1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Shibby OpenVPN IPv6 issue

Discussion in 'Tomato Firmware' started by a_drug, May 18, 2017.

  1. a_drug

    a_drug Network Newbie Member

    I am trying to set up an OpenVPN client for one of my VLANs using the latest Tomato from Shibby. Importantly, while my VPN provider allows for IPv6 tunelling, I don't want to use it and stick to IPv4 only.

    The problem I am getting, from the logs, is as follows:

    May 18 11:52:54 tomato daemon.notice openvpn[11214]: GDG6: remote_host_ipv6=n/a
    May 18 11:52:54 tomato daemon.notice openvpn[11214]: /sbin/ifconfig tun11 add aaaa:aaaa:aaaa:1300::1009/64
    May 18 11:52:54 tomato daemon.err openvpn[11214]: Linux ifconfig inet6 failed: external program exited with error status: 1
    May 18 11:52:54 tomato daemon.notice openvpn[11214]: Exiting due to fatal error


    My guess is the problem occurs, because I have IPv6 disabled globally in IPv6 configuration, but the OpenVPN client tries to add an IPv6 address.

    How do I go about setting up the client so that it limits the connection to IPv4 only?
     
  2. Sean B.

    Sean B. LI Guru Member

    I don't use OpenVPN so can't speak to specifics on it, however I'd find it odd if it's just pulling an IPv6 address out of it's butt to use for an attempt at connecting to another IPv6 address. Are you certain none of your routers interfaces are being configured with an IPv6 address in spite of you having disabled IPv6? As in the output of ifconfig from the command line shows no globally routable IPv6 addresses correct? You may try putting " local host YOURIPV4IPHERE " in the custom configuration box

    Quote from OpenVPN docs:

    It may override whatever defaults tomato is using for local host in the config, although as stated above, not sure how it's getting an IPv6 address if no interfaces have one.

    **EDIT** Just realized, are you saying you connect to the VPN provider via an IPv4 IP but once connected the server side forces an IPv6 IP address to the tunnel interface? If so, that server configuration doesn't make much sense.
     
    Last edited: May 20, 2017
  3. PetervdM

    PetervdM Network Guru Member

    - deleted -
     
    Last edited: May 20, 2017
  4. a_drug

    a_drug Network Newbie Member

    Thank you for your tips Sean. I have an answer now - first, the reason why IPv6 was being triggered was, indeed, on the server side and looked like this:

    Code:
    May 22 13:32:41 tomato daemon.notice openvpn[1403]: SENT CONTROL [xxxx]: 'PUSH_REQUEST' (status=1)
    May 22 13:32:42 tomato daemon.notice openvpn[1403]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS x.x.x.x,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway x.x.x.x,topology subnet,ifconfig-ipv6 xxxx:xxxx:xxxx:xxxx::xxxx/xx xxxx:xxxx:xxxx:xxxx::,ifconfig x.x.x.x 255.255.0.0,peer-id 18,cipher AES-256-GCM'
    
    which in turn led to:

    Code:
    May 22 13:32:42 tomato daemon.notice openvpn[1403]: GDG6: remote_host_ipv6=n/a
    May 22 13:32:42 tomato daemon.notice openvpn[1403]: /sbin/ifconfig tun11 add xxxx:xxxx:xxxx:xxxx::xxxx/xx
    May 22 13:32:42 tomato daemon.err openvpn[1403]: Linux ifconfig inet6 failed: external program exited with error status: 1
    May 22 13:32:42 tomato daemon.notice openvpn[1403]: Exiting due to fatal error
    
    The easy way out was to simply ignore ipv6 pulled commands using pull-filter, i.e. adding to the config:

    Code:
    pull-filter ignore "route-ipv6"
    pull-filter ignore "ifconfig-ipv6"
    
    Thanks for your help - I hope somebody finds this thread useful.
     
    Sean B., Malakai and kille72 like this.
  5. Sean B.

    Sean B. LI Guru Member

    Well done, glad you got it figured out.
     
    kille72 likes this.

Share This Page