[Solved] Bult-in OpenVPN server on IPv6 not working

[Solved] Bult-in OpenVPN server on IPv6 not working

[Solved] Bult-in OpenVPN server on IPv6 not working
[Solved] Bult-in OpenVPN server on IPv6 not working
2024-01-05 07:50:19 - last edited 2024-01-11 01:59:22
Model: Archer AX10  
Hardware Version: V1
Firmware Version: 1.3.9 Build 20230728 Rel. 45716

I used to have a public IPv4 with the previous ISP and thanks to that (plus a DDNS service) I was able to use the built-in OpenVPN feature to connect to my home network anytime.

 

My new ISP gives me:

  • an IPv4 address through PPoE (and it's behind a CGNAT so my public IP differs from my router IP)
  • and a public IPv6 through Dynamic IP

 

The public IPv4 can no longer be used to access my home network since it's behind a CGNAT, but I now have a public IP on IPv6. How can I connect to the built-in OpeVPN server using the public IPv6 address?

 

I've tried to change the client configuration adding proto udp6 and the IPv6 address but it can't connect with the error Fri Jan 05 08:46:45 2024 write UDPv6: Unknown error (code=10051)

 

client
dev tun
proto udp6
float
nobind
cipher AES-128-CBC
comp-lzo adaptive
resolv-retry infinite
remote-cert-tls server
persist-key
persist-tun
remote 2A07:7E83:1000:XXXX:XXXX:XXXX:XXXX:XXXX

[....REDACTED KEY....]

 

 

 

 

Full log:

Fri Jan 05 08:46:38 2024 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Jan 05 08:46:38 2024 DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Fri Jan 05 08:46:38 2024 OpenVPN 2.5.3 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 17 2021
Fri Jan 05 08:46:38 2024 Windows version 10.0 (Windows 10 or greater) 64bit
Fri Jan 05 08:46:38 2024 library versions: OpenSSL 1.1.1k  25 Mar 2021, LZO 2.10
Fri Jan 05 08:46:38 2024 TCP/UDP: Preserving recently used remote address: [AF_INET6]2a07:7e83:1000:XXXX:XXXX:XXXX:XXXX:XXXX
Fri Jan 05 08:46:38 2024 UDPv6 link local: (not bound)
Fri Jan 05 08:46:38 2024 UDPv6 link remote: [AF_INET6]2a07:7e83:1000:XXXX:XXXX:XXXX:XXXX:XXXX:XXXX
Fri Jan 05 08:46:41 2024 write UDPv6: Unknown error (code=10051)
Fri Jan 05 08:46:45 2024 write UDPv6: Unknown error (code=10051)

 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Bult-in OpenVPN server on IPv6 not working-Solution
2024-01-08 09:17:50 - last edited 2024-01-11 01:59:22

  @Maxiride 

 

Hi, actually the VPN Server and client on our routers don't support IPv6.

If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
Recommended Solution
  1  
  1  
#2
Options
11 Reply
Re:Bult-in OpenVPN server on IPv6 not working-Solution
2024-01-08 09:17:50 - last edited 2024-01-11 01:59:22

  @Maxiride 

 

Hi, actually the VPN Server and client on our routers don't support IPv6.

If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
Recommended Solution
  1  
  1  
#2
Options
Re:Bult-in OpenVPN server on IPv6 not working
2024-01-10 09:04:24

  @Sunshine thanks for the feedback.

I'll arrange something different then.

  0  
  0  
#3
Options
Re:[Solved] Bult-in OpenVPN server on IPv6 not working
2024-01-18 11:33:51

exactly my issue.

 

Is it on a plan to come up with a support for openVPN based on ipv6 adress?

I have AX5400 router..

 

Thanks,

Jan

  1  
  1  
#4
Options
Re:[Solved] Bult-in OpenVPN server on IPv6 not working
2024-01-18 11:49:03

  @host88 

 

I am afraid not at this moment, and as far as we know, home routers from other brand don't support it either.

We will record your feedback and report to develpment team for evaluation.

If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  0  
  0  
#5
Options
Re:[Solved] Bult-in OpenVPN server on IPv6 not working
2024-03-27 17:23:26

  I'm really disappointed with Deco X20... I'm behind a CG-NAT when using ipv4 which blocks to create a vpn server.

