Jump to content
Not connected, Your IP: 54.80.173.217
Hotgloblin

ANSWERED No Ipv6 with Asus Router running OpenVpn

Recommended Posts

Hi

Problem
I have no IPv6 connectivity when going through AirVpn servers via my Draytech modem/PPoE/Asus Router/Asus OpenVpn Client/Windows/Firefox or Edge.
With OpenVPN in my Asus router activated, ipleak says "IPv6 test not reachable. (timeout)" and "Fallback: Fail (timeout)" and other web based IPv6 testers also say "no".
Connectivity is fine when I deactivate OpenVpn in my router and connect to my ISP in clear (no VPN).
My Android phone using ipleak shows no IPv6 connectivity when running OpenVPN on the router but does show IPv6 connectivity when using Eddie for Android (regardless of the router OpenVPN activation state).
I have used the AirVpn Configuration Tool to create several OpenVpn files (countries and continents and advanced and simple modes).  Same results.
My Router IPV6 page is set:
. Connection type: Native
. Interface: PPP
. Everything else to default values as "enabled" or "stateless"

In summary:

Scenario 1
Router OpenVPN: deactivated
Eddie for Android: deactivated
Windows IPv6 connectivity: Yes
Android IPv6 Connectivity: Yes

Scenario 2

Router OpenVPN: deactivated
Eddie for Android: activated
Windows IPv6 connectivity: Yes
Android IPv6 Connectivity: Yes


Scenario 3
Router OpenVPN: activated
Eddie for Android: deactivated
Windows IPv6 connectivity: No
Android IPv6 Connectivity: No


Scenario 4
Router OpenVPN: activated
Eddie for Android: activated
Windows IPv6 connectivity: No
Android IPv6 Connectivity: Yes


Investigation
I've searched for an answer.  The best was on: https://www.snbforums.com/threads/ipv6-push-peer-info-airvpn-ac86u-not-working.63465//
This focuses on the "push to peer" command in the AirVpn OpenVPN configuration file and mentioned the router's built in OpenVPN client does not support IPv6.
I tried running with an AirVPN config file with "push to peer" removed but still no IPv6 connectivity.
Maybe all will be OK if I moved to Merlin firmware (like I used to have on my previously busted ASUS router) as maybe it has an IPv6 compliant version of OpenVPN?
BTW, I've already been fighting Eddie in Windows (IPv6 again by the looks of it!) while waiting for this replacement router!

Any ideas?

TIA.


 

Share this post


Link to post

One caveat of using OpenVPN anywhere so far is that, if source and destination both support v4 and v6, v4 is always preferred. If v4 was successful, tests for v6 connectivity in the same request will always fail. Especially true for ipv6-test.com and ipleak.net.
You get a better idea if v6 is working if you connect to v6-only domains, for example ipv6.nsupdate.info or ipv6.google.com. But know the above, you will practically always connect with v4 when connected.


» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
2 hours ago, giganerd said:

One caveat of using OpenVPN anywhere so far is that, if source and destination both support v4 and v6, v4 is always preferred. If v4 was successful, tests for v6 connectivity in the same request will always fail. Especially true for ipv6-test.com and ipleak.net.
You get a better idea if v6 is working if you connect to v6-only domains, for example ipv6.nsupdate.info or ipv6.google.com. But know the above, you will practically always connect with v4 when connected.


Many thanks for reading my post and the heads up.  Maybe I am not fully understanding but I do get both v6 and v4 addresses reported in ipleak.net when using Eddie in Android (but not in Windows). I'll try those v6 addresses when next on Windows.

Share this post


Link to post
@Hotgloblin

Hello!

We see that in AsusWRT and in Asus MerlinWRT, IPv6 is not tunneled by OpenVPN, even though IPv6 push is performed. According to some forums, this is a current limitation of the firmware implementation.

In Eddie Android edition IPv6 over IPv4 is enabled by default and you can fine tune according to your preferences in "Settings". However the OpenVPN3-AirVPN library in the current Eddie Android edition release has serious problems if you need a PURE IPv6 connection, so at the moment you need to renounce to pure IPv6 connections in Eddie Android.

@giganerd

We're not sure why you should, but if you need that IPv6 is preferred over IPv4 in spite of the solution you proposed some time ago, check here, even for a "patch" different than the one you suggested:

https://gist.github.com/e00E/70bcb5f7f0db216739029a7b7e342fdf

Kind regards
 

Share this post


Link to post
19 hours ago, Staff said:

We're not sure why you should, but if you need that IPv6 is preferred over IPv4 in spite of the solution you proposed some time ago, check here, even for a "patch" different than the one you suggested:


I proposed a solution? I don't remember, as I'm having this inconvenience myself. :D

It is an interesting gist, one I surely missed. It proves that the problem really stems from VPN providers assigning IPv6 ULAs. So the solution would be UGAs through SLAAC and PE, and such tinkering wouldn't be needed. Besides, wouldn't be possible on anything else but Linux and *BSD, anyway. So what's the argument against it?

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
21 hours ago, Staff said:
@Hotgloblin

Hello!

We see that in AsusWRT and in Asus MerlinWRT, IPv6 is not tunneled by OpenVPN, even though IPv6 push is performed. According to some forums, this is a current limitation of the firmware implementation.

In Eddie Android edition IPv6 over IPv4 is enabled by default and you can fine tune according to your preferences in "Settings". However the OpenVPN3-AirVPN library in the current Eddie Android edition release has serious problems if you need a PURE IPv6 connection, so at the moment you need to renounce to pure IPv6 connections in Eddie Android.
......
 

Hello and many thanks.

That's a shame v6 does not work in lovely Merlin either.  A firmware limitation?  Would make sense as Merlin is so "close" to stock.  Maybe another provider such as Tomato or DD-WRT?

Worryingly I did see some possible leakage on v6 in one test (could have just been a bad tester though)!

Should I be annoyed having just bought another (my third) Asus router?  They seem pretty good and I now know them very well.  But better ones?

My third one because I suspect they don't like power line surges (so power line and comms line surge suppressors this time!).

But am I really missing anything with not having v6 at the moment or am I just wanting the best looking car on the street?!

Must say, I have rather enjoyed lightly tipping my toe in this techy stuff, especially since I've now managed to have a few good nights of sleep! :)

Share this post


Link to post
On 7/30/2020 at 3:23 PM, giganerd said:

You get a better idea if v6 is working if you connect to v6-only domains, for example ipv6.nsupdate.info or ipv6.google.com. 


Yes, a big fat "Server not found" in Windows (using OpenVPN on the Asus router) but fine with Eddie for Android (still with OpenVPN active on the router).

Got to say, knowing what's going on, good or bad, certainly helps! 

Share this post


Link to post
15 hours ago, giganerd said:

I proposed a solution? I don't remember, as I'm having this inconvenience myself. :D
 

Hello!

You did (for Firefox) here: https://airvpn.org/forums/topic/25140-the-issue-your-browser-is-avoiding-ipv6/?do=findComment&comment=81717


 
Quote


It proves that the problem really stems from VPN providers assigning IPv6 ULAs.


Quite the contrary, please re-read. Our IPv6 handling is fully compliant to RFC (including ULA choice). It's the setup of some Linux systems that's not compliant to RFC 3484 and that can be easily fixed. Additionally it's the default setup of Chrome and Firefox that makes them prefer IPv4 when possible. In our opinion, it is a good thing currently, because of the poor status of IPv6 infrastructure nowadays. Anyway browsers' setup can be fixed too, but it's outside the scope of our service.

We don't see a valid reason to change our setup at the moment. We get 10/10 in https://test-ipv6.com from FreeBSD.

It is anyway OT, the problem of the OP  @Hotgloblin is related to apparent lack of OpenVPN IPv6 tunneling in certain firmware, even when IPv6 routes are pushed.

Kind regards
 

Share this post


Link to post
12 minutes ago, Staff said:

Thought you meant that. Was a temporary victory, for which I discovered the cause some time later: dnsmasq cached the results and returned AAAA first whenever possible. Plus, Firefox cached DNS results as well. I stopped using dnsmasq in favor of Pi-Hole half a year ago, so here I am :)

And you are right, it was off-topic. Sorry.

» I am not an AirVPN team member. All opinions are my own and are not official. Refer to Staff postings for the official word.

» These are the community forums, not the support portal. You're writing with other users here.

» New here? LZ1's New User Guide to AirVPN. Use the search function, Luke!

» Tor exits behind a VPN connection are discouraged. Using Tor on the other hand is not.

 

» Privacy is like alcohol: Drink a little and it can help you stay unnoticed. Drink a lot and everyone will notice you.

» I cannot give you the solution to all your issues. But I can guide you to it. The rest is up to you.

Share this post


Link to post
21 hours ago, Staff said:
@Hotgloblin

Hello!

Check out latest builds, hopefully the issue will be fixed soon.

Kind regards
 

A possible fix. Great!  Which software are you referring to please?  Stock ASUS, Merlin, Tomato, etc?

Share this post


Link to post
Posted ... (edited)

I have the same problem of not getting ipv6 on asuswrt-merlin 384.19, so waiting for an update.

My router is configured on pass-through mode for ipv6.
My problem is that I have ipv6 leaks from devices on my LAN when the router is connected to AirVPN.
I'm still looking at how to fix it. Sure I could simply deactivate ipv6 all together, but is there a better way to do it?

Edit: I decided to deactivate the ipv6 on the router, but it's creating a fatal error with the openvpn client connecting to AirVPN.
The ipv6 received from AirVPN at the connection is not working somewhere, the openvpn client tries to add it to the interface configuration. And with ipv6 deactivated, it's fatal.

Nov  6 09:53:55 ovpn-client1[2813]: /sbin/ifconfig tun11 add fde6:7a:7d20:1908::106e/64
Nov  6 09:53:55 ovpn-client1[2813]: Linux ifconfig inet6 failed: external program exited with error status: 1
Nov  6 09:53:55 ovpn-client1[2813]: Exiting due to fatal error

So, I have to reactivate ipv6 and I'm back to finding a way to fix these leaks.

Edited ... by dragoworld235
Adding more informations

Share this post


Link to post
Posted ... (edited)

Hello just a comment from a "non-advanced" user who was/does on occasion have connection problems with the IPv6 Windows error. I also have a current Asus router but I believe I have found a solution, regardless of router.  (I am referring to losing all connectivity with Air VPN/Eddie Client when settings are set to: IPv4/IPv6 and running "Inside tunnel if supported, otherwise blocked" and getting the common Windows error.)  After researching this over and over I decided to look at my ADAPTER settings within the Windows Network itself.  (I also use Kaspersky).  I "jogged" the settings Disable/Enable and made sure all of them (adapters) are enabled.  This includes the "Wintun User Space Tunnel" adapter).  Problem solved.  You can leave the network settings within the Eddie Client as desired: "Inside tunnel if supported, otherwise blocked".  When you observe the connection process, you will se that it flows correctly without any workarounds or further disables of IPv6.  Hope this helps, it has definitely helped resolve my occasional connection problems. 

Edited ... by Baymond

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...