Bug 952940 - tun-ipv6 setting not honored?
Summary: tun-ipv6 setting not honored?
Keywords:
Status: CLOSED UPSTREAM
Alias: None
Product: Fedora
Classification: Fedora
Component: openvpn
Version: 19
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Steven Pritchard
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-04-17 03:01 UTC by Dawid Zamirski
Modified: 2013-04-17 10:22 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-17 10:22:33 UTC
Type: Bug


Attachments (Terms of Use)
Full log (17.86 KB, text/plain)
2013-04-17 03:01 UTC, Dawid Zamirski
no flags Details

Description Dawid Zamirski 2013-04-17 03:01:43 UTC
Created attachment 736631 [details]
Full log

Description of problem:
I subscribe to a VPN service which works in Fedora 18 but it does not in Fedora 19. The issue seems to be that the openvpn (configured manually, not via NetworkManager) does not seem to respect tun-ipv6 setting. My VPN config file is as follows

client
dev tun
proto udp
explicit-exit-notify
remote dal02.vpn.seed.st 3478
#remote dal02.vpn.seed.st 53
reneg-sec 0
resolv-retry infinite
nobind
persist-key
persist-tun
ca keys/ca.crt
ns-cert-type server
tls-auth keys/ta.key 1
auth-user-pass seedstlogin.conf
cipher AES-256-CBC
verb 4
tun-ipv6
keepalive 5 30

When trying to connect (starting via systemctl start openvpn@seedst.service) I can see the following in the logs:

WARNING: 'tun-ipv6' is present in remote config but missing in local config, remote='tun-ipv6'
..
AUTH: Received control message: AUTH_FAILED

However the tun-ipv6 option, as seen above, is specified. The very same configuration works just fine from my laptop which is running Fedora 18

A full log from /var/log/messages is attached.

Comment 1 David Sommerseth 2013-04-17 10:22:33 UTC
I've discussed this issue with a couple of the other OpenVPN developers.  This is more an annoyance than a real issue.  This is a warning which is non-critical and should not cause any issue itself.

The reason this happens is that the OpenVPN 2.3.1 client talks to a OpenVPN 2.2 (or older) server.  OpenVPN 2.3 servers should not cause this issue at all.

This is a compatibility issue, as OpenVPN 2.3 is fully IPv6 enabled and the tun-ipv6 is implicitly enabled - especially if IPv6 addresses and routes have been configured.

Quick fix: Update the server side to OpenVPN 2.3.  The server should be fully compliant with OpenVPN 2.1 and 2.2 releases.

We will consider if a fix to remove this warning is needed when connecting to 2.2 servers.

As this is not related to the Fedora packaging of OpenVPN, I'm closing this bug.  This issue is now reported in the upstream bug tracker.

https://community.openvpn.net/openvpn/ticket/279


Note You need to log in before you can comment on or make changes to this bug.