wiki:IPv6SupportInManagementInterface

Version 1 (modified by Samuli Seppänen, 11 years ago) (diff)

--

Introduction

The OpenVPN management interface is used heavily by Access Server, but also by many OpenVPN clients. This page tracks the status of IPv6 support in the management interface. Much of the content here is blatantly copy-pasted from cron2's test description with only minor edits.

Current status

What works

The status output displays IPv6 just:

	status 0
	>LOG:1365538567,D,MANAGEMENT: CMD 'status 0'
	OpenVPN CLIENT LIST
	Updated,Tue Apr  9 22:16:07 2013
	Common Name,Real Address,Bytes Received,Bytes Sent,Connected Since
	cron2-ithing,2001:608:4:0:c1d7:de3:555d:a36b,5710,5891,Tue Apr  9 22:10:15 2013
	ROUTING TABLE
	Virtual Address,Common Name,Real Address,Last Ref
	fd12:3456:7890::/48,cron2-ithing,2001:608:4:0:c1d7:de3:555d:a36b,Tue Apr  9 22:10:15 2013
	10.0.1.0/24,cron2-ithing,2001:608:4:0:c1d7:de3:555d:a36b,Tue Apr  9 22:10:15 2013
	194.97.145.74,cron2-ithing,2001:608:4:0:c1d7:de3:555d:a36b,Tue Apr  9 22:10:15 2013
	2001:608:3:814::1000,cron2-ithing,2001:608:4:0:c1d7:de3:555d:a36b,Tue Apr  9 22:10:15 2013
	GLOBAL STATS
	Max bcast/mcast queue length,0
	END

What does not work

NOTE: These should be split into tickets if we deem them important to fix.

Commands "status 2" and "status 3" show a column for "Virtual Address" in the CLIENT_LIST, which only lists IPv4 (since there is just one column), but the IPv6 stuff is there in ROUTING_TABLE just fine. Is this a significant problem that needs a format change (adding one column for "Virtual Address v6")?

Also, "kill IP:port" will fail for IPv6 addresses:

	kill 2001:608:3:814::1000:1194
	>LOG:1365538844,D,MANAGEMENT: CMD 'kill 2001:608:3:814::1000:1194'
	ERROR: client at address 0.0.7.209:608 not found

The client-pf is not working, but that's larger than "management" - that PF stuff is functionality that is not in the 2.3 core at all for IPv6 yet.

What has not been tested

  • All the config commands should be configurable as if configured in the local config file
  • the management interface itself might not bind to IPv6 sockets