IPv6 routes not working

Got a problem with Viscosity or need help? Ask here!

Qlii256

Posts: 8
Joined: Sun Jul 17, 2016 11:36 pm

Post by Qlii256 » Mon Nov 27, 2017 4:56 am
Hello

I'm connected to my own VPN server using Viscosity. I have some websites that block my VPN servers' IPv6 address so I would like to bypass the VPN on those specific websites. I used the guide on sparklabs.com, but it's only explaining how it works for IPv4 addresses. When using IPv6 the gateway dropdown only shows Default or Custom.

I've tried putting in fe80::1:1%en0 as that seems to be my normal gateway but it's still connecting through the VPN to the specific websites. I do an nslookup on the domain name of a particular website and use the given IPv6 address with a 64 mask.

Any idea what I'm doing wrong here?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Mon Nov 27, 2017 2:33 pm
Hi Qlii256,
I've tried putting in fe80::1:1%en0 as that seems to be my normal gateway
Using a link-local interface-scoped IPv6 address is unlikely to work. You'll want to use the IPv6 address of your router/gateway on your local network.
I do an nslookup on the domain name of a particular website and use the given IPv6 address with a 64 mask.
Please keep in mind that many websites may resolve to multiple IP addresses, or even change on a regular basis. For example the SparkLabs website uses Cloudflare CDN, so the IP address it uses will change depending on your location and what Cloudflare node you happen to be routed to. You'll need to try and ensure all possible addresses are accounted for.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

Qlii256

Posts: 8
Joined: Sun Jul 17, 2016 11:36 pm

Post by Qlii256 » Mon Nov 27, 2017 10:27 pm
Thank you, but what if I do not have IPv6 on my network while I do on the VPN. Is it possible to skip a website while connected to the VPN but use my IPv4 address?

Qlii256

Posts: 8
Joined: Sun Jul 17, 2016 11:36 pm

Post by Qlii256 » Tue Nov 28, 2017 4:39 am
My last question probably won't work as there's no way for Viscosity to tell that a specific IPv6 address also has an IPv4 address. I've tried using my actual IPv6 address to access my routers' GUI, but with no effect. I use a simple PHP script on my own server which returns the clients ip address. When not connected to the VPN I do get my own IPv6 address, when I am connected, I keep getting my VPN's IPv6 address.

The rule I use is:

Address: IPv6 address to the website
Type: IPv6
Gateway: Custom --> IPv6 address on which I can access my router's web GUI
Metric: default

Am I doing anything wrong?

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Tue Nov 28, 2017 9:49 am
You could possibly try using your computer's loopback IPv6 address ("::1") as the gateway, in the hope that your computer will see it's not reachable and fall back to IPv4. A better approach if you're in control of the OpenVPN server is to use a DNS forwarder (such as dnsmasq) and have it drop IPv6 DNS entries (AAAA records) for domains you only want to access over IPv4.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs

Qlii256

Posts: 8
Joined: Sun Jul 17, 2016 11:36 pm

Post by Qlii256 » Tue Nov 28, 2017 7:16 pm
Thank you. But why is routing with IPv6 not working for me? See my last post. I used the IPv6 address on which I can access my pfsense router.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Nov 30, 2017 10:34 am
But why is routing with IPv6 not working for me? See my last post. I used the IPv6 address on which I can access my pfsense router.
I would recommend examine your computer's routing table while connected to ensure that your route is set and seen as valid:
http://www.sparklabs.com/support/kb/art ... ng-problem

I would also recommend checking the OpenVPN log for any warnings or error messages:
http://www.sparklabs.com/support/kb/art ... envpn-log/

Finally, as mentioned above please be aware that the server/website you're accessing may have a different address or addresses:
http://www.sparklabs.com/support/kb/art ... bsite-uses

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
7 posts Page 1 of 1