Harald Dunkel
2017-06-18 08:56:19 UTC
Hi folks,
I would like to run a single openvpn service in a dual-stack setup on
OpenBSD 6.1.
According to the man page there is a "multihome" support, but it doesn't
work in this case. The logfile on the client shows
Sat Jun 17 15:13:40 2017 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 17 2017
Sat Jun 17 15:13:40 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Enter Private Key Password: ******
Sat Jun 17 15:13:43 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jun 17 15:13:43 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jun 17 15:13:43 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jun 17 15:13:43 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:db80:13b0:ffff::60:1195
Sat Jun 17 15:13:43 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 17 15:13:43 2017 setsockopt(IPV6_V6ONLY=0)
Sat Jun 17 15:13:43 2017 UDP link local (bound): [AF_INET6][undef]:1194
Sat Jun 17 15:13:43 2017 UDP link remote: [AF_INET6]2001:db80:13b0:ffff::60:1195
Sat Jun 17 15:13:44 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:44 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:48 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:48 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:51 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:51 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:54 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:54 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:56 2017 event_wait : Interrupted system call (code=4)
Sat Jun 17 15:13:56 2017 SIGINT[hard,] received, process exiting
"5.145.xx.yy" is the IPv4 address of the openvpn server.
Is there hope?
Regards
Harri
I would like to run a single openvpn service in a dual-stack setup on
OpenBSD 6.1.
According to the man page there is a "multihome" support, but it doesn't
work in this case. The logfile on the client shows
Sat Jun 17 15:13:40 2017 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 17 2017
Sat Jun 17 15:13:40 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08
Enter Private Key Password: ******
Sat Jun 17 15:13:43 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.
Sat Jun 17 15:13:43 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Sat Jun 17 15:13:43 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Jun 17 15:13:43 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:db80:13b0:ffff::60:1195
Sat Jun 17 15:13:43 2017 Socket Buffers: R=[212992->212992] S=[212992->212992]
Sat Jun 17 15:13:43 2017 setsockopt(IPV6_V6ONLY=0)
Sat Jun 17 15:13:43 2017 UDP link local (bound): [AF_INET6][undef]:1194
Sat Jun 17 15:13:43 2017 UDP link remote: [AF_INET6]2001:db80:13b0:ffff::60:1195
Sat Jun 17 15:13:44 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:44 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:48 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:48 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:51 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:51 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:54 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float)
Sat Jun 17 15:13:54 2017 or from peer address: [AF_INET]5.145.xx.yy:1195
Sat Jun 17 15:13:56 2017 event_wait : Interrupted system call (code=4)
Sat Jun 17 15:13:56 2017 SIGINT[hard,] received, process exiting
"5.145.xx.yy" is the IPv4 address of the openvpn server.
Is there hope?
Regards
Harri