OpenVPN connection possible although old IPv6 prefix
Posted: Thu Jan 28, 2021 11:52 pm
Hello,
I have a technical question although everything is working fine
The setup is the following: My Synology with OpenVPN server is behind a FritzBox with IPv6 connection. I can connect via Viscosity, port 1194 is open, everything is running smoothly. As DDNS service I use the Synology one.
Now interesting is, that the Synology OpenVPN server gives a warning when the prefix of the IPv6 address is changed by my provider after a few days. Synology says they know of this circumstance and will make it update automatically. As a result the connection should not be possible.
It is, however. You can see in the log that the DDNS gives the current new address of the Synology and then a few things happen with the old prefix. In the end though, I get a connection.
As this is great, I still would like to know what happens here (and to learn a bit more about IPv6). Could you interpret the part of the log and say me what is going on there? And who is responsible for that? Viscosity itself (thanks for that great piece of software by the way), the router or can the Synology do more than she admits?
Thanks a lot for your input guys,
Stephan
I have a technical question although everything is working fine
The setup is the following: My Synology with OpenVPN server is behind a FritzBox with IPv6 connection. I can connect via Viscosity, port 1194 is open, everything is running smoothly. As DDNS service I use the Synology one.
Now interesting is, that the Synology OpenVPN server gives a warning when the prefix of the IPv6 address is changed by my provider after a few days. Synology says they know of this circumstance and will make it update automatically. As a result the connection should not be possible.
It is, however. You can see in the log that the DDNS gives the current new address of the Synology and then a few things happen with the old prefix. In the end though, I get a connection.
As this is great, I still would like to know what happens here (and to learn a bit more about IPv6). Could you interpret the part of the log and say me what is going on there? And who is responsible for that? Viscosity itself (thanks for that great piece of software by the way), the router or can the Synology do more than she admits?
Thanks a lot for your input guys,
Stephan
Code: Select all
[xxxxxxxx.synology.me] Peer Connection Initiated with [AF_INET6]2003:xxxx:new:xxxx:1111:1111:1111:1111:1194 (current new correct address)
2021-01-28 12:44:27: Opened utun device utun10
2021-01-28 12:44:27: /sbin/ifconfig utun10 delete
2021-01-28 12:44:27: NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
2021-01-28 12:44:27: /sbin/ifconfig utun10 10.8.0.6 10.8.0.5 mtu 1500 netmask 255.255.255.255 up
2021-01-28 12:44:27: /sbin/ifconfig utun10 inet6 2003:xxxx:old:xxxx::1000/64 (the outdated prefix the OpenVPN server was configured with)
2021-01-28 12:44:27: add_route_ipv6(2003:xxxx:old:xxxx::/64 -> 2003:xxxx:old:xxxx::1000 metric 0) dev utun10 (old addresses)
2021-01-28 12:44:27: add_route_ipv6(2003:xxxx:new:xxxx:1111:1111:1111:1111/128 -> fe80::2222:2222:2222:2222%en0 metric 1) dev en0 (new address and fe80 of Synology)
2021-01-28 12:44:27: add_route_ipv6(2000::/3 -> 2003:xxxx:old:xxxx::1 metric -1) dev utun10 (old again)