Hi, On Tue, Jul 03, 2018 at 12:18:13AM -0400, James Peng via Openvpn-users wrote: > But when I try this for some popular websites, such as google, yahoo, cnn, I > got this: > > ----- begin > > Tracing route to www.google.com [2607:f8b0:4006:811::2004] > over a maximum of 30 hops: > > 1 5 ms 8 ms 3 ms 2603:3005:540b:7800:c02:27ff:fef2:eaa7 > 2 27 ms 26 ms 30 ms 2001:558:4023:145::1 > 3 13 ms 12 ms 13 ms 2001:558:202:406::1
Your VPN server @home is not pushing out IPv6 ifconfig and IPv6 routes.
If you *have* IPv6 @home, take a subnet from your IPv6 network, and
add "server-ipv6 $ipv6subnet/64" and "push 'redirect-gateway def1 ipv6'"
to your OpenVPN server config.
If you do *not* have IPv6 @home, complain to your ISP to give you IPv6 -
and in the meantime, you could still push an IPv6 address + IPv6 default
route, and install an iptables "reject" target on the OpenVPN server,
so connection attempts via IPv6 will fail right away, falling back to
IPv4. (Just null-routing IPv6 will lead to timeouts which is not good
user experience)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany [email protected]
signature.asc
Description: PGP signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-users
