Menu
▾
▴
Re: [Openvpn-users] udp6 source-address wrong with more than one ipv6-address on server
|
From: Stefan H. <st...@th...> - 2011-01-28 11:58:01
|
Am 28.01.2011 10:51, schrieb Davide Brini: > On Friday 28 Jan 2011 00:07:37 Stefan Hellermann wrote: > >> I have a problem with proto udp6 (tun inside). My Openvpn-server should >> be reachable on multiple IPv6-addresses over UDP6. The packets arrive at >> the correct IP, but Openvpn answers them on a default ip, not on the one >> where the packet arrived. With proto tcp6-server it works. >> >> I know that UDP is stateless, but you can get the destination ip out of >> the recived packet and use it as a source ip for sending packets. This >> should somehow work with IPV6_PKTINFO on the socket (man 7 ipv6 on linux). >> >> My openvpn-Version: openvpn-201102.tar.gz from here: >> ftp://ftp.secure-computing.net/pub/FreeBSD/ports/openvpn-devel/ >> > Are you using the "multihome" option in the server configuration? As far as I > can tell, using "multihome" uses the PKTINFO information to source UDP replies > from the correct IP address; however, while it does work for IPv4, I don't > know if that functionality has been ported to IPv6 already. I'm CC-ing the > devel list as well. > No I haven't tried multihome, and I don't know why I haven't seen this option before... Why isn't this the default? But, it seems it doesn't work for IPv6 yet, I get this: Jan 28 11:37:22 openvpn(server)[17978]: read UDPv6 [NO-INFO]: Connection refused (code=146) Jan 28 11:37:24 openvpn(server)[17978]: read UDPv6 [NO-INFO]: Connection refused (code=146) Jan 28 11:37:26 openvpn(server)[17978]: read UDPv6 [NO-INFO]: Connection refused (code=146) Jan 28 11:37:29 openvpn(server)[17978]: read UDPv6 [NO-INFO]: Connection refused (code=146) Using the default IPv6-address works with and without multihome, but the other addresses do not work. To get the multiple wan connections I use source based routing. # ip -6 rule 0: from all lookup local 11: from 2001:470:1f14:12f5::2 lookup 10 32766: from all lookup main # ip -6 route list table main | grep default default dev sixxs metric 1024 mtu 1480 # ip -6 route list table 10 | grep default default dev 6in4-henet metric 1024 mtu 1480 With tcp6-server this works. Thanks, Stefan |