Skip to content
bug report: network loop with ipv6 endpoint
Got a problem with Viscosity or need help? Ask here!
- Posts: 1
- Joined: Sun Mar 18, 2018 9:15 pm
When connecting to upd6 endpoint in tun mode, e.g.
With ipv4 udp endpoint, this problem doesn't happen.
With ipv4 endpoint, a specific route is always added by openvpn, to avoid "VPN nasty network loops". If xxx.yyy.zzz.ttt is your ipv4 VPN endpoint:
As a result, a VPN network loop happens right upon connection, which saturates the client network connection.
Code: Select all
Immediately upon connection, the VPN connection bandwidth saturate the networking capacity, i.e. 100mbps in my case.dev tun
remote example.vpn.com 1194 udp6
tls-client
With ipv4 udp endpoint, this problem doesn't happen.
With ipv4 endpoint, a specific route is always added by openvpn, to avoid "VPN nasty network loops". If xxx.yyy.zzz.ttt is your ipv4 VPN endpoint:
Code: Select all
This is NOT done by openvpn / viscosity for ipv6 VPN endpoints.netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
0/1 192.168.10.5 UGSc 118 0 utun1
xxx.yyy.zzz.ttt/32 9.12.143.1 UGSc 1 0 en0
As a result, a VPN network loop happens right upon connection, which saturates the client network connection.
Hi Strangelovian,
The /32 route is created as part of the "redirect-gateway" command. In the case of IPv6 if "redirect-gateway ipv6" is being pushed then it should be doing the same for a IPv6 /128 route. However if the IPv6 route/s are being set manually instead of through the use of "redirect-gateway ipv6" then the /128 won't be created. This is often the case to maintain backwards compatibility with older versions of OpenVPN - the workaround is to push the /128 manually with the gateway set to "net_gateway".
If you're still stuck please don't hesitate to get in touch with a copy of your server and client configuration files and we'll take a closer look.
Cheers,
James
The /32 route is created as part of the "redirect-gateway" command. In the case of IPv6 if "redirect-gateway ipv6" is being pushed then it should be doing the same for a IPv6 /128 route. However if the IPv6 route/s are being set manually instead of through the use of "redirect-gateway ipv6" then the /128 won't be created. This is often the case to maintain backwards compatibility with older versions of OpenVPN - the workaround is to push the /128 manually with the gateway set to "net_gateway".
If you're still stuck please don't hesitate to get in touch with a copy of your server and client configuration files and we'll take a closer look.
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1