bug report: network loop with ipv6 endpoint

Got a problem with Viscosity or need help? Ask here!


Posts: 1
Joined: Sun Mar 18, 2018 9:15 pm

Post by Strangelovian » Sun Mar 18, 2018 9:32 pm
When connecting to upd6 endpoint in tun mode, e.g.
Code: Select all
dev tun
remote example.vpn.com 1194 udp6
Immediately upon connection, the VPN connection bandwidth saturate the networking capacity, i.e. 100mbps in my case.

With ipv4 udp endpoint, this problem doesn't happen.
With ipv4 endpoint, a specific route is always added by openvpn, to avoid "VPN nasty network loops". If xxx.yyy.zzz.ttt is your ipv4 VPN endpoint:
Code: Select all
netstat -nr
Routing tables
Destination        Gateway            Flags        Refs      Use   Netif Expire
0/1              UGSc          118        0   utun1
xxx.yyy.zzz.ttt/32       UGSc            1        0     en0
This is NOT done by openvpn / viscosity for ipv6 VPN endpoints.
As a result, a VPN network loop happens right upon connection, which saturates the client network connection.


User avatar
Posts: 2024
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Mar 22, 2018 4:45 pm
Hi Strangelovian,

The /32 route is created as part of the "redirect-gateway" command. In the case of IPv6 if "redirect-gateway ipv6" is being pushed then it should be doing the same for a IPv6 /128 route. However if the IPv6 route/s are being set manually instead of through the use of "redirect-gateway ipv6" then the /128 won't be created. This is often the case to maintain backwards compatibility with older versions of OpenVPN - the workaround is to push the /128 manually with the gateway set to "net_gateway".

If you're still stuck please don't hesitate to get in touch with a copy of your server and client configuration files and we'll take a closer look.

James Bekkema
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1