Opened 6 years ago
Last modified 6 years ago
#953 new Bug / Defect
Dual-Stack Server with tls-auth has errors when IPv6 clients connect
Reported by: | gpf | Owned by: | |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | IPv6 | Version: | OpenVPN 2.4.3 (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: | Steffan Karger, Antonio Quartulli |
Description
I have configured a server with dual-stack support (proto udp6). When clients (OpenVPN connect on iOS) connect via IPv6 they get a timeout on the client side and the server logs bad packet IDs and packet authentication failures.
The error goes away when I configure the server to be IPv6 only by using a "local <ipv6 address>" configuration line.
Attachments (3)
Change History (10)
Changed 6 years ago by
Attachment: | server-logs.txt added |
---|
comment:1 Changed 6 years ago by
Cc: | Steffan Karger Antonio Quartulli added |
---|
comment:3 Changed 6 years ago by
I also tested with "cipher AES-256-GCM" instead of "auth SHA512" and used tls-crypt (using the iOS beta client) instead of tls-auth. Still can't connect but error changes to:
Oct 31 21:25:51 alita ovpn-vpn[7182]: tls-crypt unwrap error: packet authentication failed Oct 31 21:25:51 alita ovpn-vpn[7182]: TLS Error: tls-crypt unwrapping failed from [AF_INET6]2001:4c50:62f:8800:81f2:c691:1288:d54f:63522
comment:4 follow-up: 5 Changed 6 years ago by
Replying to gpf:
I have configured a server with dual-stack support (proto udp6). When clients (OpenVPN connect on iOS) connect via IPv6 they get a timeout on the client side and the server logs bad packet IDs and packet authentication failures.
The error goes away when I configure the server to be IPv6 only by using a "local <ipv6 address>" configuration line.
I'm seeing this error, too. Is there any workaround, besides turning off TSL-Auth?
comment:5 Changed 6 years ago by
Replying to vzsze:
I'm seeing this error, too. Is there any workaround, besides turning off TSL-Auth?
Not using dualstack. Right now I switched back to v4 only. :(
comment:6 Changed 6 years ago by
Does the problem happen only when connecting with Connect for iOS? Or does it happen with any client?
comment:7 Changed 6 years ago by
I'm using Linux client on Ubuntu 18.04.
Logs from the Server