Score:0

OpenVPN won't connect to my IPv6 address (write UDP: unknown error code=10051)

cn flag

I have a problem with my VPN. I have recently gotten an IPv6 address and wanted to use that for OpenVPN. I can connect if I use my IPv4 address instead which makes me think I have probably done something wrong or it isn't supported yet.

Below you can find my server.conf and client.ovpn:

server.conf:

  port 1194
  proto udp6
  dev tun-ipv6
  
  local 2a0a:51c0:0000:0227:0000:0000:0000:0002
  ca /path/to/ca.crt
  cert /path/to/server.crt
  key /path/to/server.key
  dh /path/to/dh.pem
  crl-verify /etc/openvpn/server/crl.pem
  
   server 10.132.178.0 255.255.255.0
   server-ipv6 fdbc:291a:f690:3a84::/64
   push "redirect-gateway ipv6 def1"
   push "route-ipv6 ::/0"
   push "route-metric 2000"
   
   push "dhcp-option DNS 2001:1608:10:25::1c04:b12f"
   push "dhcp-option DNS 2001:1608:10:25::9249:d69b"
   duplicate-cn
   cipher AES-256-CBC
   tls-version-min 1.2
   tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
   auth SHA512
   auth-nocache
   keepalive 20 60
persist-key
persist-tun
compress lz4
daemon
askpass /etc/openvpn/server/pass.txt
user nobody
group nobody
client-config-dir /etc/openvpn/ccd
log-append /var/log/openvpn.log
verb 4)

client.ovpn:

client
dev tun-ipv6
proto udp6

remote 2a0a:51c0:0000:0227:0000:0000:0000:0002 1194

ca "path to CA"
cert "path to client cert"
key "path to client key"

cipher AES-256-CBC
auth SHA512
auth-nocache
tls-version-min 1.0
tls-cipher TLS-DHE-RSA-WITH-AES-256-GCM-SHA384:TLS-DHE-RSA-WITH-AES-256-CBC-SHA256:TLS-DHE-RSA-WITH-AES-128-GCM-SHA256:TLS-DHE-RSA-WITH-AES-128-CBC-SHA256
remote-cert-tls server

resolv-retry infinite
compress lz4
nobind
persist-key
mute-replay-warnings
verb 4
register-dns

Any help is appreciated!

Zac67 avatar
ru flag
Have you tried `ping`ing or `tracert`ing the server (after permitting ICMP on the firewall)?
GoogleUser247-2 avatar
cn flag
I have tried pinging it. The IPv6 address is not pingable (why did I not do this earlier?).
Zac67 avatar
ru flag
And `tracert`? Where does it stop?
GoogleUser247-2 avatar
cn flag
`tracert` stops at my IPv6 gateway address (request timed out after that).
Zac67 avatar
ru flag
*after permitting ICMP on the firewall*
in flag
Fire up tcpdump/wireshark. Set capture filters for ipv6 udp/1194 and attempt to connect. If you don't see anything, it is likely some firewall or networking issue.
GoogleUser247-2 avatar
cn flag
Tcpdump didnt show any incoming packages on UDP port 1194.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.