 

I could create my vpn using a public ip ( ipv6 ), but now I'm blocked because the product does not support it.

 

It's a expensive product, but very limited technically.

 

We, customers,  need a target date / roadmap to have support VPN under IPV6 

 

Thanks

  3  
  3  
#6
Options
Re:[NOT Solved] Bult-in OpenVPN server on IPv6 not working
2024-04-15 20:34:46

Same situation.  ISP doesn't provide public IPv4 (carrier NAT, no port forwarding), but does provide a public (dynamic) IPV6 /64.

 

I have a ER7212PC router.

 

OpenVPN supports IPv6 endpoints.  It should be trivial to expose this from the router.  I'd be happy to use the OpenVPN client instead of the TP-Link client.

 

WireGuard would also be happy to do this - but there's no WireGuard support in this router.

 

With DDNS over IPv6 - also trivial, either would allow tunneling IPv4 to the site.

 

We've considered paying for a static address (either IPv4 or an IPv6 > 64; however both are at best months away.  (The ISP is starting to provide service to the aream so these "advanced" services are lower priority than connecting residences...)  Meantime, it's really hard to support this site (I'm a 3 hour drive away from it.)

 

In any case, please add me to the list of customers who want xxx NEED IPv6 endpoints for OpenVPN...

 

Thanks.

 

  1  
  1  
#7
Options
Re:[NOT Solved] Bult-in OpenVPN server on IPv6 not working
2024-04-18 20:11:19

CG-NAT is a standard nowadays. Shame on TP-Link for having such a weak support of IPv6 protocol in 2024.

  1  
  1  
#8
Options
Re:[NOT Solved] Bult-in OpenVPN server on IPv6 not working
2024-04-19 03:19:32

  @SergejKiller 

 

Hi All,

 

Thank you very much for the feedback. We will make sure to log this feature request and pass it along to the team.

If you found the post or response helpful, please click Helpful. If an answer solves your problem, click "Recommended Solution" so that others can benefit from it.
  1  
  1  
#9
Options
Re:[NOT Solved] Bult-in OpenVPN server on IPv6 not working
2024-04-24 17:59:13

SergejKiller wrote

CG-NAT is a standard nowadays. Shame on TP-Link for having such a weak support of IPv6 protocol in 2024.

  @SergejKiller 

 

Indeed.  Ad we don't need much from tp-link to get underway.

 

We get a /64 public (but dynamic) IPv6 address from the ISP.  We can handle the DDNS from a PC inside the network, and even with SLAAC, swap the prefix to find the router.  (This isn't rocket science.  The router's MAC won't change, so a PC that accesses a public V6 address can determine the current prefix, paste it onto the router's MAC-derrived EUI64, and presto, we have and endpoint address to put in DNS... The real-life odds of a small operation having an address conflict are essentially zero.)

 

The bare minimum we need from tp-link is for the router to listen to the IPv6 port (1194) and let the OpenVPN server do its thing for IPv4.  We don't need IPv6 tunnels, just IPv6 as transport for IPv4.  No code change, just the server config file...

 

OpenVPN knows how to do IPv6, and has for many years.  I don't think I can include the link here, but community open vpn net slash wkii slash IPv6 has the details...Note that the page hasn't been changed in 3 years.  This isn't news.

 

I'll have to experiment some more when I can get the people on the other end to help.

 

Of course it would be nice to have native DDNS support in the router, and integration with the GUI (and the tp-link client).  But quick is better than perfect.  CG (and other ISP) NAT is real life - the world did run out of IPv4 address allocations.

 

This is long overdue.

 

(And so is wireguard support - which in many ways is a better solution since it tracks changing IP addresses from both ends.)

 

  1  
  1  
#10
Options
Re:[NOT Solved] Bult-in OpenVPN server on IPv6 not working
2024-06-19 03:44:12

  @Sunshine Will you roll out this feature for existing routers also? Without either OpenVPN server connection over IPv6 or an ability to create IPv6 firewall rules based on port only, your routers aren't useful to me. 

 

Even the cheapest routers from competition allow one of the 2 features above. So please advise, so that I can either wait or dump you now itself.

  1  
  1  
#11
Options

Information

Helpful: 0

Views: 1172

Replies: 11

Related Articles