I'm on the road with my Windows 10 laptop. I'm trying to open a VPN tunnel to my home where I have a NetGear RAX45 WiFi6 router. I'm running OPENVPN GUI v11.31.0.0.I would like to force all internet traffic thru VPN tunnel to my router and then out to web.The client config file below gets me connected to my router. But I leaking my location somehow as I am geo-blocked on the site I want to access. whatismyip.com reports just the remote IPv4 address, but ipleaks.net reports the remote IPv4 address and a local IPv6 address. So I think I need to setup the tunnel and my router for IPv4 and IPv6. I think if there is a way to have the vpn capture IPv4 and IPv6 traffic I won't leak my local IPv6 address. Is that possible? What router settings and client script do I need? Below is the client .ovpn file.clientdev tapproto udpdev-node NETGEAR-VPNremote "*my router*"resolv-retry infiniteredirect-gatewaynobindpersist-keypersist-tunca ca.crtcert client.crtkey client.keycipher AES-128-CBCcomp-lzoverb 5

NorthernMike wrote:I do not recognize the Open VPN GUI version you reference. The most recent Open VPN application for Windows is Version 2.6.0. That was just the GUI version, the application is v2.5.8 Do you have IPv6 enabled on your Router at home? Under Advanced -> Advanced Setup -> IPv6. Yes. See the 2 attached screenshots. When you generated your Open VPN configuration package (four files), did you have the radio button selected to provide access to all sites on the internet & Home Network? See attached. Not sure. I've been changing router settings and don't remember when I changed that. I checked and made sure it was set to Internet & Home Network, and redownloaded the files. The config file looked the same. You might try using TCP for the TUN mode service? See attached. Will try that next. Your configuration file appears to be old based on the cipher reference. I checked the router firmware and it is the latest available. I was getting warnings for this in the log and tried changing to data-ciphers AES-128-CBC data-ciphers-fallback BF-CBC and that broke it. Are you using a Dynamic Domain Name Server (DDNS) service? Yes.No screenshot files attached. Depending on their content, a moderator may have removed them. I know pdf and jpg format files work the board. Others may not. Attached is my redacted configuration file. I do not have any geoblocking issues I am trying to work around. Note the cipher used. Open VPN changed their cipher requirements a couple of versions ago. Certainly before version 2.5.x. Note: Open VPN just released client application version 2.6.0. The Netgear firmware has not caught up. I have several friends and family that just installed the 2.6.0 version and it works fine without any changes to the configuration files. The only edit I made to the configuration file generated by the router was to change verb from 0 to 5. This provided additional information in the client log when a connection is made.

NorthernMike wrote:I think it's definitely a IPv6 problem. I went into the Windows networking and disabled iPV6 for the local adapter. Now ipleak.net reports my remote IPv4 address and no IPv6 address. No problems with geo-blocking because there's no local iPV6 address to leak. Not an elegant solution. Don't want to run like this all the time. When I'm back home, I work on the router settings. Don't want to mess up something that's working until I'm home in a week. Thanks for your help. Any further suggestions on iPV6 would be appreciated. There may be some nuances as to how your local ISP implements IPv6. There are several options in the router for IPv6 configuration. I did not track down all of them to understand the differences. Good luck!

NorthernMike wrote:I'm on the road with my Windows 10 laptop. I'm trying to open a VPN tunnel to my home where I have a NetGear RAX45 WiFi6 router. I'm running OPENVPN GUI v11.31.0.0.I would like to force all internet traffic thru VPN tunnel to my router and then out to web.The client config file below gets me connected to my router. But I leaking my location somehow as I am geo-blocked on the site I want to access. whatismyip.com reports just the remote IPv4 address, but ipleaks.net reports the remote IPv4 address and a local IPv6 address. So I think I need to setup the tunnel and my router for IPv4 and IPv6. I think if there is a way to have the vpn capture IPv4 and IPv6 traffic I won't leak my local IPv6 address. Is that possible? What router settings and client script do I need? Below is the client .ovpn file.clientdev tapproto udpdev-node NETGEAR-VPNremote "*my router*"resolv-retry infiniteredirect-gatewaynobindpersist-keypersist-tunca ca.crtcert client.crtkey client.keycipher AES-128-CBCcomp-lzoverb 5 I do not recognize the Open VPN GUI version you reference. The most recent Open VPN application for Windows is Version 2.6.0. Do you have IPv6 enabled on your Router at home? Under Advanced -> Advanced Setup -> IPv6. When you generated your Open VPN configuration package (four files), did you have the radio button selected to provide access to all sites on the internet & Home Network? See attached. You might try using TCP for the TUN mode service? See attached. Your configuration file appears to be old based on the cipher reference. Are you using a Dynamic Domain Name Server (DDNS) service?

I do not recognize the Open VPN GUI version you reference. The most recent Open VPN application for Windows is Version 2.6.0. That was just the GUI version, the application is v2.5.8 Do you have IPv6 enabled on your Router at home? Under Advanced -> Advanced Setup -> IPv6. Yes. See the 2 attached screenshots. When you generated your Open VPN configuration package (four files), did you have the radio button selected to provide access to all sites on the internet & Home Network? See attached. Not sure. I've been changing router settings and don't remember when I changed that. I checked and made sure it was set to Internet & Home Network, and redownloaded the files. The config file looked the same. You might try using TCP for the TUN mode service? See attached. Will try that next. Your configuration file appears to be old based on the cipher reference. I checked the router firmware and it is the latest available. I was getting warnings for this in the log and tried changing to data-ciphers AES-128-CBC data-ciphers-fallback BF-CBC and that broke it. Are you using a Dynamic Domain Name Server (DDNS) service? Yes.

IPv4 & IPv6 VPN Tunnel on Nighthawk RAX45 AX6

18 Replies

Kitsap
Master
Feb 21, 2023
NorthernMike wrote:
I'm on the road with my Windows 10 laptop. I'm trying to open a VPN tunnel to my home where I have a NetGear RAX45 WiFi6 router. I'm running OPENVPN GUI v11.31.0.0.
I would like to force all internet traffic thru VPN tunnel to my router and then out to web.
The client config file below gets me connected to my router. But I leaking my location somehow as I am geo-blocked on the site I want to access.

whatismyip.com reports just the remote IPv4 address, but ipleaks.net reports the remote IPv4 address and a local IPv6 address. So I think I need to setup the tunnel and my router for IPv4 and IPv6. I think if there is a way to have the vpn capture IPv4 and IPv6 traffic I won't leak my local IPv6 address.

Is that possible? What router settings and client script do I need?

Below is the client .ovpn file.
client
dev tap
proto udp
dev-node NETGEAR-VPN
remote "*my router*"
resolv-retry infinite
redirect-gateway
nobind
persist-key
persist-tun
ca ca.crt
cert client.crt
key client.key
cipher AES-128-CBC
comp-lzo
verb 5

I do not recognize the Open VPN GUI version you reference. The most recent Open VPN application for Windows is Version 2.6.0.

Do you have IPv6 enabled on your Router at home? Under Advanced -> Advanced Setup -> IPv6.

When you generated your Open VPN configuration package (four files), did you have the radio button selected to provide access to all sites on the internet & Home Network? See attached.

You might try using TCP for the TUN mode service? See attached.

Your configuration file appears to be old based on the cipher reference.

Are you using a Dynamic Domain Name Server (DDNS) service?
- NorthernMike
  Aspirant
  Feb 21, 2023
  I do not recognize the Open VPN GUI version you reference. The most recent Open VPN application for Windows is Version 2.6.0.
  That was just the GUI version, the application is v2.5.8
  
  Do you have IPv6 enabled on your Router at home? Under Advanced -> Advanced Setup -> IPv6.
  Yes. See the 2 attached screenshots.
  
  When you generated your Open VPN configuration package (four files), did you have the radio button selected to provide access to all sites on the internet & Home Network? See attached.
  Not sure. I've been changing router settings and don't remember when I changed that. I checked and made sure it was set to
  Internet & Home Network, and redownloaded the files. The config file looked the same.
  
  You might try using TCP for the TUN mode service? See attached.
  Will try that next.
  
  Your configuration file appears to be old based on the cipher reference.
  I checked the router firmware and it is the latest available. I was getting warnings for this in the log and tried changing to
  data-ciphers AES-128-CBC
  data-ciphers-fallback BF-CBC
  and that broke it.
  
  Are you using a Dynamic Domain Name Server (DDNS) service?
  Yes.
  - Kitsap
    Master
    Feb 21, 2023
    NorthernMike wrote:
    I do not recognize the Open VPN GUI version you reference. The most recent Open VPN application for Windows is Version 2.6.0.
    That was just the GUI version, the application is v2.5.8
    
    Do you have IPv6 enabled on your Router at home? Under Advanced -> Advanced Setup -> IPv6.
    Yes. See the 2 attached screenshots.
    
    When you generated your Open VPN configuration package (four files), did you have the radio button selected to provide access to all sites on the internet & Home Network? See attached.
    Not sure. I've been changing router settings and don't remember when I changed that. I checked and made sure it was set to
    Internet & Home Network, and redownloaded the files. The config file looked the same.
    
    You might try using TCP for the TUN mode service? See attached.
    Will try that next.
    
    Your configuration file appears to be old based on the cipher reference.
    I checked the router firmware and it is the latest available. I was getting warnings for this in the log and tried changing to
    data-ciphers AES-128-CBC
    data-ciphers-fallback BF-CBC
    and that broke it.
    
    Are you using a Dynamic Domain Name Server (DDNS) service?
    Yes.
    No screenshot files attached. Depending on their content, a moderator may have removed them. I know pdf and jpg format files work the board. Others may not.
    
    Attached is my redacted configuration file. I do not have any geoblocking issues I am trying to work around.
    
    Note the cipher used. Open VPN changed their cipher requirements a couple of versions ago. Certainly before version 2.5.x.
    
    Note: Open VPN just released client application version 2.6.0. The Netgear firmware has not caught up. I have several friends and family that just installed the 2.6.0 version and it works fine without any changes to the configuration files.
    
    The only edit I made to the configuration file generated by the router was to change verb from 0 to 5. This provided additional information in the client log when a connection is made.
    
    client.ovpnxxx.pdf38 KB

Forum Discussion

IPv4 & IPv6 VPN Tunnel on Nighthawk RAX45 AX6