SparkLabs Forum.

Community Help.


Viscosity setting wrong IPv6 route

I am using Viscosity to connect to a pfSense box running an OpenVPN server. The connection is established without a problem and I can access IPv4 hosts as well as external IPv6 hosts. The problem occurs when I try to access systems in the IPv6 subnet that is directly connected to the pfSense box, they are not pingable.
I already identified those routes as the culprit (output from route print):

[code]
49 257 2a01:4f8:130:82ab::/64 On link
49 257 2a01:4f8:130:82ab::/64 fe80::8
[\code]

The on link line seems to be responsible for packets sent with a source address of "::" which generate the following log entries on the server:

[code]
MULTI: bad source address from client [::], packet dropped
[\code]

When I delete the on link line with the following commands, everything works as expected:

[code]
route delete 2a01:4f8:130:82ab::/64
route add 2a01:4f8:130:82ab::/64 fe80::8 IF 49
[\code]

'49' is the interface number of the Viscosity interface of course ;)

A macOS client using the exact same configuration connects just fine and is able to use IPv6 directly, to external hosts as well as to internal ones.

Is this a known problem with Viscosity? Or do I have something wrong with my openVPN config?
Hi schuppentier,

Viscosity will not create routes except under specific commands like Block IPv6 which this route would not be generated from. If you are using a TAP mode connection instead of TUN Windows may be creating these routes itself once it sees the gateway, are you using TAP? On link means Windows thinks the route is directly reachable without needing to be routed. Pushing this route from pfSense with a defined gateway may help resolve this.

Regards,
Eric
2 posts Page 1 of 1

Copyright © 2016 SparkLabs Pty Ltd. All Rights Reserved. Privacy Policy