Openvpn broken passing from ipv4 to ipv6

[Albert73]

Hi,
I had a perfectly working openvpn set up until when I upgraded my internet connection and the provider changed the setting from Ipv4 to Ipv6. I followed several tutorials to make my vpn working again but without success.

My server configuration file is :

local 192.168.0.100 # RASPBERRY PI IP ADDRESS
dev tun
proto udp6
port 1194
ca /etc/openvpn/currentKeys/ca.crt
cert /etc/openvpn/currentKeys/munich_server.crt
key /etc/openvpn/currentKeys/munich_server.key
dh /etc/openvpn/currentKeys/dh2048.pem
server 10.8.0.0 255.255.255.0
# server and remote endpoints
ifconfig 10.8.0.1 10.8.0.2
# Add route to Client routing table for the OpenVPN Server
push "route 10.8.0.1 255.255.255.255"
# Add route to Client routing table for the OpenVPN Subnet
push "route 10.8.0.0 255.255.255.0"
# your local subnet
push "route 192.168.0.100 255.255.255.0"
push "dhcp-option DNS 192.168.0.1" # Router's IP address.
push "redirect-gateway def1"
client-to-client
server-ipv6 aaaa:bbbb:cccc:dddd::/64
push "route-ipv6 2000::/3"
duplicate-cn
keepalive 10 120
cipher AES-128-CBC
comp-lzo
user nobody
group nogroup
persist-key
persist-tun
status /var/log/openvpn-status.log 20
log /var/log/openvpn.log
verb 7

The client configuration file is:

client
dev tun
proto udp6
remote <destination-ip> 1194
resolv-retry infinite
nobind
persist-key
persist-tun
mute-replay-warnings
ns-cert-type server
key-direction 1
cipher AES-128-CBC
comp-lzo
verb 1
mute 20

After running the service, the the last few lines of the log are:

Sun Nov 5 11:34:56 2017 us=849654 OpenVPN 2.4.0 arm-unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built$
Sun Nov 5 11:34:56 2017 us=849710 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Sun Nov 5 11:34:56 2017 us=859552 NOTE: your local LAN uses the extremely common subnet address 192.168.0.x or 192.168.1.x. Be aware that this mi$
Sun Nov 5 11:34:56 2017 us=861558 Diffie-Hellman initialized with 2048 bit key
Sun Nov 5 11:34:56 2017 us=865291 TLS-Auth MTU parms [ L:1622 D:1212 EF:38 EB:0 ET:0 EL:3 ]
Sun Nov 5 11:34:56 2017 us=873231 RESOLVE: Cannot resolve host address: 192.168.0.100:1194 (Address family for hostname not supported)
Sun Nov 5 11:34:56 2017 us=873303 Exiting due to fatal error

Where is the problem?

The ipv6 address that I use in the server configuration file is from the command ifconfig : eth0 --> inet6 <the address> prefixlen 64 scopeid 0x0<global> Is that correct?

Thank in advance for any help

Alberto

[thomasschaefer]

I would focus to the error message: "

Code: Select all

RESOLVE: Cannot resolve host address: 192.168.0.100:1194 (Address family for hostname not supported)

".

May be the IPv6 address of the interface makes problems. Does it work with "

Code: Select all

proto udp

" ?

[Albert73]

Hi Thomas,

yes I removed the 6 and it runs without problems but I cannot access it. Apparently the client side does not reach the server as far as I understood

These are the lines from the client log:
Mon Nov 06 21:10:07 2017 UDP link remote: [AF_INET] <my ipv4 address>:1194
Mon Nov 06 21:11:08 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Mon Nov 06 21:11:08 2017 TLS Error: TLS handshake failed