I've setup an OpenVPN server on my Synology Router and have trouble getting both an IPv4 and and IPv6 connection working correctly. Initially I was having huge headaches figuring this out but I've narrowed it down to this: I can connect to my OpenVPN server successfully via it's IPv6 address, but connecting via only the IPv4 address fails every time.
I'm connecting via a domain name I've setup with DDNS. If I manually set the record to the IPv4 address only, it will of course fail. As soon as I update the IPv6 record it will work as normal.
I've tested this on a few different clients and networks, just to be sure it wasn't the network my client was on.
Here is my server configuration: Server Config
And the client configuration file:
dev tun
tls-client
remote my.domain.com 1194
redirect-gateway def1
pull
proto udp
script-security 2
reneg-sec 0
auth SHA1
cipher AES-128-CBC
auth-user-pass
key-direction 1
comp-lzo
explicit-exit-notify
<ca>
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
</ca>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----
</tls-auth>
Here is the client connection log files, edited for personal information:
5/20/2020, 1:03:10 AM OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Feb 19 2020 17:36:01
⏎5/20/2020, 1:03:10 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/20/2020, 1:03:10 AM UNUSED OPTIONS
1 [tls-client]
4 [pull]
6 [script-security] [2]
13 [explicit-exit-notify]
⏎5/20/2020, 1:03:10 AM EVENT: RESOLVE
⏎5/20/2020, 1:03:10 AM EVENT: WAIT
⏎5/20/2020, 1:03:10 AM Contacting 104.232.115.21:1194 via UDP
⏎5/20/2020, 1:03:10 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:03:20 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:03:20 AM EVENT: RECONNECTING
⏎5/20/2020, 1:03:20 AM EVENT: RESOLVE
⏎5/20/2020, 1:03:20 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:03:20 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:03:20 AM EVENT: WAIT
⏎5/20/2020, 1:03:30 AM Server poll timeout, trying next remote entry...
5 failed attempts until it times out:
⏎5/20/2020, 1:04:10 AM EVENT: CONNECTION_TIMEOUT
⏎5/20/2020, 1:04:10 AM EVENT: DISCONNECTED
Now trying the IPv6 address
⏎5/20/2020, 1:04:46 AM OpenVPN core 3.git::15c71c44 win x86_64 64-bit PT_PROXY built on Feb 19 2020 17:36:01
⏎5/20/2020, 1:04:46 AM Frame=512/2048/512 mssfix-ctrl=1250
⏎5/20/2020, 1:04:46 AM UNUSED OPTIONS
1 [tls-client]
4 [pull]
6 [script-security] [2]
13 [explicit-exit-notify]
⏎5/20/2020, 1:04:46 AM EVENT: RESOLVE
⏎5/20/2020, 1:04:46 AM EVENT: WAIT
⏎5/20/2020, 1:04:46 AM Contacting x.x.x.x:1194 via UDP
⏎5/20/2020, 1:04:46 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:04:56 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:04:56 AM EVENT: RECONNECTING
⏎5/20/2020, 1:04:56 AM EVENT: RESOLVE
⏎5/20/2020, 1:04:56 AM EVENT: WAIT
⏎5/20/2020, 1:04:56 AM Contacting 104.232.115.21:1194 via UDP
⏎5/20/2020, 1:04:56 AM Connecting to [my.domain.com]:1194 (x.x.x.x) via UDPv4
⏎5/20/2020, 1:05:06 AM Server poll timeout, trying next remote entry...
⏎5/20/2020, 1:05:06 AM EVENT: RECONNECTING
⏎5/20/2020, 1:05:06 AM EVENT: RESOLVE
⏎5/20/2020, 1:05:06 AM EVENT: WAIT
⏎5/20/2020, 1:05:06 AM Contacting [xxxx::xxxx]:1194 via UDP
⏎5/20/2020, 1:05:06 AM Connecting to [my.domain.com]:1194 (xxxx::xxxx) via UDPv6
⏎5/20/2020, 1:05:06 AM EVENT: CONNECTING
⏎5/20/2020, 1:05:06 AM Tunnel Options:V4,dev-type tun,link-mtu 1558,tun-mtu 1500,proto UDPv4,comp-lzo,keydir 1,cipher AES-128-CBC,auth SHA1,keysize 128,tls-auth,key-method 2,tls-client
⏎5/20/2020, 1:05:06 AM Creds: Username/Password
⏎5/20/2020, 1:05:06 AM Peer Info:
IV_GUI_VER=OCmacOS_3.1.2-572
IV_VER=3.git::15c71c44
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
⏎5/20/2020, 1:05:06 AM VERIFY OK : depth=1
Certificate Information
⏎5/20/2020, 1:05:06 AM VERIFY OK : depth=0
Certificate Information
⏎5/20/2020, 1:05:08 AM SSL Handshake: TLSv1.2/TLS-DHE-RSA-WITH-AES-256-GCM-SHA384
⏎5/20/2020, 1:05:08 AM Session is ACTIVE
⏎5/20/2020, 1:05:08 AM Sending PUSH_REQUEST to server...
⏎5/20/2020, 1:05:08 AM EVENT: GET_CONFIG
⏎5/20/2020, 1:05:09 AM EVENT: DISCONNECTED
As you can see, when using the IPv6 address it will connect just fine. But when attempting to connect with the IPv4 address it fails every time. Would this have something to do with my ISP blocking certain UDP packets? I'm curious as to why it only works with IPv6.
Only took a couple hours of troubleshooting but I figured it out, it seems so obvious now that I don't want to admit it.
At the start of all this I was reading some faulty documentation from Synology that required setting port forwarding rules on the Router. But they neglected to mention that you SHOULDN'T do that if your using the VPN server on the Router itself!
I deleted the port forwarding rules all together, double checked my firewall rules and got it working just right.