost", which is stunneled $elsewhere, and thus the built-in "detect gateway, install /128 bypass route" isn't working?
I can see the need for this in special circumstances, but would like to understand things better.