Hi Jordan Thanks for your tip.
Sent: Saturday, April 30, 2022 at 1:13 AM From: "Jordan Hayes" <jmha...@j-o-r-d-a-n.com> To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection? > Any tips as to how I can configure my client-side config file to prevent IPv6 > routes from being added during the connections? One trick to doing this on a Windows client is to open the adapter and deselect IPv6 support. _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users Firstly, based on your tip, I deselected IPv6 support of OpenVPN TAP-Windows6 adapter. Below is the connection log: 2022-04-30 19:11:24 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2022-04-30 19:11:24 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022 2022-04-30 19:11:24 Windows version 10.0 (Windows 10 or greater) 64bit 2022-04-30 19:11:24 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2022-04-30 19:11:24 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25374 2022-04-30 19:11:24 Need hold release from management interface, waiting... 2022-04-30 19:11:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25374 2022-04-30 19:11:25 MANAGEMENT: CMD 'state on' 2022-04-30 19:11:25 MANAGEMENT: CMD 'log all on' 2022-04-30 19:11:25 MANAGEMENT: CMD 'echo all on' 2022-04-30 19:11:25 MANAGEMENT: CMD 'bytecount 5' 2022-04-30 19:11:25 MANAGEMENT: CMD 'hold off' 2022-04-30 19:11:25 MANAGEMENT: CMD 'hold release' 2022-04-30 19:11:25 TCP/UDP: Preserving recently used remote address: [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:25 Socket Buffers: R=[65536->524288] S=[65536->524288] 2022-04-30 19:11:25 Attempting to establish TCP connection with [AF_INET]aa.bb.cc.dd:443 [nonblock] 2022-04-30 19:11:25 MANAGEMENT: >STATE:1651317085,TCP_CONNECT,,,,,, 2022-04-30 19:11:25 TCP connection established with [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:25 TCP_CLIENT link local: (not bound) 2022-04-30 19:11:25 TCP_CLIENT link remote: [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:25 MANAGEMENT: >STATE:1651317085,WAIT,,,,,, 2022-04-30 19:11:25 MANAGEMENT: >STATE:1651317085,AUTH,,,,,, 2022-04-30 19:11:25 TLS: Initial packet from [AF_INET]aa.bb.cc.dd:443, sid=22a213c3 9443bc90 2022-04-30 19:11:26 VERIFY OK: depth=2, C=XX, ST=Somewhere, L=Somecity, O=Verizon AB, OU=somevpn, CN=somevpn Root CA v2, emailAddress=secur...@somevpn.net 2022-04-30 19:11:26 VERIFY OK: depth=1, C=XX, ST=Somewhere, O=Verizon AB, OU=somevpn, CN=somevpn Intermediate CA v4, emailAddress=secur...@somevpn.net 2022-04-30 19:11:26 VERIFY KU OK 2022-04-30 19:11:26 Validating certificate extended key usage 2022-04-30 19:11:26 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-04-30 19:11:26 VERIFY EKU OK 2022-04-30 19:11:26 VERIFY OK: depth=0, C=XX, ST=Somewhere, O=Verizon AB, OU=somevpn, CN=us-dal-105.somevpn.net, emailAddress=secur...@somevpn.net 2022-04-30 19:11:26 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1560' 2022-04-30 19:11:26 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' 2022-04-30 19:11:26 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA256 2022-04-30 19:11:26 [us-dal-105.somevpn.net] Peer Connection Initiated with [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:28 MANAGEMENT: >STATE:1651317088,GET_CONFIG,,,,,, 2022-04-30 19:11:28 SENT CONTROL [us-dal-105.somevpn.net]: 'PUSH_REQUEST' (status=1) 2022-04-30 19:11:33 SENT CONTROL [us-dal-105.somevpn.net]: 'PUSH_REQUEST' (status=1) 2022-04-30 19:11:34 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.5.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 0000::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.5.