openconnect/ocserv ipv6 setting
Kevin Cernekee
cernekee at gmail.com
Sat Jan 21 07:45:58 PST 2017
On Sat, Jan 21, 2017 at 5:52 AM, Goodman Leung <gbcbooksmj at gmail.com> wrote:
> does any one have ipv6 work on ocserv ?
>
> i add configure "ipv6-network = 2001:470:c19d:xxxx:xxxx::/64"
>
> and from the debug log output
>
> assigned IPv6: 2001:470:f91d:c15c:0:74:f141:e500
>
> ipv6 address had been assigned, from when i check my client side , it
> did not found ipv6 address on the tun interface
It's working for me, using explicit-ipv6 to provide a /128 to specific clients.
You might want to run the client with --dump-http-traffic and look for
these headers:
X-CSTP-Address-Type: IPv6,IPv4
X-CSTP-Address-IP6: 2001:470:f91d:c15c:0:74:f141:e500/128
If your ipv6-network (i.e. the delegation you received from your ISP)
is only a /64, you can try ipv6-subnet-prefix = 128. Ideally you'd
want to get a /48 or /56 from your ISP, and then hand out a /64 to
each VPN client.
More information about the openconnect-devel
mailing list