Jump to content
Not connected, Your IP: 35.173.35.159

Recommended Posts

Today afternoon my default vpn tunnel at linux crashed. I can not reconnect it with my default config. I changed nothing in my debian box.

Anyone else got this ? All IPv6 support is disabled at my system. vpn over ssl still working

EDIT:  OK saw the Push message from server:

Wed May  2 17:33:52 2018 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.17.0.1,dhcp-option DNS6 fde6:7a:7d20:17::1,tun-ipv6,route-gateway 10.17.0.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:17::1000/64 fde6:7a:7d20:17::1,ifconfig 10.17.0.2 255.255.0.0,peer-id 0,cipher AES-256-GCM'
 

How can I ignore just the IPv6 part of the server and connect by only IPv4 ? Why you do that without advanced warning ?

 

Wed May  2 16:33:39 2018 GDG6: remote_host_ipv6=n/a
Wed May  2 16:33:39 2018 GDG6: NLSMG_ERROR: error -95

Wed May  2 16:33:39 2018 ROUTE6: default_gateway=UNDEF
Wed May  2 16:33:39 2018 TUN/TAP device tun1 opened
Wed May  2 16:33:39 2018 TUN/TAP TX queue length set to 100
Wed May  2 16:33:39 2018 do_ifconfig, tt->did_ifconfig_ipv6_setup=1
Wed May  2 16:33:39 2018 /sbin/ip link set dev tun1 up mtu 1500
Wed May  2 16:33:39 2018 /sbin/ip addr add dev tun1 10.17.0.2/16 broadcast 10.17.255.255
Wed May  2 16:33:39 2018 /sbin/ip -6 addr add fde6:7a:xxxx:xx::1000/64 dev tun1
RTNETLINK answers: Operation not supported
Wed May  2 16:33:39 2018 Linux ip -6 addr add failed: external program exited with error status: 2
Wed May  2 16:33:39 2018 Exiting due to fatal error

Share this post


Link to post

Hello!

 

This is interesting.

We are gradually activating IPv6 on every server, but you have IPv6 disabled at OS level, and this causes a fatal error.

For the moment, you can:

- Reactivate IPv6
No good reason is known to disable IPv6 at OS level. If you are scared about IPv6 leak when connecting to servers without IPv6 support,
a cleaner solution is simply blocking IPv6 traffic with ip6tables.

 

OR

 

- Append the following directives in your .ovpn files:
 

pull-filter ignore "dhcp-option DNS6"
pull-filter ignore "tun-ipv6"
pull-filter ignore "ifconfig-ipv6"

 

This will skip IPv6 configuration of tunnel and avoid your error. We are considering related options to Config Generator.

 

Kind regards

Share this post


Link to post

I had connection error too on my asus merlin router (with ip6 disabled).  Added the extra lines, works again.  I will consider enabling ipv6 in the future.

 

thanks

Share this post


Link to post

Thank you. This solved my problem with a Debian install.

In my case I did reactive IPv6 in the /etc/network/interfaces (iface ... inet6 auto) but still wasn't able to connect (same error as OP).
Adding the three latter lines to the config file made it work again.

Share this post


Link to post

Response with "pull-filter" command above is correct, but somehow when copy-pasted directly from Firefox into .ovpn file it has some extra invisible characters. So I was getting

Quote

Unrecognized option or missing or extra parameter(s) in config.ovpn:38: pull-filter


error message after attempt of enabling vpn client. I guess don't copy-paste random stuff from internet or type it by hand.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...