Opened 6 years ago

Last modified 3 years ago

#264 accepted Feature Wish

[PATCH] IPv6 p2p issues

Reported by: leres Owned by: Gert Döring
Priority: minor Milestone: release 2.4
Component: IPv6 Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords: IPv6 p2p
Cc: openvpn13@…


I had a couple problems adding IPv6 to an existing IPv6 p2p tunnel configuration. I want to use:

# server
 ifconfig-ipv6 2620:83:8000:3088::101/128 2620:83:3000:8088::445
# client
ifconfig-ipv6 2620:83:8000:3088::445/128 2620:83:3000:8088::101

First I ran into:

ifconfig-ipv6: /netbits must be between 64 and 124, not /128

Once I "fixed" that the ifconfig command issued was missing the remote end:

# server
openvpn_test[57456]: /sbin/ifconfig tun6 inet6 2620:83:3000:8088::101/128

Attached are patches for both changes I needed.

Attachments (3)

patch-srcopenvpnoptions.c (591 bytes) - added by leres 6 years ago.
patch-src_openvpn_options.c (591 bytes) - added by leres 6 years ago.
patch-src_openvpn_tun.c (718 bytes) - added by leres 6 years ago.

Download all attachments as: .zip

Change History (8)

Changed 6 years ago by leres

Changed 6 years ago by leres

Attachment: patch-src_openvpn_options.c added

Changed 6 years ago by leres

Attachment: patch-src_openvpn_tun.c added

comment:1 Changed 6 years ago by Gert Döring

This is not the way it is supposed to work - we run the tun interface as a network, not as a /128 with independent addresses on the left and right end (because that is not working on all supported platforms).

Just assign a /124 to the tun, and give both sides an address out of it

side A:

ifconfig-ipv6 2620:83:8000:3088::10a/124


ifconfig-ipv6 2620:83:8000:3088::10b/124

you have enough IPv6 addresses so you can afford "wasting" a /124 there.

comment:2 Changed 6 years ago by Gert Döring

Owner: set to Gert Döring
Priority: majorminor
Status: newaccepted
Type: Bug / DefectFeature Wish

comment:3 Changed 5 years ago by Samuli Seppänen

cron2: do we want to implement this feature at some point, or should we just close this ticket?

comment:4 Changed 4 years ago by Gert Döring

Milestone: release 2.4
Version: 2.3.0git master branch

We're not changing this for 2.3, but I might be tempted to work on this (read: ensure that it actually works on all supported platforms!) for 2.4 - for example, most if the BSDs would need an extra route for the remote address, not just an extra ifconfig parameter (if that is valid at all).

But maybe not. The IPv6 code really wants a subnet.

comment:5 Changed 3 years ago by jankratochvil

Using such setup with custom 'up' script calling IP6 ifconfig/route/ip commands and it works fine. I do not understand why I should create subnets for openvpn when they are not needed using the ip commands.

Note: See TracTickets for help on using tickets.