Page 1 of 1

bug report: network loop with ipv6 endpoint

Posted: Sun Mar 18, 2018 9:32 pm
by Strangelovian
When connecting to upd6 endpoint in tun mode, e.g.
Code: Select all
dev tun
remote 1194 udp6
Immediately upon connection, the VPN connection bandwidth saturate the networking capacity, i.e. 100mbps in my case.

With ipv4 udp endpoint, this problem doesn't happen.
With ipv4 endpoint, a specific route is always added by openvpn, to avoid "VPN nasty network loops". If xxx.yyy.zzz.ttt is your ipv4 VPN endpoint:
Code: Select all
netstat -nr
Routing tables
Destination        Gateway            Flags        Refs      Use   Netif Expire
0/1              UGSc          118        0   utun1
xxx.yyy.zzz.ttt/32       UGSc            1        0     en0
This is NOT done by openvpn / viscosity for ipv6 VPN endpoints.
As a result, a VPN network loop happens right upon connection, which saturates the client network connection.

Re: bug report: network loop with ipv6 endpoint

Posted: Thu Mar 22, 2018 4:45 pm
by James
Hi Strangelovian,

The /32 route is created as part of the "redirect-gateway" command. In the case of IPv6 if "redirect-gateway ipv6" is being pushed then it should be doing the same for a IPv6 /128 route. However if the IPv6 route/s are being set manually instead of through the use of "redirect-gateway ipv6" then the /128 won't be created. This is often the case to maintain backwards compatibility with older versions of OpenVPN - the workaround is to push the /128 manually with the gateway set to "net_gateway".

If you're still stuck please don't hesitate to get in touch with a copy of your server and client configuration files and we'll take a closer look.