Menu
What's new
By:
Filters Better Search

Add 'udp6' and 'tcp6' to openvpn protocol dropdown

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I

ipv6ftw

New Around Here
It turns out that the openvpn client AND server already have ipv6 support - you can use an ipv6 tunnel by specifying either 'tcp6' or 'udp6' as the protocol. However, it is difficult to discover that this is supported in the existing UI pages for openvpn, since the protocol dropdown offers only 'udp' and 'tcp'

The workaround for now is to add an explicit line to the "Custom Configuration" section that says "proto udp6". This gets added to the end of the openvpn config, so the config file has two 'proto' specifications. One from the asus/merlin UI, and one from the custom config section. Since openvpn prefers the later lines in the file, this works out.

It would be nicer to see the 'udp6' (or 'tcp6') option in the dropdown for protocol selection, on both the openvpn server and openvpn client configuration pages. This in itself should be pretty trivial, since the string just has to make its way to the config file.

One added bonus of having this semantic understanding of the openvpn configuration is that the ipv6 firewall rules can be automatically opened as well. I brought this up on another thread, and mentioned SSH in particular. In this case, users can explicitly request an ipv6 protocol for openvpn, so it makes even more sense for the firewall to accomodate it automatically.
 
ipv6ftw said:
It would be nicer to see the 'udp6' (or 'tcp6') option in the dropdown for protocol selection, on both the openvpn server and openvpn client configuration pages. This in itself should be pretty trivial, since the string just has to make its way to the config file.

One added bonus of having this semantic understanding of the openvpn configuration is that the ipv6 firewall rules can be automatically opened as well. I brought this up on another thread, and mentioned SSH in particular. In this case, users can explicitly request an ipv6 protocol for openvpn, so it makes even more sense for the firewall to accomodate it automatically.
Click to expand...

I've been looking at the code to implement this myself, but I've run into two problems. I have 2 patches up on github with current progress:
https://github.com/mdonohue/asuswrt-merlin/commit/baefaa006f64ca163f4a3a257ea58fd928f009e7
https://github.com/mdonohue/asuswrt-merlin/commit/fd38b694a252ba58b53bbc0ab4a9ef7af738b97a
https://github.com/mdonohue/asuswrt-merlin/commit/4f65a3e47b2ba68e2c606363a9bbf9324444a288

Problem 1:
I haven't yet sorted out how to build from github, in order to test this on my router, so this code hasn't even been compiled.

Problem 2:
I can't figure out how the openvpn client changes the firewall to allow packets through for ipv4, so I don't have anything to do the same for ipv6. My guess is that the "state RELATED, ESTABLISHED" rule handles this 'for free' but I have the same rule on my ipv6 INPUT chain, but my openvpn client can't connect until I explicitly open port 1194 for udp traffic on the INPUT chain.
 
I still haven't got it to build - but given there are no replies to this thread, I'm guessing there's no demand for ipv6 transit of open VPN data
 
Might be - or a distinct lack of desire to muck about in things that only Asus has the resources to do inside the WebGUI...
 
You must log in or register to reply here.

Similar threads

G
Using VPN Director to route only torrent traffic through VPN
Replies
9
Views
713
goldnet
G
N
Solved Unable to connect to VPN server with self-signed certificate
Replies
0
Views
865
nino_070
N
T
[Help] Problems setting up OpenVPN
Replies
7
Views
483
Thookie
T
R
OpenVPN not saving the custom configuration for client-connect on ASUS GT-AX6000
Replies
5
Views
707
eibgrad
eibgrad
S
OpenVPN server fails after reboot
Replies
6
Views
709
L&LD
L&LD
Similar threads
Thread starter Title Forum Replies Date
K Add/Remove Port Forwards on a schedule Asuswrt-Merlin 3
dragon31337 Can't add AC88U as wired AI Mesh to AC5300 Asuswrt-Merlin 13
kaotic2499 Please add Asuswrt-merlin to GT-BE98 (Non-pro) version Asuswrt-Merlin 22
E Unable to add GT-AX11000 as an AiMesh node to GT-BE98 PRO router Asuswrt-Merlin 0
I Unable to add DSL-68U to aimesh network as node Asuswrt-Merlin 11
D L2TP client on ax88U pro running latest merlin firmware how to add device Asuswrt-Merlin 0
L Suggestion: DNS Director, add optional compatibility with DOT Asuswrt-Merlin 2
V Import lease list to dnsmasq.conf.add Asuswrt-Merlin 5
V dnsmasq.config.add without ip? Asuswrt-Merlin 2
C cant add aimesh nodes Asuswrt-Merlin 8

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Staff online

Members online

Total: 570 (members: 14, guests: 556)
Top