Page 1 of 1

IPv6 routes not working

Posted: Mon Nov 27, 2017 4:56 am
by Qlii256
Hello

I'm connected to my own VPN server using Viscosity. I have some websites that block my VPN servers' IPv6 address so I would like to bypass the VPN on those specific websites. I used the guide on sparklabs.com, but it's only explaining how it works for IPv4 addresses. When using IPv6 the gateway dropdown only shows Default or Custom.

I've tried putting in fe80::1:1%en0 as that seems to be my normal gateway but it's still connecting through the VPN to the specific websites. I do an nslookup on the domain name of a particular website and use the given IPv6 address with a 64 mask.

Any idea what I'm doing wrong here?

Re: IPv6 routes not working

Posted: Mon Nov 27, 2017 2:33 pm
by James
Hi Qlii256,
I've tried putting in fe80::1:1%en0 as that seems to be my normal gateway
Using a link-local interface-scoped IPv6 address is unlikely to work. You'll want to use the IPv6 address of your router/gateway on your local network.
I do an nslookup on the domain name of a particular website and use the given IPv6 address with a 64 mask.
Please keep in mind that many websites may resolve to multiple IP addresses, or even change on a regular basis. For example the SparkLabs website uses Cloudflare CDN, so the IP address it uses will change depending on your location and what Cloudflare node you happen to be routed to. You'll need to try and ensure all possible addresses are accounted for.

Cheers,
James

Re: IPv6 routes not working

Posted: Mon Nov 27, 2017 10:27 pm
by Qlii256
Thank you, but what if I do not have IPv6 on my network while I do on the VPN. Is it possible to skip a website while connected to the VPN but use my IPv4 address?

Re: IPv6 routes not working

Posted: Tue Nov 28, 2017 4:39 am
by Qlii256
My last question probably won't work as there's no way for Viscosity to tell that a specific IPv6 address also has an IPv4 address. I've tried using my actual IPv6 address to access my routers' GUI, but with no effect. I use a simple PHP script on my own server which returns the clients ip address. When not connected to the VPN I do get my own IPv6 address, when I am connected, I keep getting my VPN's IPv6 address.

The rule I use is:

Address: IPv6 address to the website
Type: IPv6
Gateway: Custom --> IPv6 address on which I can access my router's web GUI
Metric: default

Am I doing anything wrong?

Re: IPv6 routes not working

Posted: Tue Nov 28, 2017 9:49 am
by James
You could possibly try using your computer's loopback IPv6 address ("::1") as the gateway, in the hope that your computer will see it's not reachable and fall back to IPv4. A better approach if you're in control of the OpenVPN server is to use a DNS forwarder (such as dnsmasq) and have it drop IPv6 DNS entries (AAAA records) for domains you only want to access over IPv4.

Cheers,
James

Re: IPv6 routes not working

Posted: Tue Nov 28, 2017 7:16 pm
by Qlii256
Thank you. But why is routing with IPv6 not working for me? See my last post. I used the IPv6 address on which I can access my pfsense router.

Re: IPv6 routes not working

Posted: Thu Nov 30, 2017 10:34 am
by James
But why is routing with IPv6 not working for me? See my last post. I used the IPv6 address on which I can access my pfsense router.
I would recommend examine your computer's routing table while connected to ensure that your route is set and seen as valid:
http://www.sparklabs.com/support/kb/art ... ng-problem

I would also recommend checking the OpenVPN log for any warnings or error messages:
http://www.sparklabs.com/support/kb/art ... envpn-log/

Finally, as mentioned above please be aware that the server/website you're accessing may have a different address or addresses:
http://www.sparklabs.com/support/kb/art ... bsite-uses

Cheers,
James