Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
rejecting elements of pushed openvpn configuration
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
curmudgeon
Veteran
Veteran


Joined: 08 Aug 2003
Posts: 1740

PostPosted: Mon Jul 26, 2021 10:51 pm    Post subject: rejecting elements of pushed openvpn configuration Reply with quote

I assume that this problem comes from the fact that I don't have IPv6 enabled on this machine. Can I add something to the configuration file to reject all commands that attempt to manipulate the IPv6 configuration? Thank you in advance.

Code:

Jul 26 11:46:36 system openvpn[7906]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DOMAIN provider,route-ipv6 2000::/3,tun-ipv6,route-gateway 172.21.2.1,topology subnet,ping 10,ping-restart 600,socket-flags TCP_NODELAY,ifconfig-ipv6 fc00:db8:0:2::1009/64 fc00:db8:0:2::1,ifconfig 172.21.2.11 255.255.255.0,peer-id 9,cipher AES-256-CBC'
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: --socket-flags option modified
Jul 26 11:46:36 system openvpn[7906]: NOTE: setsockopt TCP_NODELAY=1 failed
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: route options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: route-related options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: peer-id set
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: adjusting link_mtu to 1625
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: data channel crypto options modified
Jul 26 11:46:36 system openvpn[7906]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 26 11:46:36 system openvpn[7906]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 26 11:46:36 system openvpn[7906]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 26 11:46:36 system openvpn[7906]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 26 11:46:36 system openvpn[7906]: net_route_v4_best_gw query: dst 0.0.0.0
Jul 26 11:46:36 system openvpn[7906]: net_route_v4_best_gw result: via 192.169.0.254 dev net0
Jul 26 11:46:36 system openvpn[7906]: ROUTE_GATEWAY 192.168.0.254/255.255.255.0 IFACE=eth0 HWADDR=12:34:56:78:9a:bc
Jul 26 11:46:36 system openvpn[7906]: GDG6: remote_host_ipv6=n/a
Jul 26 11:46:36 system openvpn[7906]: net_route_v6_best_gw query: dst ::
Jul 26 11:46:36 system openvpn[7906]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Jul 26 11:46:36 system openvpn[7906]: ROUTE6: default_gateway=UNDEF
Jul 26 11:46:36 system openvpn[7906]: TUN/TAP device tun0 opened
Jul 26 11:46:36 system openvpn[7906]: net_iface_mtu_set: mtu 1500 for tun0
Jul 26 11:46:36 system openvpn[7906]: net_iface_up: set tun0 up
Jul 26 11:46:36 system openvpn[7906]: net_addr_v4_add: 172.21.2.11/24 dev tun0
Jul 26 11:46:36 system openvpn[7906]: net_iface_mtu_set: mtu 1500 for tun0
Jul 26 11:46:36 system openvpn[7906]: net_iface_up: set tun0 up
Jul 26 11:46:36 system openvpn[7906]: net_addr_v6_add: fc00:db8:0:2::1009/64 dev tun0
Jul 26 11:46:36 system openvpn[7906]: sitnl_send: rtnl: generic error (-13): Permission denied
Jul 26 11:46:36 system openvpn[7906]: Linux can't add IPv6 to interface tun0
Jul 26 11:46:36 system openvpn[7906]: Exiting due to fatal error
Jul 26 11:49:43 system /etc/init.d/openvpn.provider[8029]: status: inactive
Back to top
View user's profile Send private message
alamahant
Advocate
Advocate


Joined: 23 Mar 2019
Posts: 3872

PostPosted: Tue Jul 27, 2021 9:21 am    Post subject: Reply with quote

Hi
in the client <>.ovpn
add
Code:

push-remove ifconfig-ipv6
push-remove route-ipv6

_________________
:)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum