Mac to pfSense with ipv6 and ipv4 tunnel - fails on ipconfig

Got a problem with Viscosity or need help? Ask here!

shacklr

Posts: 1
Joined: Fri Aug 04, 2017 6:28 am

Post by shacklr » Fri Aug 04, 2017 6:46 am
I'm having an issue connecting to a pfSense router when both an IPv6 and IPv4 tunnel are specified. If the IPv6 tunnel is removed Viscosity connects, but I require IPv6 for some services I want to access.

The failure is on ifconfig utun1 inet6
Code: Select all
2017-08-03 21:18:38: Viscosity Mac 1.7.3 (1412)
2017-08-03 21:18:38: Viscosity OpenVPN Engine Started
2017-08-03 21:18:38: Running on macOS 10.12.6
2017-08-03 21:18:38: ---------
2017-08-03 21:18:38: State changed to Connecting
2017-08-03 21:18:39: Checking reachability status of connection...
2017-08-03 21:18:39: Connection is reachable. Starting connection attempt.
2017-08-03 21:18:39: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2017-08-03 21:18:39: OpenVPN 2.4.3 x86_64-apple-darwin [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [MH/RECVDA] [AEAD] built on Jun 21 2017
2017-08-03 21:18:39: library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.09
2017-08-03 21:20:02: TCP/UDP: Preserving recently used remote address: [AF_INET]{removed}:1194
2017-08-03 21:20:02: UDP link local (bound): [AF_INET][undef]:1194
2017-08-03 21:20:02: UDP link remote: [AF_INET]{removed}:1194
2017-08-03 21:20:02: State changed to Authenticating
2017-08-03 21:20:02: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2017-08-03 21:20:05: [OpenVPNServer] Peer Connection Initiated with [AF_INET]{removed}:1194
2017-08-03 21:20:06: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
2017-08-03 21:20:06: Opening utun (connect(AF_SYS_CONTROL)): Resource busy
2017-08-03 21:20:06: Opened utun device utun1
2017-08-03 21:20:06: do_ifconfig, tt->did_ifconfig_ipv6_setup=1
2017-08-03 21:20:06: /sbin/ifconfig utun1 delete
2017-08-03 21:20:06: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2017-08-03 21:20:06: /sbin/ifconfig utun1 10.28.28.2 10.28.28.2 netmask 255.255.255.0 mtu 1500 up
2017-08-03 21:20:06: /sbin/ifconfig utun1 inet6 fe80:1c:1c::1000/64
2017-08-03 21:20:06: MacOS X ifconfig inet6 failed: external program exited with error status: 1
2017-08-03 21:20:06: Thu Aug  3 21:20:06 2017 Exiting due to fatal error
2017-08-03 21:20:06: State changed to Disconnected
Any help or suggestions appreciated!

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Aug 07, 2017 11:20 am
Hi shacklr,

The following entry in the log is what you'll want to focus on - it indicates that the IPv6 address attempting to be set is invalid:
Code: Select all
2017-08-03 21:20:06: /sbin/ifconfig utun1 inet6 fe80:1c:1c::1000/64
2017-08-03 21:20:06: MacOS X ifconfig inet6 failed: external program exited with error status: 1
My guess is the problem is that you're attempting to set a link-local address for the tun interface, which is something normally the OS sets and follows a special format. I'd instead recommend using a IPv6 Private Range instead (Google should turn up a number of generator options) or possibly the Unique Local Address range.
https://en.wikipedia.org/wiki/Private_n ... _addresses

Alternatively you could use a tap/bridged setup instead, which should support a link-local address (in fact the OS will auto-configure one itself if you have IPv6 enabled for your connection in Viscosity).

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1