Menu
What's new
By:
Filters Better Search

Mullvad VPN - must disable IPv6

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

G

garry13

Occasional Visitor
Hello everybody !
Since a few weeks, my Mullvad-VPN-connection did not work any more.
I asked the Mullvad-Service for help and was sending the "system-log".

Here is the answer I got:
It seems openvpn thinks you have IPv6 enabled on the router, but
the ip command thinks otherwise. You can read here how to disable ipv6
completely if you do not manage to get it to work:
http://askubuntu.com/questions/4403...-to-an-openvpn-server-using-network-manager-o

Now here is my question: is it possible to deacitvate ipv6 on the RT-N66U without manipulating the kernel ?

Any answer is appreciated.

Thanks Garry13

Here is my system.log:

Mar 23 17:05:42 rc_service: httpd 4922:notify_rc start_vpnclient1
Mar 23 17:05:43 openvpn[5046]: OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 6 2015
Mar 23 17:05:43 openvpn[5046]: library versions: OpenSSL 1.0.0q 15 Jan 2015, LZO 2.08
Mar 23 17:05:43 openvpn[5046]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 23 17:05:43 openvpn[5046]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Mar 23 17:05:43 openvpn[5048]: UDPv4 link local: [undef]
Mar 23 17:05:43 openvpn[5048]: UDPv4 link remote: [AF_INET]46.21.99.25:1194
Mar 23 17:05:43 openvpn[5048]: TLS: Initial packet from [AF_INET]46.21.99.25:1194, sid=f87379b4 ad9949c6
Mar 23 17:05:43 openvpn[5048]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 23 17:05:43 openvpn[5048]: VERIFY OK: depth=2, C=NA, ST=None, L=None, O=Mullvad, CN=Mullvad CA, emailAddress=info@mullvad.net
Mar 23 17:05:43 openvpn[5048]: VERIFY OK: depth=1, C=NA, ST=None, L=None, O=Mullvad, CN=master.mullvad.net, emailAddress=info@mullvad.net
Mar 23 17:05:43 openvpn[5048]: Validating certificate key usage
Mar 23 17:05:43 openvpn[5048]: ++ Certificate has key usage 00a0, expects 00a0
Mar 23 17:05:43 openvpn[5048]: VERIFY KU OK
Mar 23 17:05:43 openvpn[5048]: Validating certificate extended key usage
Mar 23 17:05:43 openvpn[5048]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 23 17:05:43 openvpn[5048]: VERIFY EKU OK
Mar 23 17:05:43 openvpn[5048]: VERIFY OK: depth=0, C=NA, ST=None, L=None, O=Mullvad, CN=se1.mullvad.net, emailAddress=info@mullvad.net
Mar 23 17:05:44 openvpn[5048]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Mar 23 17:05:44 openvpn[5048]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
Mar 23 17:05:44 openvpn[5048]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Mar 23 17:05:44 openvpn[5048]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 23 17:05:44 openvpn[5048]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 23 17:05:44 openvpn[5048]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 23 17:05:44 openvpn[5048]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 23 17:05:44 openvpn[5048]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 23 17:05:44 openvpn[5048]: [se1.mullvad.net] Peer Connection Initiated with [AF_INET]46.21.99.25:1194
Mar 23 17:05:47 openvpn[5048]: SENT CONTROL [se1.mullvad.net]: 'PUSH_REQUEST' (status=1)
Mar 23 17:05:47 openvpn[5048]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fd07:698a:921f:8::1027/112 fd07:698a:921f:8::,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.41 255.255.0.0'
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: route options modified
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: route-related options modified
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 23 17:05:47 openvpn[5048]: TUN/TAP device tun11 opened
Mar 23 17:05:47 openvpn[5048]: TUN/TAP TX queue length set to 100
Mar 23 17:05:47 openvpn[5048]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Mar 23 17:05:47 openvpn[5048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 23 17:05:47 openvpn[5048]: /usr/sbin/ip addr add dev tun11 10.8.0.41/16 broadcast 10.8.255.255
Mar 23 17:05:47 openvpn[5048]: /usr/sbin/ip -6 addr add fd07:698a:921f:8::1027/112 dev tun11
Mar 23 17:05:47 openvpn[5048]: Linux ip -6 addr add failed: external program exited with error status: 2
Mar 23 17:05:47 openvpn[5048]: Exiting due to fatal error
 
garry13 said:
Hello everybody !
Since a few weeks, my Mullvad-VPN-connection did not work any more.
I asked the Mullvad-Service for help and was sending the "system-log".

Here is the answer I got:
It seems openvpn thinks you have IPv6 enabled on the router, but
the ip command thinks otherwise. You can read here how to disable ipv6
completely if you do not manage to get it to work:
http://askubuntu.com/questions/4403...-to-an-openvpn-server-using-network-manager-o

Now here is my question: is it possible to deacitvate ipv6 on the RT-N66U without manipulating the kernel ?
Click to expand...

IPv6 support isn't enabled in OpenVPN.

Your error log shows some obvious configuration errors. For instance this:

Code: 
Mar 23 17:05:44 openvpn[5048]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'

You should begin by double checking your configuration. You are trying to use AES-256-CBC when your provider is set to Blowfish-CBC.
 
There is an setting in the customs-settings of the MULLVAD .ovpn -File:

"tun-ipv6"

This has to be disabled, and then it works...

@RMerlin: Thanks for Your answer !

Best wishes

Garry13
 
garry13 said:
Hello everybody !
Since a few weeks, my Mullvad-VPN-connection did not work any more.
I asked the Mullvad-Service for help and was sending the "system-log".

Here is the answer I got:
It seems openvpn thinks you have IPv6 enabled on the router, but
the ip command thinks otherwise. You can read here how to disable ipv6
completely if you do not manage to get it to work:
http://askubuntu.com/questions/4403...-to-an-openvpn-server-using-network-manager-o

Now here is my question: is it possible to deacitvate ipv6 on the RT-N66U without manipulating the kernel ?

Any answer is appreciated.

Thanks Garry13

Here is my system.log:

