Opened 7 years ago

Closed 7 years ago

#821 closed Bug / Defect (worksforme)

proto udp prevents daemon start when ipv6 isnt configured

Reported by: jiquera Owned by:
Priority: major Milestone:
Component: Generic / unclassified Version: OpenVPN 2.4.0 (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc:

Description

Apologies for reporting this without completely understanding whether this is a bug or not. But I don't get any reply on the forums or irc chat... :(

I migrated my server to 2.4 and got the following error for my openvpn script that works with UDP

Thu Jan 1 01:00:29 1970 Could not determine IPv4/IPv6 protocol. Using AF_INET6
Thu Jan 1 01:00:29 1970 UDP: Cannot create UDP/UDP6 socket: Address family not supported by protocol (errno=97)
Thu Jan 1 01:00:29 1970 Exiting due to fatal error

Ipv6 is not configured but ipv4 is. So I don't understand why it wants to do IPv6 in the first place. When I force the protocol with "--proto udp4" it works.

Is this expected behavior? How does it decide between the two? Shouldn't the default at this point in time not be IPv4 as IPv6 is still quite rare.

How does it determine 4/6?

Change History (4)

comment:1 Changed 7 years ago by Gert Döring

"proto udp" is dual-stack, in which case we have to open an AF_INET6 socket to actually be able to get both v4 and v6 connections.

Actually, we do not force AF_INET6, but we ask your system's getaddrinfo() call what would be appropriate, and use that - and getaddrinfo() says that "we should be using AF_INET6" (that's what the log line "Could not determine IPv4/IPv6 protocol" is about).

So - this is a bug in your system. Getaddrinfo() should never return an INET6 address structure if the system is configured to refuse IPv6. But if it does, yes, use proto udp4 as a workaround.

On the question whether "the default should be IPv4" - well, I've been using mostly IPv6 for the last 10+ years :-) - and again: the default is what your system tells us to do. Modern systems normally prefer IPv6 iff there is a v6 address somewhere on the system, or v4 otherwise - but since you're not mentioning what OS you have there, it's hard to give more advice.

comment:2 Changed 7 years ago by plaisthos

Actually your OS screws up there. We ask the OS for the prefered wildcard address by getaddrinfo and then use that to bind. explicitly specifying udp4/udp6 will make this predictable.

Also your clock is way off: Thu Jan 1 01:00:29 1970

Last edited 7 years ago by plaisthos (previous) (diff)

comment:3 Changed 7 years ago by jiquera

  • Yeah clock is because I was screwing around with installs.
  • Thx I can understand the system now
  • @cron2: it's nice that you use IPv6 but I'm still 100% positive that the vast majority of the web runs on IPv4

Anyway, you can close the ticket as it's a result from bad OS config. (I'm running on a DD-WRT router, I'll take it up with them)

Thanks for the quick help though and sorry for abusing the ticket system for this.

comment:4 in reply to:  3 Changed 7 years ago by Gert Döring

Resolution: worksforme
Status: newclosed

Replying to jiquera:

  • @cron2: it's nice that you use IPv6 but I'm still 100% positive that the vast majority of the web runs on IPv4

The point was more that I've been doing it for over 10 years, so "now" is not "early" in any interpretation of the word anymore wrt IPv6 adoption...

Whether "the vast majority" is still IPv4 depends a bit on how you count. Many of the largest sites are v6-enabled today (google, youtube, facebook, linkedin, ...) and since many of the largest providers are v6-enabled as well (T-Mobile, Verizon, DTAG, Comcast, ...) they see over 30% of IPv6 traffic...

Sure, there's a long tail before we see v6-only, but it's definitely way past the point where v6 was a niche thing that you wanted to consider twice before turning it on.

Anyway, you can close the ticket as it's a result from bad OS config. (I'm running on a DD-WRT router, I'll take it up with them)

closing :)

Note: See TracTickets for help on using tickets.