How-To: OpenVPN on pfSense

Discussion in 'Router' started by PP Stephan, May 15, 2018.

  1. PP Stephan

    PP Stephan Staff Member

    This thread refers to the how-to OpenVPN on routers with pfSense. Please only post in this thread if you have questions, comments or feedback regarding this howto. To keep this thread updated and free from obsolete and redundant information, this thread will be cleaned up occasionally.
     
    Last edited: May 29, 2018
  2. b

    blackeneth New Member

    I have seen the warning, "Due to a bug in the underlying FreeBSD kernel, IPv6 does currently not work reliably with pfSense (as of May 2018)."

    Irregardless of the warning, could you post the configuration for IPv6?
    I have IPv6 working with VPN from my own efforts, but it doesn't pass tests such as ipv6-test.com . I conclude my implementation is incomplete.

    The bug referenced in the warning is found in the IPv6 packet fragment handling. Why haven't I seen an issue with IPv6? Perhaps one or more of the following:
    1) From the IPv6 specification, routers do not pass fragmented packets
    2) I have not received any fragmented packets
    netstat -s -p -ip6
    ip6:
    14664696 total packets received
    0 with size smaller than minimum
    0 with data size < data length
    0 with bad options
    20527 with incorrect version number
    0 fragments received
    0 fragments dropped (dup or out of space)
    0 fragments dropped after timeout
    0 fragments that exceeded limit
    0 packets reassembled ok
    3) The bug was fixed in FreeBSD 11.2 ; I'm running 11.2-RELEASE-p4 (freebsd-version) [and pfSense 2.4.4_2]
    https://redmine.pfsense.org/issues/8165

    4) A workaround exists if needed - disabling IPv6 packet fragment reassembly - using this command:
    sysctl net.inet6.ip6.maxfrags=0
    Given all of the above, I assert it's reasonable to provide the Perfect Privacy configuration for IPv6 on pfSense.


     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice