[Flint 2] how to use IPv6 while having OpenVPN connected?

If I enable IPv6 via passthrough (I can ping IPv6 websites and pass IPv6 tests), but as soon as I enable OpenVPN, IPv6 stops working.

For OpenVPN, I use VPN policy based on the Client Device and have only 2 devices going through, my PC where IPv6 is enabled goes through WAN.

Is Flint 2 as the OpenVPN client?

Does the VPN dashboard show the IPv6 address of the OpenVPN client?
Please check if the remote VPN server is supported the IPv6 feature and enabled it.

Yes, Flint 2 is being used as OpenVPN client.

For the VPN on the dashboard, the end point is IPv4 only since that VPN doesn't provide IPv6 endpoints, the Input IP has both IPv4+IPv6 listed, IPv6 is link local.

If VPN client is enabled (in general, like proxy is global), your PC traffic will go through the VPN interface, not the WAN, and the VPN server does not support IPv6, thus it can only access IPv4 resources.

As you said, the IPv6 of the OpenVPN Client in the VPN dashboard is only the local IPv6 address, unable to reach server.

Even though I have "VPN policy based on the Client Device" and have only 2 MAC Addresses / IPs using the VPN ? All other devices on my LAN don't use VPN.

Other devices that are not on the ‘use VPN’ list will directly use the WAN interface.
Are their IPv6 resource access not working properly?

So my PC has IPv6 before OpenVPN is enabled

C:\>ping -6 google.com

Pinging google.com [2607:f8b0:4005:803::200e] with 32 bytes of data:
Reply from 2607:f8b0:4005:803::200e: time=61ms
Reply from 2607:f8b0:4005:803::200e: time=80ms
Reply from 2607:f8b0:4005:803::200e: time=59ms
Reply from 2607:f8b0:4005:803::200e: time=74ms

Ping statistics for 2607:f8b0:4005:803::200e:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 59ms, Maximum = 80ms, Average = 68ms

C:\>curl -6 -L -o nul google.com
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   219  100   219    0     0   1246      0 --:--:-- --:--:-- --:--:--  1258
100 19627    0 19627    0     0  45570      0 --:--:-- --:--:-- --:--:-- 45570

As soon as I enable VPN

C:\>ping -6 google.com

Pinging google.com [2607:f8b0:4005:803::200e] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2607:f8b0:4005:803::200e:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>curl -6 -L -o nul google.com
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:--  0:00:20 --:--:--     0^C
C:\>ping -6 2607:f8b0:4005:803::200e

Pinging 2607:f8b0:4005:803::200e with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 2607:f8b0:4005:803::200e:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Same if I ssh into the router.

