Hi, On Wed, Oct 16, 2013 at 04:03:27PM +0300, Tore Anderson wrote:
I'm successfully using OpenVPN on the IPv6-only LAN.
Seconded, using "Android for OpenVPN" and "OpenVPN Connect" on Android (Nexus 7, with the caveat of "needing static IPv4 address and manual DNS config" to make ipv6-only wifi work in the first place), connecting to an IPv6-enabled server (over UDP, server running with --proto udp6). Connecting to a test OpenVPN server that deliberately has only IPv4 in DNS worked as well (udp). So OpenVPN handles NAT64/DNS64 fine, and both the 2.3 and 3.0 code bases work on an IPv6-only network (yay). As expected, connecting using OpenVPN profiles that have IPv4-literals in there ("server 1.2.3.4") fail. Don't do that, then.
However there are a few caveats:
3) The OpenVPN server pushes a DNS server which gets higher priority than the DNS64 one here, which in turn breaks NAT64 and access to IPv4-only content. I found no way to override this in NM-OpenVPN, although I suppose I could do chattr +i /etc/resolv.conf instead... (not saying this is a bug in OpenVPN, more a general caveat when doing VPN from NAT64/DNS64 networks).
In my case, the server does *not* push a DNS server, which means that trying to use the VPN to access *IPv4* hosts *inside* the VPN fails in interesting ways - DNS64 interferes, and due to the way routing is set up, IPv4 hosts *inside* the VPN are now accessed via NAT64 *around* the VPN (my test host - http://v6.de/ - is purposely available over that VPN or without it). So indeed, DNS and VPN interaction is more complex if DNS64/NAT64 is also intermixed, and if you are not redirecting "all IPv4+IPv6 traffic" through the tunnel (redirect-gateway). Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279