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:443::1001/64 fdda:d0d0:cafe:443::,ifconfig 10.5.0.3 255.255.0.0,peer-id 0,cipher AES-256-GCM' 2022-04-30 19:11:34 OPTIONS IMPORT: compression parms modified 2022-04-30 19:11:34 OPTIONS IMPORT: --socket-flags option modified 2022-04-30 19:11:34 OPTIONS IMPORT: --ifconfig/up options modified 2022-04-30 19:11:34 OPTIONS IMPORT: route options modified 2022-04-30 19:11:34 OPTIONS IMPORT: route-related options modified 2022-04-30 19:11:34 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2022-04-30 19:11:34 OPTIONS IMPORT: peer-id set 2022-04-30 19:11:34 OPTIONS IMPORT: adjusting link_mtu to 1626 2022-04-30 19:11:34 OPTIONS IMPORT: data channel crypto options modified 2022-04-30 19:11:34 Data Channel: using negotiated cipher 'AES-256-GCM' 2022-04-30 19:11:34 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-04-30 19:11:34 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key 2022-04-30 19:11:34 interactive service msg_channel=504 2022-04-30 19:11:34 GDG6: remote_host_ipv6=n/a 2022-04-30 19:11:34 NOTE: GetBestInterfaceEx returned error: Element not found. (code=1168) 2022-04-30 19:11:34 open_tun 2022-04-30 19:11:34 tap-windows6 device [OpenVPN TAP-Windows6] opened 2022-04-30 19:11:34 TAP-Windows Driver Version 9.24 2022-04-30 19:11:34 Set TAP-Windows TUN subnet mode network/local/netmask = 10.5.0.0/10.5.0.3/255.255.0.0 [SUCCEEDED] 2022-04-30 19:11:34 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.5.0.3/255.255.0.0 on interface {FB1A746D-116A-471A-A0B3-6017A1BF137A} [DHCP-serv: 10.5.0.0, lease-time: 31536000] 2022-04-30 19:11:34 Successful ARP Flush on interface [20] {FB1A746D-116A-471A-A0B3-6017A1BF137A} 2022-04-30 19:11:34 MANAGEMENT: >STATE:1651317094,ASSIGN_IP,,10.5.0.3,,,,,fdda:d0d0:cafe:443::1001 2022-04-30 19:11:34 IPv4 MTU set to 1500 on interface 20 using service 2022-04-30 19:11:34 INET6 address service: add fdda:d0d0:cafe:443::1001/128 2022-04-30 19:11:34 TUN: adding address failed using service: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:34 add_route_ipv6(fdda:d0d0:cafe:443::/64 -> fdda:d0d0:cafe:443::1001 metric 0) dev OpenVPN TAP-Windows6 2022-04-30 19:11:34 ROUTE: route addition failed using service: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:34 IPv6 route addition via service failed 2022-04-30 19:11:34 TUN: setting IPv6 mtu using service failed: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:34 Blocking outside dns using service succeeded. 2022-04-30 19:11:39 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up 2022-04-30 19:11:39 C:\Windows\system32\route.exe ADD aa.bb.cc.dd MASK 255.255.255.255 192.168.1.1 2022-04-30 19:11:39 Route addition via service succeeded 2022-04-30 19:11:39 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.5.0.1 2022-04-30 19:11:39 Route addition via service succeeded 2022-04-30 19:11:39 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.5.0.1 2022-04-30 19:11:39 Route addition via service succeeded 2022-04-30 19:11:39 add_route_ipv6(::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-30 19:11:39 ROUTE: route addition failed using service: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:39 IPv6 route addition via service failed 2022-04-30 19:11:39 add_route_ipv6(4000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-30 19:11:39 ROUTE: route addition failed using service: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:39 IPv6 route addition via service failed 2022-04-30 19:11:39 add_route_ipv6(8000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-30 19:11:39 ROUTE: route addition failed using service: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:39 IPv6 route addition via service failed 2022-04-30 19:11:39 add_route_ipv6(c000::/2 -> fdda:d0d0:cafe:443:: metric -1) dev OpenVPN TAP-Windows6 2022-04-30 19:11:39 ROUTE: route addition failed using service: Element not found. [status=1168 if_index=20] 2022-04-30 19:11:39 IPv6 route addition via service failed 2022-04-30 19:11:39 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2022-04-30 19:11:39 Initialization Sequence Completed 2022-04-30 19:11:39 MANAGEMENT: >STATE:1651317099,CONNECTED,SUCCESS,10.5.0.3,aa.bb.cc.dd,443,192.168.10.93,49978,fdda:d0d0:cafe:443::1001 It appears that IPv6 routes are not added based on the following error messages: ROUTE: route addition failed using service: Element not found. [status=1168 if_index=20] IPv6 route addition via service failed TUN: setting IPv6 mtu using service failed: Element not found. Best regards. Stella _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users