OpenVPN Server / Internet Connection Sharing / Routing / IPV6

I'm trying to get an openvpn server running on windows 10 (pro), version 1607. It's working for ipv4, but not ipv6. I'm specifically trying to get it working with ipv4 and ipv6 to test for a problem with openvpn. I'm testing with ipv6-test.com and test-ipv6.com. The client and the server are connecting and both ipv4 and ipv6 are working between the client and the server (the client can ping server), but I can't get any ipv6 traffic to pass through the server.

I'm wondering about internet connection sharing. There don't appear to be any specific ICS settings that relate to this issue. Alternatively, it could be routing.

Any suggestions?

That is because IPv6 on the network requires a Router that can do Dual stack.

IPv6 still has a huge security hole in it, is why you are not seeing it being used, except in lab environments for hardware and software testing.

bro67 said:

That is because IPv6 on the network requires a Router that can do Dual stack.

IPv6 still has a huge security hole in it, is why you are not seeing it being used, except in lab environments for hardware and software testing.

I think you're a bit out of date WRT ipv6. It is quite widely available from most ISPs. The LAN that the server is connected to has native dual stack and I have an industrial strength router so I'm not concerned about security. I'm just trying to get the openvpn server working. I have not been able to determine why ipv4 is working but ipv6 is not working.

bro67 said:

Not out of date. ISP's are not using IPv6 as widely as you believe. It is still a small percentage because of the first hop security problem that leaves your network open for security risks. There are still so many IPv4 IP's in inventory that are not even being used and more getting released, the numbers that the ISP's put out there a few years ago were incorrect to begin with.

As for your issue, you will not be able to do IPv6 over the Internet between remote connect and OpenVPN server, because of the restrictions that are still in place that the packets either get dropped or the 6:4 Tunnel is not 100% from point A to point B.

Let's not debate about how widely deployed ipv6 is. It's not relevant. The computer acting as a server has native ipv6 (not tunneled) with identical throughput and latency on both ipv4 and ipv6. My firewall supports ipv4 and ipv6. Openvpn doesn't care whether the network between the client and server is dual stack or not and it doesn't care whether the ipv6 is native or tunneled. In my case, the client connects to the server with ipv4 and the server passes ipv4 traffic, using ICS. The client and server also connect with ipv6, but the server is not passing the ipv6 traffic. That's why I'm wondering if ICS supports ipv6 or whether there is a routing problem on the server.

bro67 said:

If you had checked OpenVPN's forums, you would have found this that walks you through how to provide IPv6 outside of the tunnel. IPv6 – OpenVPN Community Inside the Tunnel still requires Dual Stack.

Do you always jump to conclusions? I've read that and it's how I got the vpn to work with ipv6 connectivity. I've posted there about the problem I'm having and I haven't found a solution, which is why I'm posting here. The problem does not seem to be openvpn, but rather the configuration of the windows 10 pc that's running the openvpn server.

I also suggest that you read up on UAG DA.

bro67 said:

It has nothing to do with ICS or Windows 10. Since you are using pfSense, you need to configure it to handle OpenVPN.

Also Native IPv6, means that you arr only using IPv6 on your network and only communicating with only IPv6 servers on the Internet. There are only a handful of schools and companies that. It is usually done for Point to Point VPN, not for everyday Internet browsing.

Plenty of info out there on the pfsense and OpenVPN forums on doing Dual stack, which is what you are doing if you are using both IPv4 and IPv6 inside and outside the network.

Not sure why you're fixated on the idea that ipv4 has anything to do with whether a network is native ipv6 or not. ipv6 and ipv4 are completely separate protocol stacks with their own addresses, transport, routing that coexist side by side but operate completely independently. A network that operates both stacks is dual stack. Whether ipv6 is native or not depends on whether it's tunneled through / over ipv4, not whether ipv4 is operating beside it. A dual stack network could have tunneled ipv6 or native ipv6. I can turn off ipv4 on my computer and still browse any websites that support ipv6. I was able to do that before my isp offered native ipv6, by using a tunnel.

Here is a link to ipv6 stats that clearly makes the distinction of "native" being not-tunneled. You can also see that native ipv6 by that definition is widely available.