I enabled IPv6 on my ISP's modem and am struggling to configure it correctly.
The first thing I notice is that my ISP's modem/router is providing my OpenWRT with (if I'm reading this correctly) a /60 range to divide among the clients. So all clients have their own public IP. Which is fine, I suppose.
Next, I was trying to configure my OpenVPN to use IPv6 and I came across a resolver-issue. Whenever I do a nslookup on a hostname that has an IPv4 but not an IPv6 address, it errors out on the DNS6 lookup. Taking a VPN server I'm testing for example:
nslookup nl3.vpn.airdns.org Server: 127.0.0.1 Address: 127.0.0.1#53 Name: nl3.vpn.airdns.org Address 1: 18.104.22.168 *** Can't find nl3.vpn.airdns.org: No answer
Which is fine as well, I suppose. Maybe it does two lookups, one for A and one for AAAA.
But, if I use that same hostname in the OpenVPN config with protocol UDP6, it errors out:
RESOLVE: Cannot resolve host address: nl3.vpn.airdns.org:443 (Name does not resolve)
Using UDP4 it works just fine.
At first I figured maybe it was a bug in OpenVPN, but on my Windows Client it works just fine. Although it is a mystery to me how he starts out resolving an IPv4 address and ends up connecting to an IPv6 server.
So something is going wrong somewhere.
Next, after setting a static IPv6 address to get connected, then going to ipleak.net I notice that my IPv4 traffic is coming out at the tunnel, but my IPv6 traffic is still happily using my own PC's own IPv6 address and bypassing the tunnel. First it used Window's own Temporary IPv6Address that it came up with all by itself. Once disabled, it used it given address.
Is that because it is a public address? That it bypasses the tunnel?
network.wan6.reqprefix='no' to see what that would do. Windows still generate the public IP for itself, but it stops communicating over IPv6 to the Internet altogether.
Maybe that is a routing issue?
One thing I notice is that the VPN server pushes an IPv4 address, but not an IPv6 address, even though it has one for the client. From its overview I can see both internal and external IPv4 and IPv6 addresses. Maybe that's why it no longer communicates over IPv6? Because OpenVPN doesn't know it has an IPv6 address?
The whole thing has weird errors...
openvpn(airvpn): PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.33.234.1,route-gateway 10.33.234.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.33.234.148 255.255.255.0,peer-id 2,cipher AES-256-GCM' /sbin/ifconfig tun0 10.33.234.148 netmask 255.255.255.0 mtu 1500 broadcast 10.33.234.255 dnsmasq: using nameserver 10.33.234.1#53 openvpn(airvpn): write UDPv6: Permission denied (code=13) openvpn(airvpn): TLS Error: local/remote TLS keys are out of sync: [AF_INET6]2a00:1688:2460:1110:c505:13fd:8827:ea57:443  openvpn(airvpn): [Gobbels] Inactivity timeout (--ping-restart), restarting
Maybe the VPN server had a hiccup there. It reconnected just fine. I'll check if they come again.
I'm a bit lost here. Either way, I think I am missing some kind of configuration for IPv6 on OpenWRT that makes for good routing. I check the user guide, but most of the IPv6 articles are before IPv6 was part of the default install.