Mar 23 17:05:42 rc_service: httpd 4922:notify_rc start_vpnclient1
Mar 23 17:05:43 openvpn[5046]: OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Mar 6 2015
Mar 23 17:05:43 openvpn[5046]: library versions: OpenSSL 1.0.0q 15 Jan 2015, LZO 2.08
Mar 23 17:05:43 openvpn[5046]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Mar 23 17:05:43 openvpn[5046]: Socket Buffers: R=[118784->131072] S=[118784->131072]
Mar 23 17:05:43 openvpn[5048]: UDPv4 link local: [undef]
Mar 23 17:05:43 openvpn[5048]: UDPv4 link remote: [AF_INET]46.21.99.25:1194
Mar 23 17:05:43 openvpn[5048]: TLS: Initial packet from [AF_INET]46.21.99.25:1194, sid=f87379b4 ad9949c6
Mar 23 17:05:43 openvpn[5048]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mar 23 17:05:43 openvpn[5048]: VERIFY OK: depth=2, C=NA, ST=None, L=None, O=Mullvad, CN=Mullvad CA, emailAddress=info@mullvad.net
Mar 23 17:05:43 openvpn[5048]: VERIFY OK: depth=1, C=NA, ST=None, L=None, O=Mullvad, CN=master.mullvad.net, emailAddress=info@mullvad.net
Mar 23 17:05:43 openvpn[5048]: Validating certificate key usage
Mar 23 17:05:43 openvpn[5048]: ++ Certificate has key usage 00a0, expects 00a0
Mar 23 17:05:43 openvpn[5048]: VERIFY KU OK
Mar 23 17:05:43 openvpn[5048]: Validating certificate extended key usage
Mar 23 17:05:43 openvpn[5048]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Mar 23 17:05:43 openvpn[5048]: VERIFY EKU OK
Mar 23 17:05:43 openvpn[5048]: VERIFY OK: depth=0, C=NA, ST=None, L=None, O=Mullvad, CN=se1.mullvad.net, emailAddress=info@mullvad.net
Mar 23 17:05:44 openvpn[5048]: WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1558', remote='link-mtu 1542'
Mar 23 17:05:44 openvpn[5048]: WARNING: 'cipher' is used inconsistently, local='cipher AES-256-CBC', remote='cipher BF-CBC'
Mar 23 17:05:44 openvpn[5048]: WARNING: 'keysize' is used inconsistently, local='keysize 256', remote='keysize 128'
Mar 23 17:05:44 openvpn[5048]: Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 23 17:05:44 openvpn[5048]: Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 23 17:05:44 openvpn[5048]: Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
Mar 23 17:05:44 openvpn[5048]: Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
Mar 23 17:05:44 openvpn[5048]: Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 2048 bit RSA
Mar 23 17:05:44 openvpn[5048]: [se1.mullvad.net] Peer Connection Initiated with [AF_INET]46.21.99.25:1194
Mar 23 17:05:47 openvpn[5048]: SENT CONTROL [se1.mullvad.net]: 'PUSH_REQUEST' (status=1)
Mar 23 17:05:47 openvpn[5048]: PUSH: Received control message: 'PUSH_REPLY,ifconfig-ipv6 fd07:698a:921f:8::1027/112 fd07:698a:921f:8::,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.8.0.1,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,route-gateway 10.8.0.1,topology subnet,ifconfig 10.8.0.41 255.255.0.0'
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: --ifconfig/up options modified
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: route options modified
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: route-related options modified
Mar 23 17:05:47 openvpn[5048]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mar 23 17:05:47 openvpn[5048]: TUN/TAP device tun11 opened
Mar 23 17:05:47 openvpn[5048]: TUN/TAP TX queue length set to 100
Mar 23 17:05:47 openvpn[5048]: do_ifconfig, tt->ipv6=1, tt->did_ifconfig_ipv6_setup=1
Mar 23 17:05:47 openvpn[5048]: /usr/sbin/ip link set dev tun11 up mtu 1500
Mar 23 17:05:47 openvpn[5048]: /usr/sbin/ip addr add dev tun11 10.8.0.41/16 broadcast 10.8.255.255
Mar 23 17:05:47 openvpn[5048]: /usr/sbin/ip -6 addr add fd07:698a:921f:8::1027/112 dev tun11
Mar 23 17:05:47 openvpn[5048]: Linux ip -6 addr add failed: external program exited with error status: 2
Mar 23 17:05:47 openvpn[5048]: Exiting due to fatal error
Click to expand...
You need to put disable-occ in custom configurations in order to fix that issue. If anyone followed my guide I made a mistake in port 1198 and forgot to put that switch therefore leading in these warnings
Once applied the warnings disappear
 
You must log in or register to reply here.

Similar threads

T
[Help] Problems setting up OpenVPN
Replies
7
Views
313
Thookie
T
C
VPN doing a lot of unrecognized options without them even being in the config IPV6 issue
Replies
3
Views
998
RMerlin
RMerlin
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
P
RT-AX88U - 388.2_2 - Previously Working VPN Client (NordVPN) no longer functions - Suggestions for NordVPN Working Settings July 2023
Replies
2
Views
2K
PC Pilot
P
V
Unable to get NordVPN to work with Asus RT-AX82U
Replies
1
Views
1K
Befuddled
B
Similar threads
Thread starter Title Forum Replies Date
J RT-AC86U DNS leaks while using mullvad Asuswrt-Merlin 1
P Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware Asuswrt-Merlin 9
G Using VPN Director to route only torrent traffic through VPN Asuswrt-Merlin 9
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
S Wireguard VPN doesn't work, buyer beware Asuswrt-Merlin 6
G VPN director configuration for qBittorrent Asuswrt-Merlin 7
J ASUS GT-AXE16000 CPU usage with VPN on lan machine Asuswrt-Merlin 25
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2
Z Sudden VPN client issues with RX-AX82U Asuswrt-Merlin 5

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 677 (members: 28, guests: 649)
Top