Jump to content
Not connected, Your IP: 3.231.229.89
wintermute1912

remote_host_ipv6=n/a - error Operation not supported

Recommended Posts

I use Ubuntu 16.04.5 with ipv6.disable=1 in my grub file. I have OpenVPN version 2.4 installed.

I generated ovpn config files for all TLS 1.2 primary servers (entry point 3) UDP 443 with the following options:

  • IPv4 only
  • Resolve hostnames
  • Separate keys / certs

Then to connect I only ever run openvpn in terminal selecting one of the ovpn files pretty much at random but lately most of them generate the following and fail to connect. It looks as if they're trying to force an ipv6 connection?

I don't want to use ipv6 as it's harder to lock down and I make sure to select IPv4 ONLY in the config generator.

Wed Dec  4 04:36:47 2019 OpenVPN 2.4.8 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Oct 31 2019
Wed Dec  4 04:36:47 2019 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Wed Dec  4 04:36:47 2019 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Wed Dec  4 04:36:47 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Dec  4 04:36:47 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Dec  4 04:36:47 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Dec  4 04:36:47 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Dec  4 04:36:47 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]184.75.223.213:443
Wed Dec  4 04:36:47 2019 Socket Buffers: R=[212992->212992] S=[212992->212992]
Wed Dec  4 04:36:47 2019 UDP link local: (not bound)
Wed Dec  4 04:36:47 2019 UDP link remote: [AF_INET]184.75.223.213:443
Wed Dec  4 04:36:47 2019 TLS: Initial packet from [AF_INET]184.75.223.213:443, sid=4dfd5b1f 47dea206
Wed Dec  4 04:36:47 2019 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
Wed Dec  4 04:36:47 2019 VERIFY KU OK
Wed Dec  4 04:36:47 2019 Validating certificate extended key usage
Wed Dec  4 04:36:47 2019 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Wed Dec  4 04:36:47 2019 VERIFY EKU OK
Wed Dec  4 04:36:47 2019 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Agena, emailAddress=info@airvpn.org
Wed Dec  4 04:36:48 2019 Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
Wed Dec  4 04:36:48 2019 [Agena] Peer Connection Initiated with [AF_INET]184.75.223.213:443
Wed Dec  4 04:36:49 2019 SENT CONTROL [Agena]: 'PUSH_REQUEST' (status=1)
Wed Dec  4 04:36:49 2019 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.4.210.1,dhcp-option DNS6 fde6:7a:7d20:d2::1,tun-ipv6,route-gateway 10.4.210.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:d2::1073/64 fde6:7a:7d20:d2::1,ifconfig 10.4.210.117 255.255.255.0,peer-id 2,cipher AES-256-GCM'
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: timers and/or timeouts modified
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: compression parms modified
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: --ifconfig/up options modified
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: route options modified
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: route-related options modified
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: peer-id set
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: adjusting link_mtu to 1625
Wed Dec  4 04:36:49 2019 OPTIONS IMPORT: data channel crypto options modified
Wed Dec  4 04:36:49 2019 Data Channel: using negotiated cipher 'AES-256-GCM'
Wed Dec  4 04:36:49 2019 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Dec  4 04:36:49 2019 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Wed Dec  4 04:36:49 2019 ROUTE_GATEWAY 10.1.1.1/255.255.255.0 IFACE=eno1 HWADDR=2c:27:d7:1e:2f:56
Wed Dec  4 04:36:49 2019 GDG6: remote_host_ipv6=n/a
Wed Dec  4 04:36:49 2019 GDG6: NLMSG_ERROR: error Operation not supported


Wed Dec  4 04:36:49 2019 ROUTE6: default_gateway=UNDEF
Wed Dec  4 04:36:49 2019 TUN/TAP device tun0 opened
Wed Dec  4 04:36:49 2019 TUN/TAP TX queue length set to 100
Wed Dec  4 04:36:49 2019 /sbin/ip link set dev tun0 up mtu 1500
Wed Dec  4 04:36:49 2019 /sbin/ip addr add dev tun0 10.4.210.117/24 broadcast 10.4.210.255
Wed Dec  4 04:36:49 2019 /sbin/ip -6 addr add fde6:7a:7d20:d2::1073/64 dev tun0
RTNETLINK answers: Operation not supported
Wed Dec  4 04:36:49 2019 Linux ip -6 addr add failed: external program exited with error status: 2
Wed Dec  4 04:36:49 2019 Exiting due to fatal error

VG8gZXJyIGlzIGh1bWFuLCB0byByZWFsbHkgZnVjayB1cCB0YWtlcyBhIGNvbXB1dGVyIQ==

Share this post


Link to post

Can you post your generated config?


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

Rather than a problem in the openvpn config, I believe what's happening is that openvpn client is still trying to setup IPv6 routes for the tunnel device on a machine that has IPv6 disabled.  (I do think there are still valid reasons to disable IPv6, nowadays.)  And it's an annoying problem, because it seems like it doesn't happen all the time — or rather, that some Air servers will still ask the client to setup IPv6 routes even though they've not pushed UV_IPV6 to the environment using push-peer-info — so you'll connect perfectly with IPv4 only on some servers but not others with such a configuration.

On your (@wintermute1912's) side, I'm unsure what can be actually done short of adding these lines to your openvpn config and enduring a bit more terminal noise when connecting:

pull-filter ignore "ifconfig-ipv6 "
pull-filter ignore "route-ipv6 "
Maybe Air staff might have a better suggestion for what to do.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...