You are not logged in.

Pages: 1

#1 2017-02-14 07:52:22

ap_
Member
From: Finland
Registered: 2008-10-14
Posts: 48

[SOLVED] OpenVPN-client and operation not supported on ip -6 addr add

EDIT: SOLVED by using a different VPN-service... smile




Hi, I had a working OpenVPN-client setup running with these same settings. I guess some upgrade broke it. I moved the config-files to the 'client' dir on /etc/openvpn, after upgrading to OpenVPN 2.4.0, but I've failed to make things work again.

/etc/openvpn/client/mullvad.conf (downloaded from their site)

client

dev tun

#proto udp6
#proto udp
#proto tcp

remote de.mullvad.net 1300
cipher AES-256-CBC
tun-ipv6

# Keep trying indefinitely to resolve the
# host name of the OpenVPN server.  Very useful
# on machines which are not permanently connected
# to the internet such as laptops.
resolv-retry infinite
# Most clients don't need to bind to
# a specific local port number.
nobind

# Try to preserve some state across restarts.
persist-key
persist-tun

# Enable compression on the VPN link.
comp-lzo

# Set log file verbosity.
verb 3

remote-cert-tls server

ping-restart 60

# Allow calling of built-in executables and user-defined scripts.
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
ca /etc/openvpn/client/ca.crt
cert /etc/openvpn/client/mullvad.crt
key /etc/openvpn/client/mullvad.key

crl-verify /etc/openvpn/client/crl.pem

# Limit range of possible TLS cipher-suites
tls-cipher *long list of abbrevations here :)*

What happens on openvpn --config /etc/openvpn/client/mullvad.conf

Tue Feb 14 09:42:25 2017 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Tue Feb 14 09:42:25 2017 OpenVPN 2.4.0 x86_64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Dec 28 2016
Tue Feb 14 09:42:25 2017 library versions: OpenSSL 1.0.2k  26 Jan 2017, LZO 2.09
Tue Feb 14 09:42:25 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Tue Feb 14 09:42:30 2017 TCP/UDP: Preserving recently used remote address: [AF_INET]185.62.205.144:1300
Tue Feb 14 09:42:30 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Tue Feb 14 09:42:30 2017 UDP link local: (not bound)
Tue Feb 14 09:42:30 2017 UDP link remote: [AF_INET]185.62.205.144:1300
Tue Feb 14 09:42:30 2017 TLS: Initial packet from [AF_INET]185.62.205.144:1300, sid=93432cb4 d1560a2d
Tue Feb 14 09:42:30 2017 VERIFY WARNING: depth=1, unable to get certificate CRL: C=NA, ST=None, L=None, O=Mullvad, CN=master.mullvad.net, emailAddress=info@mullvad.net
Tue Feb 14 09:42:30 2017 VERIFY WARNING: depth=2, unable to get certificate CRL: C=NA, ST=None, L=None, O=Mullvad, CN=Mullvad CA, emailAddress=info@mullvad.net
Tue Feb 14 09:42:30 2017 VERIFY OK: depth=2, C=NA, ST=None, L=None, O=Mullvad, CN=Mullvad CA, emailAddress=info@mullvad.net
Tue Feb 14 09:42:30 2017 VERIFY OK: depth=1, C=NA, ST=None, L=None, O=Mullvad, CN=master.mullvad.net, emailAddress=info@mullvad.net
Tue Feb 14 09:42:30 2017 Validating certificate key usage
Tue Feb 14 09:42:30 2017 ++ Certificate has key usage  00a0, expects 00a0
Tue Feb 14 09:42:30 2017 VERIFY KU OK
Tue Feb 14 09:42:30 2017 Validating certificate extended key usage
Tue Feb 14 09:42:30 2017 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Tue Feb 14 09:42:30 2017 VERIFY EKU OK
Tue Feb 14 09:42:30 2017 VERIFY OK: depth=0, C=NA, ST=None, L=None, O=Mullvad, CN=de5.mullvad.net, emailAddress=info@mullvad.net
Tue Feb 14 09:42:31 2017 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Tue Feb 14 09:42:31 2017 [de5.mullvad.net] Peer Connection Initiated with [AF_INET]185.62.205.144:1300
Tue Feb 14 09:42:32 2017 SENT CONTROL [de5.mullvad.net]: 'PUSH_REQUEST' (status=1)
Tue Feb 14 09:42:32 2017 PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fd10:cda4:1118:72::1010/112 fd10:cda4:1118:72::,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.114.0.1,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.114.0.1,topology subnet,ifconfig 10.114.0.18 255.255.0.0'
Tue Feb 14 09:42:32 2017 OPTIONS IMPORT: --ifconfig/up options modified
Tue Feb 14 09:42:32 2017 OPTIONS IMPORT: route options modified
Tue Feb 14 09:42:32 2017 OPTIONS IMPORT: route-related options modified
Tue Feb 14 09:42:32 2017 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Tue Feb 14 09:42:32 2017 Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb 14 09:42:32 2017 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 14 09:42:32 2017 Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Tue Feb 14 09:42:32 2017 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 14 09:42:32 2017 ROUTE_GATEWAY 192.168.1.1/255.255.255.0 IFACE=eth0 HWADDR=bc:ae:c5:8f:3b:59
Tue Feb 14 09:42:32 2017 GDG6: remote_host_ipv6=n/a
Tue Feb 14 09:42:32 2017 GDG6: NLSMG_ERROR: error -95
Tue Feb 14 09:42:32 2017 ROUTE6: default_gateway=UNDEF
Tue Feb 14 09:42:32 2017 TUN/TAP device tun0 opened
Tue Feb 14 09:42:32 2017 TUN/TAP TX queue length set to 100
Tue Feb 14 09:42:32 2017 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Tue Feb 14 09:42:32 2017 /usr/bin/ip link set dev tun0 up mtu 1500
Tue Feb 14 09:42:32 2017 /usr/bin/ip addr add dev tun0 10.114.0.18/16 broadcast 10.114.255.255
Tue Feb 14 09:42:32 2017 /usr/bin/ip -6 addr add fd10:cda4:1118:72::1010/112 dev tun0
Tue Feb 14 09:42:32 2017 Linux ip -6 addr add failed: external program exited with error status: 2
Tue Feb 14 09:42:32 2017 Exiting due to fatal error

So I guess OpenVPN fails to assing a ipv6-address to the new tun0 interface? I tried the 'systemd-resolved' and 'vpnfailsafe' scripts also, but with same results. I suppose this is just one of those little things I've missed?

Thanks for your input!

Last edited by ap_ (2017-02-14 17:51:59)

Offline

Pages: 1

Board footer

Powered by FluxBB