Hi folks, AFAICS the openvpn 2.4.2 man page recommends a "multihome" feature for dual stack setups, but I can't make it work on OpenBSD (the openvpn server) in this case.
The logfile on the client shows Sat Jun 17 15:13:40 2017 OpenVPN 2.4.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Jun 17 2017 Sat Jun 17 15:13:40 2017 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.08 Enter Private Key Password: ****** Sat Jun 17 15:13:43 2017 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info. Sat Jun 17 15:13:43 2017 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Sat Jun 17 15:13:43 2017 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Sat Jun 17 15:13:43 2017 TCP/UDP: Preserving recently used remote address: [AF_INET6]2001:db80:13b0:ffff::60:1195 Sat Jun 17 15:13:43 2017 Socket Buffers: R=[212992->212992] S=[212992->212992] Sat Jun 17 15:13:43 2017 setsockopt(IPV6_V6ONLY=0) Sat Jun 17 15:13:43 2017 UDP link local (bound): [AF_INET6][undef]:1194 Sat Jun 17 15:13:43 2017 UDP link remote: [AF_INET6]2001:db80:13b0:ffff::60:1195 Sat Jun 17 15:13:44 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float) Sat Jun 17 15:13:44 2017 or from peer address: [AF_INET]5.145.xx.yy:1195 Sat Jun 17 15:13:48 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float) Sat Jun 17 15:13:48 2017 or from peer address: [AF_INET]5.145.xx.yy:1195 Sat Jun 17 15:13:51 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float) Sat Jun 17 15:13:51 2017 or from peer address: [AF_INET]5.145.xx.yy:1195 Sat Jun 17 15:13:54 2017 TCP/UDP: Incoming packet rejected from [AF_INET6]::ffff:5.145.xx.yy:1194[10], expected peer address: [AF_INET6]2001:db80:13b0:ffff::60:1195 (allow this incoming source address/port by removing --remote or adding --float) Sat Jun 17 15:13:54 2017 or from peer address: [AF_INET]5.145.xx.yy:1195 Sat Jun 17 15:13:56 2017 event_wait : Interrupted system call (code=4) Sat Jun 17 15:13:56 2017 SIGINT[hard,] received, process exiting Please note the weird IPv6 addresses "::ffff:5.145.xx.yy". 5.145.xx.yy is the OpenBSD server's IPv4 address, but it is not running IPv4 over IPv6. ???? I tried the most recent openvpn in stable, of course. Every helpful comment is highly appreciated Harri
