Jump to content
Not connected, Your IP: 34.200.218.187
Hotgloblin

ANSWERED No Ipv6 with Asus Router running OpenVpn

Recommended Posts

Hi

Problem
I have no IPv6 connectivity when going through AirVpn servers via my Draytech modem/PPoE/Asus Router/Asus OpenVpn Client/Windows/Firefox or Edge.
With OpenVPN in my Asus router activated, ipleak says "IPv6 test not reachable. (timeout)" and "Fallback: Fail (timeout)" and other web based IPv6 testers also say "no".
Connectivity is fine when I deactivate OpenVpn in my router and connect to my ISP in clear (no VPN).
My Android phone using ipleak shows no IPv6 connectivity when running OpenVPN on the router but does show IPv6 connectivity when using Eddie for Android (regardless of the router OpenVPN activation state).
I have used the AirVpn Configuration Tool to create several OpenVpn files (countries and continents and advanced and simple modes).  Same results.
My Router IPV6 page is set:
. Connection type: Native
. Interface: PPP
. Everything else to default values as "enabled" or "stateless"

In summary:

Scenario 1
Router OpenVPN: deactivated
Eddie for Android: deactivated
Windows IPv6 connectivity: Yes
Android IPv6 Connectivity: Yes

Scenario 2

Router OpenVPN: deactivated
Eddie for Android: activated
Windows IPv6 connectivity: Yes
Android IPv6 Connectivity: Yes


Scenario 3
Router OpenVPN: activated
Eddie for Android: deactivated
Windows IPv6 connectivity: No
Android IPv6 Connectivity: No


Scenario 4
Router OpenVPN: activated
Eddie for Android: activated
Windows IPv6 connectivity: No
Android IPv6 Connectivity: Yes


Investigation
I've searched for an answer.  The best was on: https://www.snbforums.com/threads/ipv6-push-peer-info-airvpn-ac86u-not-working.63465//
This focuses on the "push to peer" command in the AirVpn OpenVPN configuration file and mentioned the router's built in OpenVPN client does not support IPv6.
I tried running with an AirVPN config file with "push to peer" removed but still no IPv6 connectivity.
Maybe all will be OK if I moved to Merlin firmware (like I used to have on my previously busted ASUS router) as maybe it has an IPv6 compliant version of OpenVPN?
BTW, I've already been fighting Eddie in Windows (IPv6 again by the looks of it!) while waiting for this replacement router!

Any ideas?

TIA.


 

Share this post


Link to post

One caveat of using OpenVPN anywhere so far is that, if source and destination both support v4 and v6, v4 is always preferred. If v4 was successful, tests for v6 connectivity in the same request will always fail. Especially true for ipv6-test.com and ipleak.net.
You get a better idea if v6 is working if you connect to v6-only domains, for example ipv6.nsupdate.info or ipv6.google.com. But know the above, you will practically always connect with v4 when connected.


» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
2 hours ago, giganerd said:

One caveat of using OpenVPN anywhere so far is that, if source and destination both support v4 and v6, v4 is always preferred. If v4 was successful, tests for v6 connectivity in the same request will always fail. Especially true for ipv6-test.com and ipleak.net.
You get a better idea if v6 is working if you connect to v6-only domains, for example ipv6.nsupdate.info or ipv6.google.com. But know the above, you will practically always connect with v4 when connected.


Many thanks for reading my post and the heads up.  Maybe I am not fully understanding but I do get both v6 and v4 addresses reported in ipleak.net when using Eddie in Android (but not in Windows). I'll try those v6 addresses when next on Windows.

Share this post


Link to post
@Hotgloblin

Hello!

We see that in AsusWRT and in Asus MerlinWRT, IPv6 is not tunneled by OpenVPN, even though IPv6 push is performed. According to some forums, this is a current limitation of the firmware implementation.

In Eddie Android edition IPv6 over IPv4 is enabled by default and you can fine tune according to your preferences in "Settings". However the OpenVPN3-AirVPN library in the current Eddie Android edition release has serious problems if you need a PURE IPv6 connection, so at the moment you need to renounce to pure IPv6 connections in Eddie Android.

