Hello, I have run into a problem which raised my attention. I am not sure if I can call this a bug, but I think it's best to discuss here and decide if it should be addressed in OpenVPN or let it as it is at operating system layer.
I am connecting to a VPN server that assigns: - one public IPv4 address; - one public IPv6 /64 subnet; It is aimed to redirect all client's internet traffic for internet destinations for both IPv4 and IPv6 so all required parameters for this purpose are present (redirect-gateway def1, redirect-gateway ipv6, route-ipv6 ::/0). The client has only IPv4 internet connectivity, the VPN server is listening only on IPV4 as well, so both sides of the tunnel are always IPv4. When the client connects to the VPN using a Wi-Fi default internet connection, it works as expected. Client's IPv4 traffic and IPv6 traffic goes through the VPN for all internet destination, and as expected IPv6 has priority for dual-stacked destinations in the internet. When the same client with the same environment / setup connects to the same VPN but using a wired network connection (1gbps), the traffic is routed via the VPN for IPv4 but IPv6 is not preferred for dual-stacked destinations. The IPv6 default route is present, but somehow not used automatically for dual-stacked destinations on the internet. It only works if raw IPv6 addresses are stated (excluded DNS hostnames) like $ ping -6 <raw_IPv6_address>. Solution was to set interface metric for the TAP adapter for both TCP/IPv4 and TCP/IPv6 to 15, which is lower than what the wired ethernet interface had (25), and then it worked as expected, IPv6 from the tunnel was preferred for dual-stacked destinations on the internet. The question here is if it makes sense to also set the interface metric for both TCP/IPv4 and TCP/IPv6 to the lowest value (for example 1) when redirect-gateway def1 / redirect-gateway ipv6 are present (or pushed) in client config, since if these are present it is obvious what is the desired effect for the client.
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
