Make IPv6 payload work in openvpn

Hi All,

I have an openvpn vpn wich is configured to be dual stack (IPv4 and IPv6) for payload data inside the VPN, this is verified to work.
The openvpn client on my Sony Xperia 10iii works for IPv4 payload, IPv6 is not configured and can’t be used. I even tried to manually configure an IPv6 address on the vpn interface after the initial setup, but this fails.

Usually this wouldn’t be a problem, but my mobile provider recently changed it’s setup to only provide IPv6 addresses (IPv4 connectivity is provided via 6-to-4 NAT). Because my IPv6 VPN setup is ignored the IPv6 default gateway keeps going to the mobile data connection instead of to the VPN. This leads to information leakage and gives a bad user experience (trying to reach an IPv6 capable host reachable via the VPN will wait for a time-out because it’s unreachable via the mobile data connection, after that it falls back to IPv4 which works).

Please make IPv6 as openvpn payload work :slight_smile: . I can’t really pinpoint what’s missing, openvpn supports IPv6, the kernel supports IPv6, so i don’t know what’s missing.

2 Likes

Sounds that you could contribute to Testing CLAT for IPv6-only mobile networks - #131 by abranson .

2 Likes

Thanks for the link, i’ll see what i can do.

I can see the same problem. The config works on other clients (both ipv4 and ipv6 traffic captured by the VPN) but on my sailfishos device the ipv6 setup seems to be silently ignored.

Has openvn on sailfish been built wioth some hardwired no-ipv6 options?

It’s actually not openvpn that causes the problem. If you call openvpn directly (from commandline or in a script) it works dual stack, the problem is in the connman plugin for openvpn (see Testing CLAT for IPv6-only mobile networks - #138 by jlaakkonen)

As a workaround i’m using a script to do the VPN setup, the script also shared in that topic but be aware it’s very very hacky.

2 Likes

Thanks for the info, will chase it up later