net_gateway is only working for IPv4

[belette2B]

Related to conversation on #openvpn with ordex, net_gateway is not converting to IPv6 gateway when used in 'route-ipv6 A:A:A:A/64 net_gateway'

This is not a bug but a feature request.

Usecase: using stunnel on top of OpenVPN, I have to add the OpenVPN IPv6/64 to the client side for maintening the stunnel and not passsing the stunel into OpenVPN as this break it.

[Gert Döring]

not sure I understand the use case? you point openvpn to "localhost", which is stunneled $elsewhere, and thus the built-in "detect gateway, install /128 bypass route" isn't working?

I can see the need for this in special circumstances, but would like to understand things better.

[Antonio Quartulli]

I agree that the use case is not clear (it wasn't mentioned on IRC).

However, I am not sure how the "detect gateway, install /128 bypass route" would help. The bypass route is installed for the server IP, which in this case is localhost. Am I wrong?

If I understood this properly, he wants to exclude the remote endpoint of the stunnel from being tunneled over the VPN itself.

[mike_SF]

The use case is *identical* for IPv6 than it is for IPv4 -- changing protocol does not change anything.
In general this directive is used to have a selected number of IP addresses (both IPv4 and IPv6) that are not routed through the VPN but whose traffic goes out the network interface.
This is to improve speed to endpoints that we know don't need encryption and to reduce overall VPN traffic and infrastructure costs.

[tct]

CC

This also looks like a duplicate:
#1247
#1161 (maybe related)

[Gert Döring]

Did not proceed the way it should have in the 2.6 timeframe - but we still want this, so bumping the milestone to 2.7