Hi,
I run LEDE 17.01.04 on a BT Homehub 5a and I'm having a bit of trouble setting up my device as an OpenVPN server. It works fine for IPV4 but not IPV6. I have configured a 6in4 tunnel with HEnet to provide connectivity between the Homehub and the internet.
Here are parts of my ifconfig (with bits of the global IPV6 IPs replaces with letters):
6in4-henet Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:yyyy:2a3::2/64 Scope:Global
inet6 addr: fe80::4f4b:e527/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:3092185 errors:0 dropped:0 overruns:0 frame:0
TX packets:2249214 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:3145159083 (2.9 GiB) TX bytes:839895459 (800.9 MiB)
br-lan Link encap:Ethernet HWaddr 90:72:82:8D:A5:3E
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:470:xxxx:10::1/60 Scope:Global
inet6 addr: fe80::9272:wwww:fe8d:a53e/64 Scope:Link
inet6 addr: fd89:22a7:zzzz:10::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25697103 errors:0 dropped:70 overruns:0 frame:0
TX packets:49129289 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2915352321 (2.7 GiB) TX bytes:70512475419 (65.6 GiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1 P-t-P:10.8.0.1 Mask:255.255.255.240
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:208 errors:0 dropped:0 overruns:0 frame:0
TX packets:195 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:34747 (33.9 KiB) TX bytes:51214 (50.0 KiB)
Here is my OpenVPN server config: (the formatting looks a bit odd but the headings are just prefixed with #)
config openvpn 'myvpn'
option enabled '1'
# Protocol #
option dev 'tun'
option dev 'tun0'
option topology 'subnet'
option proto 'udp'
option port '3976'
# Routes #
option server '10.8.0.0 255.255.255.240'
option ifconfig '10.1.0.1 255.255.255.240'
# IPV6 config #
option server-ipv6 '2001:470:xxxx:20::/64'
list push 'route-ipv6 2001:470:xxxx:20::/64'
list push 'route-ipv6 2000::/3'
# Client Config #
option ifconfig_pool_persist '/tmp/openvpn-ipp.txt'
# Pushed Routes #
list push 'route 192.168.1.0 255.255.255.0'
list push 'dhcp-option DNS 192.168.1.1'
list push 'dhcp-option WINS 192.168.1.1'
list push 'dhcp-option NTP 192.168.1.1'
# Encryption #
option dh 'none'
option ecdh-curve secp521r1
option ca '/etc/openvpn/ca.crt'
option cert '/etc/openvpn/my-server.crt'
option key '/etc/openvpn/my-server.key'
option cipher AES-256-GCM
option auth SHA512
option tls-cipher TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
option tls_auth '/etc/openvpn/ta.key 0'
option tls_server 1
option tls_version_min 1.2
# Logging #
option log_append '/tmp/openvpn.log'
option status '/tmp/openvpn-status.log'
option verb 4
# Connection Options #
option fast_io
option keepalive '1800 3600'
option compress 'lz4'
list push 'compress lz4'
# Connection Reliability #
# option client_to_client 1
option persist_tun 1
option persist_key 1
# Connection Speed #
option sndbuf 393216
option rcvbuf 393216
option fragment 0
option mssfix 0
option tun_mtu 1500
# Pushed Buffers #
list push 'sndbuf 393216'
list push 'rcvbuf 393216'
# Permissions #
option user 'nobody'
option group 'nogroup'
And here's the server log when starting up:
Sat Nov 11 22:05:46 2017 us=657315 OpenVPN 2.4.3 mips-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Sat Nov 11 22:05:46 2017 us=657686 library versions: OpenSSL 1.0.2k 26 Jan 2017, LZO 2.09
Sat Nov 11 22:05:46 2017 us=693054 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Nov 11 22:05:46 2017 us=693592 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Sat Nov 11 22:05:46 2017 us=698193 TLS-Auth MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Sat Nov 11 22:05:46 2017 us=703559 TUN/TAP device tun0 opened
Sat Nov 11 22:05:46 2017 us=704026 TUN/TAP TX queue length set to 100
Sat Nov 11 22:05:46 2017 us=704468 do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Sat Nov 11 22:05:46 2017 us=705046 /sbin/ifconfig tun0 10.8.0.1 netmask 255.255.255.240 mtu 1500 broadcast 10.8.0.15
Sat Nov 11 22:05:46 2017 us=731887 Data Channel MTU parms [ L:1622 D:1622 EF:122 EB:406 ET:0 EL:3 ]
Sat Nov 11 22:05:46 2017 us=732591 Could not determine IPv4/IPv6 protocol. Using AF_INET
Sat Nov 11 22:05:46 2017 us=733034 Socket Buffers: R=[163840->327680] S=[163840->327680]
Sat Nov 11 22:05:46 2017 us=733495 UDPv4 link local (bound): [AF_INET][undef]:3976
Sat Nov 11 22:05:46 2017 us=733894 UDPv4 link remote: [AF_UNSPEC]
Sat Nov 11 22:05:46 2017 us=734447 GID set to nogroup
Sat Nov 11 22:05:46 2017 us=734881 UID set to nobody
Sat Nov 11 22:05:46 2017 us=735285 MULTI: multi_init called, r=256 v=256
Sat Nov 11 22:05:46 2017 us=735874 IFCONFIG POOL: base=10.8.0.2 size=12, ipv6=0
Sat Nov 11 22:05:46 2017 us=736323 ifconfig_pool_read(), in='rohan,10.8.0.2', TODO: IPv6
Sat Nov 11 22:05:46 2017 us=736733 succeeded -> ifconfig_pool_set()
Sat Nov 11 22:05:46 2017 us=737137 IFCONFIG POOL LIST
Sat Nov 11 22:05:46 2017 us=737545 rohan,10.8.0.2
Sat Nov 11 22:05:46 2017 us=746639 Initialization Sequence Completed
And when I connect a client the log continues:
Sat Nov 11 22:07:36 2017 us=764561 MULTI: multi_create_instance called
Sat Nov 11 22:07:36 2017 us=765400 192.168.1.169:1194 Re-using SSL/TLS context
Sat Nov 11 22:07:36 2017 us=765868 192.168.1.169:1194 LZ4 compression initializing
Sat Nov 11 22:07:36 2017 us=767663 192.168.1.169:1194 Control Channel MTU parms [ L:1622 D:1140 EF:110 EB:0 ET:0 EL:3 ]
Sat Nov 11 22:07:36 2017 us=768132 192.168.1.169:1194 Data Channel MTU parms [ L:1622 D:1622 EF:122 EB:406 ET:0 EL:3 ]
Sat Nov 11 22:07:36 2017 us=768947 192.168.1.169:1194 Local Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 0,cipher AES-256-GCM,auth [null-dig
est],keysize 256,tls-auth,key-method 2,tls-server'
Sat Nov 11 22:07:36 2017 us=769342 192.168.1.169:1194 Expected Remote Options String (VER=V4): 'V4,dev-type tun,link-mtu 1550,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-256-GCM,auth
[null-digest],keysize 256,tls-auth,key-method 2,tls-client'
Sat Nov 11 22:07:36 2017 us=769993 192.168.1.169:1194 TLS: Initial packet from [AF_INET]192.168.1.169:1194, sid=c34181f2 061641e0
Sat Nov 11 22:07:37 2017 us=107139 192.168.1.169:1194 VERIFY OK: depth=1, C=ZZ, ST=ZZ, L=Server, O=My CA, OU=Home CA, CN=xxxx.yyyy.com, name=My VPN, emailAddress=z@z.z
Sat Nov 11 22:07:37 2017 us=115571 192.168.1.169:1194 VERIFY OK: depth=0, C=ZZ, ST=ZZ, L=Android, O=Android, OU=Android, CN=rohan, name=Rohan, emailAddress=z@z.z
Sat Nov 11 22:07:37 2017 us=153840 192.168.1.169:1194 peer info: IV_VER=2.5_master
Sat Nov 11 22:07:37 2017 us=154355 192.168.1.169:1194 peer info: IV_PLAT=android
Sat Nov 11 22:07:37 2017 us=154776 192.168.1.169:1194 peer info: IV_PROTO=2
Sat Nov 11 22:07:37 2017 us=155186 192.168.1.169:1194 peer info: IV_NCP=2
Sat Nov 11 22:07:37 2017 us=155600 192.168.1.169:1194 peer info: IV_LZ4=1
Sat Nov 11 22:07:37 2017 us=156120 192.168.1.169:1194 peer info: IV_LZ4v2=1
Can anyone point out what I'm doing wrong? The server-ipv6 config option is documented in the OpenVPN man page and various examples online but it seems to be having no effect whatsoever.