I have an openwrt behind another router and when opening sites like ifconfig.io they report an IPv6 address.
When I enable one of my openvpn interfaces (no routing, no firewall zone defined), my IPv6 routing stops and when I open ifconfig.io I get my IPv4 address.
How can I prevent my IPv6 routing from getting disabled?
Here is the config for the openvpn device:
client
remote <server> 443
dev tunCGcr
proto udp
auth-user-pass /etc/openvpn/cyberghost_cr.auth
resolv-retry infinite
#redirect-gateway def1
pull-filter ignore "redirect-gateway"
persist-key
persist-tun
nobind
cipher AES-256-CBC
auth SHA256
ping 5
ping-exit 60
ping-timer-rem
explicit-exit-notify 2
script-security 2
remote-cert-tls server
route-delay 5
verb 4
ca /etc/openvpn/cyberghost_ca.crt
cert /etc/openvpn/cyberghost_cr_client.crt
key /etc/openvpn/cyberghost_cr_client.key
egc
June 16, 2025, 11:02am
2
Maybe IPv6 default routes are added.logread -e openvpn
To stop setting default route for IPv6 you need to add:
pull-filter ignore "redirect-gateway ipv6"
I have seen providers settings default routes by pushing ::/2 routes in that case you should use:
pull-filter ignore "route-ipv6 0000::/2"
pull-filter ignore "route-ipv6 4000::/2"
pull-filter ignore "route-ipv6 8000::/2"
pull-filter ignore "route-ipv6 C000::/2"
If you want to disable IPv6 altogether:
pull-filter ignore "route-ipv6"
pull-filter ignore "ifconfig-ipv6"
block-ipv6
pull-filter ignore "redirect-gateway ipv6"
If that does not help we need to see your configs and logs
I have disabled IPv6 as given in your example above and, yes, that cures it.
2000::/3 dev tunCGus metric 1024 pref medium
and that seems to ruin the routing.
1 Like
egc
June 16, 2025, 12:28pm
5
Great to hear it is solved.