@giganerd

We're not sure why you should, but if you need that IPv6 is preferred over IPv4 in spite of the solution you proposed some time ago, check here, even for a "patch" different than the one you suggested:

https://gist.github.com/e00E/70bcb5f7f0db216739029a7b7e342fdf

Kind regards
 

Share this post


Link to post
19 hours ago, Staff said:

We're not sure why you should, but if you need that IPv6 is preferred over IPv4 in spite of the solution you proposed some time ago, check here, even for a "patch" different than the one you suggested:


I proposed a solution? I don't remember, as I'm having this inconvenience myself. :D

It is an interesting gist, one I surely missed. It proves that the problem really stems from VPN providers assigning IPv6 ULAs. So the solution would be UGAs through SLAAC and PE, and such tinkering wouldn't be needed. Besides, wouldn't be possible on anything else but Linux and *BSD, anyway. So what's the argument against it?

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
21 hours ago, Staff said:
@Hotgloblin

Hello!

We see that in AsusWRT and in Asus MerlinWRT, IPv6 is not tunneled by OpenVPN, even though IPv6 push is performed. According to some forums, this is a current limitation of the firmware implementation.

In Eddie Android edition IPv6 over IPv4 is enabled by default and you can fine tune according to your preferences in "Settings". However the OpenVPN3-AirVPN library in the current Eddie Android edition release has serious problems if you need a PURE IPv6 connection, so at the moment you need to renounce to pure IPv6 connections in Eddie Android.
......
 

Hello and many thanks.

That's a shame v6 does not work in lovely Merlin either.  A firmware limitation?  Would make sense as Merlin is so "close" to stock.  Maybe another provider such as Tomato or DD-WRT?

Worryingly I did see some possible leakage on v6 in one test (could have just been a bad tester though)!

Should I be annoyed having just bought another (my third) Asus router?  They seem pretty good and I now know them very well.  But better ones?

My third one because I suspect they don't like power line surges (so power line and comms line surge suppressors this time!).

But am I really missing anything with not having v6 at the moment or am I just wanting the best looking car on the street?!

Must say, I have rather enjoyed lightly tipping my toe in this techy stuff, especially since I've now managed to have a few good nights of sleep! :)

Share this post


Link to post
On 7/30/2020 at 3:23 PM, giganerd said:

You get a better idea if v6 is working if you connect to v6-only domains, for example ipv6.nsupdate.info or ipv6.google.com. 


Yes, a big fat "Server not found" in Windows (using OpenVPN on the Asus router) but fine with Eddie for Android (still with OpenVPN active on the router).

Got to say, knowing what's going on, good or bad, certainly helps! 

Share this post


Link to post
15 hours ago, giganerd said:

I proposed a solution? I don't remember, as I'm having this inconvenience myself. :D
 

Hello!

You did (for Firefox) here: https://airvpn.org/forums/topic/25140-the-issue-your-browser-is-avoiding-ipv6/?do=findComment&comment=81717


 
Quote


It proves that the problem really stems from VPN providers assigning IPv6 ULAs.


Quite the contrary, please re-read. Our IPv6 handling is fully compliant to RFC (including ULA choice). It's the setup of some Linux systems that's not compliant to RFC 3484 and that can be easily fixed. Additionally it's the default setup of Chrome and Firefox that makes them prefer IPv4 when possible. In our opinion, it is a good thing currently, because of the poor status of IPv6 infrastructure nowadays. Anyway browsers' setup can be fixed too, but it's outside the scope of our service.

We don't see a valid reason to change our setup at the moment. We get 10/10 in https://test-ipv6.com from FreeBSD.

It is anyway OT, the problem of the OP  @Hotgloblin is related to apparent lack of OpenVPN IPv6 tunneling in certain firmware, even when IPv6 routes are pushed.

Kind regards
 

Share this post


Link to post
12 minutes ago, Staff said:

Thought you meant that. Was a temporary victory, for which I discovered the cause some time later: dnsmasq cached the results and returned AAAA first whenever possible. Plus, Firefox cached DNS results as well. I stopped using dnsmasq in favor of Pi-Hole half a year ago, so here I am :)

And you are right, it was off-topic. Sorry.

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.

 

» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post


Link to post
21 hours ago, Staff said:
@Hotgloblin

Hello!

Check out latest builds, hopefully the issue will be fixed soon.

Kind regards
 

A possible fix. Great!  Which software are you referring to please?  Stock ASUS, Merlin, Tomato, etc?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...