IPv6 Connectivity
Thomas Glanzmann
thomas at glanzmann.de
Wed Jan 29 09:57:56 EST 2014
Hello Nikos,
> I have never tested the IPv6 support. The syntax at least should be:
> ipv6-network = 2a01:x:y:z::
> ipv6-prefix = 64
I tried from Muscat, and my MTU was too small. I got the following error
message:
The MTU of the physical adapter is too small. An MTU of at least 1374
bytes is required for an IPv6 connection. Please contact your network
administrator.
Than I tried it from my lab in Germany and see the following packet in
TCPDUMP:
(infra) [~/work/ocserv] tcpdump -i vpns0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vpns0, link-type RAW (Raw IP), capture size 65535 bytes
15:22:50.642819 IP6 ::7539:eaff:a00:0 > fa-in-x93.1e100.net: ICMP6, echo request, seq 15, length 40
15:22:55.650385 IP6 ::7539:eaff:a00:0 > fa-in-x93.1e100.net: ICMP6, echo request, seq 16, length 40
The destination address is correct but the source address is broken. The
screenshot supports that:
https://thomas.glanzmann.de/tmp/ipv6.png
My log shows:
Jan 29 15:21:11 infra ocserv[17446]: 10.100.245.50:49224 assigned IPv6 to 'sithglan': [2a01:x:y:z::1%160212772]:2560
Jan 29 15:21:11 infra ocserv[17446]: 10.100.245.50:49224 assigning tun device vpns0
Jan 29 15:21:11 infra ocserv[17446]: [main] tun.c:90: vpns0: Error setting IPv6.
Jan 29 15:21:11 infra ocserv[17446]: [main] tun.c:100: vpns0: Error setting DST IPv6.
Jan 29 15:21:11 infra ocserv[17446]: 10.100.245.50:49224 user 'sithglan' of group 'sithglan' re-authenticated (using cookie)
Jan 29 15:21:11 infra ocserv[17578]: 10.100.245.50:49224 TCP MSS is 1447
Jan 29 15:21:11 infra ocserv[17578]: 10.100.245.50:49224 DTLS ciphersuite: AES128-SHA
Jan 29 15:21:11 infra ocserv[17578]: 10.100.245.50:49224 setting MTU to 1405
Jan 29 15:21:13 infra ocserv[17578]: 10.100.245.50:49224 setting up DTLS connection
Jan 29 15:21:14 infra ocserv[17578]: 10.100.245.50:49224 setting MTU to 1339
Jan 29 15:21:14 infra ocserv[17578]: 10.100.245.50:49224 DTLS handshake completed (plaintext MTU: 1339)
Okay there is something wrong in the code, I look if I'm able to hunt it down:
ocserv[18438]: 10.100.245.50:49239 sending IPv4 10.12.12.189
ocserv[18438]: 10.100.245.50:49239 sending IPv6 ::a5cf:afff:a00:0
Full log:
http://pbot.rmdir.de/LK9N2Qum3tIeDEP6_kZfIQ
Cheers,
Thomas
More information about the openconnect-devel
mailing list