Jump to content
Not connected, Your IP: 3.80.5.103
Staff

IPv6 support - Experimental phase

Recommended Posts

Just noticed the experimental servers are no longer marked as experimental?

I tried to connect to the 'best' Belgian server and was assigned an ipv6 address

Share this post


Link to post

Just noticed the experimental servers are no longer marked as experimental?

I tried to connect to the 'best' Belgian server and was assigned an ipv6 address

 

I just connected to Chamaeleon in Texas and have an IPv6 address! The rest of the Texas ones I have saved, and all of the California ones are still marked as 'connection mode not available' though. Looks like they're slowly rolling it out. Still don't think it'll be an official thing until Eddie is ready to come out of beta though. 

 

EDIT: Yep theres also servers in Frankfurt, Latvia, the UK as well as the US now, but only one server in each. If you're connected in Belgium via IPv6, you're using the original experimental one, Castor, its the only IPv6 one there still.

Share this post


Link to post

Yes, <tls-crypt> on Rana works well for me.

Windows 10, OpenVPN Client 2.4.6, Location tested: Munich, Germany

Share this post


Link to post

I have been using Castor. The last few days at just after 19:00 GMT, in the OpenVPN log I get several of these:

 

TLS Error: local/remote TLS keys are out of sync: [AF_INET6]2001:ac8:27:f:9ff8:eafb:3bb8:3c4f:443 [3]

 

Until this:

 

Thu May 10 12:17:53 2018 [Castor] Inactivity timeout (--ping-restart), restarting

Thu May 10 12:17:53 2018 SIGUSR1[soft,ping-restart] received, process restarting

Thu May 10 12:17:53 2018 Restart pause, 5 second(s)

 

Then after the restart:

 

Thu May 10 12:17:59 2018 Preserving previous TUN/TAP instance: Ethernet 2

Thu May 10 12:17:59 2018 NOTE: Pulled options changed on restart, will need to close and reopen TUN/TAP device.

 

The IP address changes! I do not have the VPN as the default gateway. So I have my torrent client bound the VPN interface IP address. So having this IP address change is a very large problem. I have to restart my torrent client.

 

I sure hope this is not intended to be this way. Or is this what we need to be prepared for now? Thanks.

 

EDIT: I realized later that this was happening only when I used IPv6 to connect through my home router. In my router I changed IPv6 allocation to "Stateful" from "Stateless", and although the DHCPv6 "lease expiration" is only 24 hours with extensions of between 30 and 150 minutes, unless I restart DHCPv6 on my router the router gives the same IPv6 address on renewal. I think that before this change, after 24 hours my public IPv6 address would change (no NAT for IPv6 in my router setup) and since AirVPN saw a connection from a different IPv6 address it gave out a different address.

Share this post


Link to post

OpenVPN 2.4.6 x86_64

win 7 x64

 

Server Germany Errai

 

I am getting "netsh command failed: returned error code 1",  when "netsh.exe interface ipv6 set address interface=18..." is executed , so i guess  ip v6 must be enabled in tap v9 settings.

Share this post


Link to post

Staff, can you tell us more about the new DNS server engine you speak of in the OP?  Besides necessary changes for IPv6 is there anything else new?

Share this post


Link to post

Been using Chamaeleon with tls-crypt but this evening am noticing a problem but the status page isn't showing anything wrong.

 

What I see is intermittent packet loss in my pfsense gateway monitoring, and traffic at random intervals goes to zero for a very short time then starts up again.

 

When I tried to connect to Chamaeleon at entry 1 (not tls-crypt) but it wouldn't connect at all.  I did, of course, change the static key to the proper one for the attempt.

 

So, I switched back to tls-crypt and it connected just fine.  But, I'm still getting packet loss.

 

Something amiss with that server I'm afraid.

Share this post


Link to post

So, it's June @Staff.

 

How far are we from full tls-crypt and IPV6 support?

 

Hello!

 

We are very near. Now servers supporting IPv6 and tls-crypt are twelve and no specific problems are detected. We call such servers "Generation 2" servers, and you can see them in Eddie or in the Configuration Generator by selecting the proper options.

 

When Eddie 2.14.x reaches the stable release, we will allow some more time to get out of the experimental phase and upgrade (gradually, because it requires disconnection of all clients) every server to Generation 2.

