Linux ip -6 addr add failed

[zombie1982 5]

Today afternoon my default vpn tunnel at linux crashed. I can not reconnect it with my default config. I changed nothing in my debian box.

Anyone else got this ? All IPv6 support is disabled at my system. vpn over ssl still working

EDIT:  OK saw the Push message from server:

Wed May  2 17:33:52 2018 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.17.0.1,dhcp-option DNS6 fde6:7a:7d20:17::1,tun-ipv6,route-gateway 10.17.0.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:17::1000/64 fde6:7a:7d20:17::1,ifconfig 10.17.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM'
 

How can I ignore just the IPv6 part of the server and connect by only IPv4 ? Why you do that without advanced warning ?

 

Wed May  2 16:33:39 2018 GDG6: remote_host_ipv6=n/a
Wed May  2 16:33:39 2018 GDG6: NLSMG_ERROR: error -95

Wed May  2 16:33:39 2018 ROUTE6: default_gateway=UNDEF
Wed May  2 16:33:39 2018 TUN/TAP device tun1 opened
Wed May  2 16:33:39 2018 TUN/TAP TX queue length set to 100
Wed May  2 16:33:39 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Wed May  2 16:33:39 2018 /sbin/ip link set dev tun1 up mtu 1500
Wed May  2 16:33:39 2018 /sbin/ip addr add dev tun1 10.17.0.2/16 broadcast 10.17.255.255
Wed May  2 16:33:39 2018 /sbin/ip -6 addr add fde6:7a:xxxx:xx::1000/64 dev tun1
RTNETLINK answers: Operation not supported
Wed May  2 16:33:39 2018 Linux ip -6 addr add failed: external program exited with error status: 2
Wed May  2 16:33:39 2018 Exiting due to fatal error

[Staff 9972]

Hello!

 

This is interesting.

We are gradually activating IPv6 on every server, but you have IPv6 disabled at OS level, and this causes a fatal error.

For the moment, you can:

- Reactivate IPv6
No good reason is known to disable IPv6 at OS level. If you are scared about IPv6 leak when connecting to servers without IPv6 support,
a cleaner solution is simply blocking IPv6 traffic with ip6tables.

 

OR

 

- Append the following directives in your .ovpn files:
 

pull-filter ignore "dhcp-option DNS6"
pull-filter ignore "tun-ipv6"
pull-filter ignore "ifconfig-ipv6"

 

This will skip IPv6 configuration of tunnel and avoid your error. We are considering related options to Config Generator.

 

Kind regards

[zombie1982 5]

Thank you for quick reply. I'll edit my .config and prepare my OS for IPv6 in the future.

[duffydack 4]

I had connection error too on my asus merlin router (with ip6 disabled).  Added the extra lines, works again.  I will consider enabling ipv6 in the future.

 

thanks

[tafn 0]

Thank you. This solved my problem with a Debian install.

In my case I did reactive IPv6 in the /etc/network/interfaces (iface ... inet6 auto) but still wasn't able to connect (same error as OP).
Adding the three latter lines to the config file made it work again.

[Gerbilator 0]

Response with "pull-filter" command above is correct, but somehow when copy-pasted directly from Firefox into .ovpn file it has some extra invisible characters. So I was getting

Quote

Unrecognized option or missing or extra parameter(s) in config.ovpn:38: pull-filter

error message after attempt of enabling vpn client. I guess don't copy-paste random stuff from internet or type it by hand.

[hezzomo 0]

On 5/1/2021 at 12:33 PM, tafn said:

Thank you. This solved my problem with a Debian install.

In my case I did reactive IPv6 in the /etc/network/interfaces (iface ... inet6 auto) but still wasn't able to connect (same error as OP).
Adding the three latter lines to the config file made it work again.

My solution as well. Thank you