I am printing the ip 6 route from the router once VPN is active

root@GL-MT6000:~# ip -6 route
default from 2607:fb91:1581:b00e::/64 via fe80::22b8:2bff:fe73:c041 dev eth1 proto static metric 512 pref medium
default from fdd9:e385:8d79::/64 via fe80::22b8:2bff:fe73:c041 dev eth1 proto static metric 512 pref medium
2607:fb91:1581:b00e:2f6:20ff:fe71:529d dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:401:8ced:4e91:9c6f dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:416:ed6c:7b82:91ce dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:cf8:27d1:204:d6de dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:10b0:4db5:cd33:1e2c dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:10d1:9817:b25e:36f7 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:10d5:436:2ab1:7ad8 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:1cd4:52aa:7c62:3860 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:42b8:37ff:feb9:5cca dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:77e8:8c54:15f9:2328 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:7ed5:66ff:fe80:ef2c dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:8ecc:757c:82b:5301 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:c1ea:43b3:47e6:b35c dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:ccbb:2934:79d2:a83c dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:dbff:83db:474e:f774 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e:fa54:b8ff:fe9f:79b7 dev br-lan proto static metric 1024 pref medium
2607:fb91:1581:b00e::/64 dev eth1 proto static metric 256 pref medium
unreachable 2607:fb91:1581:b00e::/64 dev lo proto static metric 2147483647 pref medium
fd7a:115c:a1e0::4e01:867 dev tailscale0 proto kernel metric 256 pref medium
fdad:2bb2:e347:6e4b:876:722f:e0bf:b40f dev br-lan proto static metric 1024 pref medium
fdad:2bb2:e347:6e4b:10b0:4db5:cd33:1e2c dev br-lan proto static metric 1024 pref medium
fdad:2bb2:e347:6e4b:10d1:9817:b25e:36f7 dev br-lan proto static metric 1024 pref medium
fdad:2bb2:e347:6e4b:10d5:436:2ab1:7ad8 dev br-lan proto static metric 1024 pref medium
fdad:2bb2:e347:6e4b:cfde:7e75:6a29:794c dev br-lan proto static metric 1024 pref medium
fdad:2bb2:e347:6e4b::/64 dev br-lan proto kernel metric 256 expires 1610sec pref medium
fdd1:6000:c768::/64 dev br-lan proto static metric 1024 pref medium
unreachable fdd1:6000:c768::/48 dev lo proto static metric 2147483647 pref medium
fdd9:e385:8d79::/48 from 2607:fb91:1581:b00e::/64 via fe80::22b8:2bff:fe73:c041 dev eth1 proto static metric 512 pref medium
fdd9:e385:8d79::/48 from fdd9:e385:8d79::/64 via fe80::22b8:2bff:fe73:c041 dev eth1 proto static metric 512 pref medium
fdd9:e385:8d79:0:2f6:20ff:fe71:529d dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:401:8ced:4e91:9c6f dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:c22:bbcc:d9af:e4b7 dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:10b0:4db5:cd33:1e2c dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:10d1:9817:b25e:36f7 dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:10d5:436:2ab1:7ad8 dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:42b8:37ff:feb9:5cca dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:659f:f0c8:642e:8219 dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:97d9:c38b:cdb0:a598 dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79:0:aabe:cbc9:ffe2:41db dev br-lan proto static metric 1024 pref medium
fdd9:e385:8d79::/64 dev eth1 proto static metric 256 pref medium
unreachable fdd9:e385:8d79::/64 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev ra0 proto kernel metric 256 pref medium
fe80::/64 dev rax0 proto kernel metric 256 pref medium
fe80::/64 dev ovpnclient proto kernel metric 256 pref medium
fe80::/64 dev tailscale0 proto kernel metric 256 pref medium
default via fe80::22b8:2bff:fe73:c041 dev eth1 proto ra metric 1024 expires 1731sec hoplimit 64 pref medium
root@GL-MT6000:~#

Probably the VPN provider, its server does not support IPv6 access, since the router IPv6 access normal if VPN disable, and abnormal with it.

I got a VPN that has IPv6 today (AirVPN) and I can't get it working even with that either. I messaged you privately as well.

It seems that IPv6 access is available in my router.

image683×535 13.1 KB

image1300×800 45.4 KB

image959×639 33.4 KB

image1173×691 67.8 KB

image670×512 8.04 KB

image1487×943 66.8 KB

image1841×943 24.5 KB

image1197×400 26.1 KB

Please check your IPv6 source first:

1. Make sure IPv6 is enabled on the GL router, and check that the ISP Router/ISP modem (primary connection) supports IPv6 and is enabled.
2. Make sure you are using an AirVPN profile include IPv6 source, and the server supported the IPv6.
3. After connected, there are both IPv4 and IPv6 addresses, and dual stack is available, as shown in the screenshot above.

Thanks Bruce for the detailed screenshots / tutorial! I checked your setup and you're using Global Proxy, I have not tried it but I suspect that should work as well for me. The setup as I mentioned before was VPN policy based on the Client Device in the VPN settings and not Global Proxy.

It's basically this kind of setup

image1164×1728 101 KB

Basically I'd like everything on the left hand side (PC, iPhone, etc.) to use WAN/WAN6 (IPv4+IPv6). The Server on the right has to go through VPN because of CGNAT (T-Mobile ISP), so it could be seen from the external world. Right now the server works with IPv4 coming in and going out using VPN, I don't need IPv6 on it... I basically have its MacAddress in VPN settings and do port forwarding back based on wgclient + port forwarding setup from AirVPN.

Thanks for the topology figure.

Follow your figure to test in my Flint 2, PC is not using the VPN, so it goes to WAN directly, and its IPv6+IPv4 work ok.

image600×650 10.3 KB

image1308×899 62.9 KB

image1413×893 64.4 KB

How about your devices? did you upgrade the firmware to the latest?

Ah Got it... so basically I have to gather a list of all MAC Addresses that are not using VPN.

I'll have to gather the list of all those devices in my Network... there will be a few