Viscosity setting wrong IPv6 route

Got a problem with Viscosity or need help? Ask here!

schuppentier

Posts: 1
Joined: Sun Apr 01, 2018 11:29 pm

Post by schuppentier » Sun Apr 01, 2018 11:49 pm
I am using Viscosity to connect to a pfSense box running an OpenVPN server. The connection is established without a problem and I can access IPv4 hosts as well as external IPv6 hosts. The problem occurs when I try to access systems in the IPv6 subnet that is directly connected to the pfSense box, they are not pingable.
I already identified those routes as the culprit (output from route print):
Code: Select all
 49    257 2a01:4f8:130:82ab::/64   On link
 49    257 2a01:4f8:130:82ab::/64   fe80::8
 [\code]
 
 The on link line seems to be responsible for packets sent with a source address of "::" which generate the following log entries on the server:
 
 [code]
MULTI: bad source address from client [::], packet dropped
[\code]

When I delete the on link line with the following commands, everything works as expected:

[code]
route delete 2a01:4f8:130:82ab::/64
route add 2a01:4f8:130:82ab::/64 fe80::8 IF 49
[\code]

'49' is the interface number of the Viscosity interface of course ;)

A macOS client using the exact same configuration connects just fine and is able to use IPv6 directly, to external hosts as well as to internal ones.

Is this a known problem with Viscosity? Or do I have something wrong with my openVPN config?

Eric

User avatar
Posts: 863
Joined: Sun Jan 03, 2010 3:27 am

Post by Eric » Tue Apr 03, 2018 10:36 am
Hi schuppentier,

Viscosity will not create routes except under specific commands like Block IPv6 which this route would not be generated from. If you are using a TAP mode connection instead of TUN Windows may be creating these routes itself once it sees the gateway, are you using TAP? On link means Windows thinks the route is directly reachable without needing to be routed. Pushing this route from pfSense with a defined gateway may help resolve this.

Regards,
Eric
Eric Thorpe
Viscosity Developer

Web: http://www.sparklabs.com
Support: http://www.sparklabs.com/support
Twitter: http://twitter.com/sparklabs
2 posts Page 1 of 1