 

Only a tiny amount of servers (less than 7-8) will not support IPv6 because the datacenter does not have an IPv6 infrastructure. They will support anyway tls-crypt

 

Kind regards

Share this post


Link to post

I have been using tls-crypt on my pfSense firewall for a while now. I have this problem that when connecting to tls-crypt supported servers gateway server

changes each time the client connets and it is not a fixed ip like 10.4.0.1 as it used to be so I can put it on my pfsense dns settings. I fixed this by

creating a custom script that creates a route to 10.4.0.1 each time vpn client connects using gateway returned from OpenVPN client. It has been working fine

until a week ago. I guess some changes has been made by AirVPN staff hence my script does not work anymore. Is there anyway to get a fixed dns ip that doesn't

change everytime a client connects?

Share this post


Link to post

Rad Sabik just went IPv6 in Los Angeles!!

 

(Theres also six others in the US now for those that wanna try it out...)

Share this post


Link to post
Guest

 

So, it's June @Staff.

 

How far are we from full tls-crypt and IPV6 support?

 

Hello!

 

We are very near. Now servers supporting IPv6 and tls-crypt are twelve and no specific problems are detected. We call such servers "Generation 2" servers, and you can see them in Eddie or in the Configuration Generator by selecting the proper options.

 

When Eddie 2.14.x reaches the stable release, we will allow some more time to get out of the experimental phase and upgrade (gradually, because it requires disconnection of all clients) every server to Generation 2.

 

Only a tiny amount of servers (less than 7-8) will not support IPv6 because the datacenter does not have an IPv6 infrastructure. They will support anyway tls-crypt

 

Kind regards

 

I'm curious - how can a datacenter of all places not have an infrastructure for a protocol that's been around for 20 years now? Are you able to list such servers or at least name and shame the providers? Maybe it's a sign of a larger problem but I'd have thought IPv6 is essential now IPv4 is depleted...

 

Is it even fair to call it a 'datacenter' if it can't route packets on what is the most essential fundamental layer of networking?

Share this post


Link to post

@ 5YmkoLQZ:

 

Remember that it took very long till IPv6 support became more widespread. Even many ISPs do not yet support it (are have just began). Further, it seems that for a long time, OpenVPN did not do a good job to integrate it. According to Air, Air itself had to rewrite some parts of OpenVPN code.  

Share this post


Link to post

 

 

So, it's June @Staff.

 

How far are we from full tls-crypt and IPV6 support?

 

Hello!

 

We are very near. Now servers supporting IPv6 and tls-crypt are twelve and no specific problems are detected. We call such servers "Generation 2" servers, and you can see them in Eddie or in the Configuration Generator by selecting the proper options.

 

When Eddie 2.14.x reaches the stable release, we will allow some more time to get out of the experimental phase and upgrade (gradually, because it requires disconnection of all clients) every server to Generation 2.

 

Only a tiny amount of servers (less than 7-8) will not support IPv6 because the datacenter does not have an IPv6 infrastructure. They will support anyway tls-crypt

 

Kind regards

 

I'm curious - how can a datacenter of all places not have an infrastructure for a protocol that's been around for 20 years now? Are you able to list such servers or at least name and shame the providers? Maybe it's a sign of a larger problem but I'd have thought IPv6 is essential now IPv4 is depleted...

 

Is it even fair to call it a 'datacenter' if it can't route packets on what is the most essential fundamental layer of networking?

 

Hello!

 

The servers which are in a datacenter without IPv6 infrastructure are Baiten, Porrima and Scheat (Lithuania) and Kitalpha (Switzerland). The company operating the Kitalpha datacenter wrote to us that IPv6 support is planned in a not too distant future.

 

Kind regards

Share this post


Link to post

@ 5YmkoLQZ:

 

Remember that it took very long till IPv6 support became more widespread. Even many ISPs do not yet support it (are have just began). Further, it seems that for a long time, OpenVPN did not do a good job to integrate it. According to Air, Air itself had to rewrite some parts of OpenVPN code.  

 

Hello!

 

True. Probably the market pressure is still too low for IPv6 thorough depletion. For example, we have had (and we still have) several technical issues and blackouts with IPv6 for our tests from Italy, and our IPv6 monitoring system still detects random and frequent IPv6 blackouts in many servers in various datacenters, for example in Canada, the United Stated and the Netherlands.

 

Things might change as the IPv4 addresses shortage will hurt more and more, and maybe when some services will be reachable only on IPv6, but we have no idea when this will happen.  At the moment, it's plausible that for an average Internet user (and even for many advanced users) IPv4 is sufficient for any purpose.

 

Our care and urgency to provide full IPv6 support is based on the need to remain the most advanced VPN service and therefore satisfy the requirements of an important niche of customers who have only IPv6 access (IPv4 available only over IPv6). For them, using a VPN based on IPv4 only is not safe, or it's even impossible on some systems.

 

Kind regards

Share this post


Link to post
Guest
This topic is now closed to further replies.

×
×
  • Create New...