SparkLabs Forum.

Community Help.

"Enable IPv6" seems to actually break IPv6

tl;dr: when enabling IPv6 in Viscosity's preferences, the interface gets a /128 IP:

Code: Select all

   ether d2:dc:69:c2:ab:95
   inet netmask 0xffffff00 broadcast
   inet6 fe80::18e2:6ee4:b380:8db0%vtap0 prefixlen 64 secured scopeid 0x10
   inet6 2001:db8:18:7::4 prefixlen 128

This is unusable and any pushed routes do not take as the gateway (OpenVPN server) is not reachable.

However, if I uncheck (disable) the 'Enable IPv6' option for the connection, it works! It's a it counter-intuitive ;-)

Code: Select all

   ether a2:5a:d2:f7:75:98
   inet netmask 0xffffff00 broadcast
   inet6 fe80::a05a:d2ff:fef7:7598%vtap0 prefixlen 64 scopeid 0x10
   inet6 2001:db8:18:7::4  prefixlen 64

Note the prefixlen = 128 on the top and prefixlen = 64 just above.

While just leaving IPv6 enabled unchecked does allow for IPv6 routing, I think the problem compounds as the local DNS resolver will not query for a AAAA record as v6 is not marked as enabled (this is an assumption on my part as to why aaaa records are not sought).

This is Viscosity 1.7.11 (1463) connecting to OpenVPN 2.4.4 with a sample config as follows:

Code: Select all

proto udp6
mode server
dev tap
topology subnet
ifconfig-ipv6 2001:db8:7::1/64 2001:db8:7::2
ifconfig-ipv6-pool 2001:db8:7::3/64
push "dhcp-option DNS"
push "dhcp-option DNS6 2001:db8:2::4"
push "dhcp-option DOMAIN"
push "dhcp-option DOMAIN"
push "redirect-gateway def1 ipv6"

Thanks a million,

Love the product by the way - we recommend it to everyone!

By the way - I'm happy to work with the developers for testing to get this working properly. You'll get me via barry [at] islandbridgenetworks [dot] ie.
Hi barryo,

The "Enable IPv6" option enables IPv6 automatic configuration for TAP connections (via DHCPv6 or stateless auto configuration). It's not needed for connections where the IP address is being manually assigned by OpenVPN. Viscosity should detect this and automatically turn the option off if it's not required: you should see a message like "Disabling Automatic IPv6 on interface vtap0 (not required)" in the connection log if this is occurring.

It seems likely something is going awry with the disabling of IPv6 automatic configuration. If I had to guess I'd say the VPN interface is obtaining an IPv6 address via automatic IPv6 configuration, and so when OpenVPN comes along with its manual IP address in the same range it's just getting added as a secondary IP address (hence the /128). When IPv6 automatic configuration gets turned off, only the /128 IP remains.

Obviously it would be ideal if Viscosity were able to handle this too, so I've created a ticket for us internally to look into further. In the meantime you could try making sure no DHCPv6 or SLAAC services are running on the VPN network and see if that helps. Alternatively there is no harm in leaving the Enable IPv6 option off if you're pushing the IPv6 address via OpenVPN.

3 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy