Jump to content
Not connected, Your IP: 54.80.173.217
Debsin

OpenVPN on router leaking IPV6 address. Please help!

Recommended Posts

Greetings, community!
I am very enthusiastic about AirVPN, and I am quite happy by my router-based solution to protect all of my traffic.
However, I am not intelligent enough to troubleshoot my router and OpenVPN by myself, so I hope you will assist I.

I am using FreshTomato 2020.1 on a Netgear r7000. I have done a lot of work to configure my router and spent many hours and days actually getting AirVPN working on OpenVPN config on this router, with the outdated guide that exists on this website. 
As of right now, I have determined that my primary problem comes from an IPv6 leak in OpenVPN and my router settings. I played with my settings and reset my router several times and I have determined that there is a single setting, called "

IPv6 IPSec Passthrough"
under Advanced-> Firewall   settings, which enables IPv6 but also leaks my ISP-given IPv6 addy as well as my geolocation. When the setting is off, IPv6 is not detected by websites such as https://ipleak.net/, but I do require it to be enabled for my WWW and P2P usage. I have read that IPv6 is fully enabled in OpenVPN, and I need to discover how to do that. Please see my configuration images below, which will tell you how my OpenVPN is set up. I am considering upgrading my router to a newer version of FreshTomato, but I will only do that if necessary.

Thank you for reading!!

 

Screenshot from 2021-01-16 17-49-49.png

Screenshot from 2021-01-16 17-49-39.png

Screenshot from 2021-01-16 17-49-13.png


"The Lord is the Sun, and I am similar to him."
"The Soul of humanity was not split into billions of pieces."
"It is not my responsibility to win, or to succeed. My only duty is to remember."
"The Soul is not a mental illness!"
~All quotes by 'Mindus Amitiel Debsin'.

Share this post


Link to post
@Debsin

Hello and thank you for your choice!

In AirVPN we have a specific setup for IPv6 push aimed at maintaining compatibility with older OpenVPN versions which had a heavily bugged IPv6 support.

If you wish IPv6 push from our server you need to send the server the "IPV6" user variable set to yes.

Therefore you need the following directives (add them in your "Custom configuration" box)::
push-peer-info
setenv UV_IPV6 yes

That said, you must also be aware that some DD-WRT builds do not support IPv6 over IPv4 tunneling with OpenVPN. They keep routing IPv6 packets outside the VPN tunnel. If that's your case, you will need to disable IPv6 on the router to prevent IPv6 leaks, or connect behind the router devices directly, after you have disabled OpenVPN on the router.

Kind regards
 

Share this post


Link to post
Posted ... (edited)

Thanks for your reply!
I was having oh-so-much trouble with my router and OpenVPN. I ended up updating the FreshTomato firmware to the latest [2020.8], removing the configuration and resetting everything by hand. I so far have the router in mostly-great working condition, with the exception that I have not tried to reconfigure AirVPN on the OpenVPN configuration. BUT I WILL SOON! ;)I am currently stuck backing up 20+TB of data from my NAS and I cannot actually reset or tweak my router until next week, when it will be completed. But I will not forget.
Before this happened, on my previous firmware, I added those two lines you mentioned to my configuration file, and used ipleak.net to analyze my traffic. ipleak.net said that I did not have IPv6 access, which may actually be the right configuration. I am very concerned that with bittorrent, I will not be able to connect to IPv6 peers, which would greatly limit me. And perhaps that is not the correct configuration?
But I do believe that those two lines fixed the IPv6 IPSec Passthrough problem, and hence the leaked IP addy. It just may have disabled IPv6. I notice that when using the Eddie app on my Pop!_OS desktop, it seems to work perfectly fine and IPleak.net does not report any problems or leaks whatsoever. But I need the router version, so please assist I until that works just as effectively.

I will be sure to update this forum next week when I can tweak my router again.

But on a slightly unrelated note, relating to FreshTomato 2020.8 [and Netgear r7000] and USB-HDD network sharing:

I have a 10TB external hard disk drive connected to the USB 3 port on the front of my Netgear r7000 running Fresh Tomato 2020.8. I have Samba enabled and the appropriate settings enabled for the drive to be seen and mounted, which it is.
The drive is mounted on /tmp/mnt/ and based on the settings, I have no reason to believe there should be any issues.

So many, many times I tried connecting to this drive with my Pop!_OS 20.04 installation, and then I downloaded "Smb4k" SMB utility and it had no luck at all scanning my network for this device and share, or even connecting to it directly.

I acknowledge that I do not fully understand how to locate the address of the share. The IP addy is well known and I have determined that (as well as the MAC address) from the devices menu on the router. I have inferred the directory, in many, many different combinations and attempts, from the mounting location described in the USB devices nenu. I have no way to understand why my network scan by Smb4k cannot find the device or the share.

I expect I will only be using this network drive on Linux machines, and the drive is formatted exFat. I have also attempted the same procedure with a 16GB fat32 drive, with the same results. I have also changed the Samba sharing to 'no authentication' but enabled and still could not discover the device or the share.

Please assist me in the mean-time! It may be that this is a well-known issue for users of FreshTomato, or that I missed a required configuration option on a different page on the router settings.

Screenshot from 2021-01-19 02-13-21.png

Screenshot from 2021-01-19 02-13-39.png

Edited ... by Debsin
Added Eddie app usage

"The Lord is the Sun, and I am similar to him."
"The Soul of humanity was not split into billions of pieces."
"It is not my responsibility to win, or to succeed. My only duty is to remember."
"The Soul is not a mental illness!"
~All quotes by 'Mindus Amitiel Debsin'.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...