bug report: network loop with ipv6 endpoint

Got a problem with Viscosity or need help? Ask here!

Strangelovian

Posts: 1
Joined: Sun Mar 18, 2018 9:15 pm

Post by Strangelovian » Sun Mar 18, 2018 9:32 pm
When connecting to upd6 endpoint in tun mode, e.g.
Code: Select all
dev tun
remote example.vpn.com 1194 udp6
tls-client
Immediately upon connection, the VPN connection bandwidth saturate the networking capacity, i.e. 100mbps in my case.

With ipv4 udp endpoint, this problem doesn't happen.
With ipv4 endpoint, a specific route is always added by openvpn, to avoid "VPN nasty network loops". If xxx.yyy.zzz.ttt is your ipv4 VPN endpoint:
Code: Select all
netstat -nr
Routing tables
Internet:
Destination        Gateway            Flags        Refs      Use   Netif Expire
0/1                192.168.10.5        UGSc          118        0   utun1
xxx.yyy.zzz.ttt/32    9.12.143.1       UGSc            1        0     en0
This is NOT done by openvpn / viscosity for ipv6 VPN endpoints.
As a result, a VPN network loop happens right upon connection, which saturates the client network connection.

James

User avatar
Posts: 2313
Joined: Thu Sep 04, 2008 9:27 pm

Post by James » Thu Mar 22, 2018 4:45 pm
Hi Strangelovian,

The /32 route is created as part of the "redirect-gateway" command. In the case of IPv6 if "redirect-gateway ipv6" is being pushed then it should be doing the same for a IPv6 /128 route. However if the IPv6 route/s are being set manually instead of through the use of "redirect-gateway ipv6" then the /128 won't be created. This is often the case to maintain backwards compatibility with older versions of OpenVPN - the workaround is to push the /128 manually with the gateway set to "net_gateway".

If you're still stuck please don't hesitate to get in touch with a copy of your server and client configuration files and we'll take a closer look.

Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts Page 1 of 1