curmudgeon Veteran
Joined: 08 Aug 2003 Posts: 1740
|
Posted: Mon Jul 26, 2021 10:51 pm Post subject: rejecting elements of pushed openvpn configuration |
|
|
I assume that this problem comes from the fact that I don't have IPv6 enabled on this machine. Can I add something to the configuration file to reject all commands that attempt to manipulate the IPv6 configuration? Thank you in advance.
Code: |
Jul 26 11:46:36 system openvpn[7906]: PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 8.8.8.8,dhcp-option DNS 8.8.4.4,dhcp-option DOMAIN provider,route-ipv6 2000::/3,tun-ipv6,route-gateway 172.21.2.1,topology subnet,ping 10,ping-restart 600,socket-flags TCP_NODELAY,ifconfig-ipv6 fc00:db8:0:2::1009/64 fc00:db8:0:2::1,ifconfig 172.21.2.11 255.255.255.0,peer-id 9,cipher AES-256-CBC'
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: timers and/or timeouts modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: --socket-flags option modified
Jul 26 11:46:36 system openvpn[7906]: NOTE: setsockopt TCP_NODELAY=1 failed
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: --ifconfig/up options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: route options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: route-related options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: peer-id set
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: adjusting link_mtu to 1625
Jul 26 11:46:36 system openvpn[7906]: OPTIONS IMPORT: data channel crypto options modified
Jul 26 11:46:36 system openvpn[7906]: Outgoing Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 26 11:46:36 system openvpn[7906]: Outgoing Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 26 11:46:36 system openvpn[7906]: Incoming Data Channel: Cipher 'AES-256-CBC' initialized with 256 bit key
Jul 26 11:46:36 system openvpn[7906]: Incoming Data Channel: Using 160 bit message hash 'SHA1' for HMAC authentication
Jul 26 11:46:36 system openvpn[7906]: net_route_v4_best_gw query: dst 0.0.0.0
Jul 26 11:46:36 system openvpn[7906]: net_route_v4_best_gw result: via 192.169.0.254 dev net0
Jul 26 11:46:36 system openvpn[7906]: ROUTE_GATEWAY 192.168.0.254/255.255.255.0 IFACE=eth0 HWADDR=12:34:56:78:9a:bc
Jul 26 11:46:36 system openvpn[7906]: GDG6: remote_host_ipv6=n/a
Jul 26 11:46:36 system openvpn[7906]: net_route_v6_best_gw query: dst ::
Jul 26 11:46:36 system openvpn[7906]: sitnl_send: rtnl: generic error (-101): Network is unreachable
Jul 26 11:46:36 system openvpn[7906]: ROUTE6: default_gateway=UNDEF
Jul 26 11:46:36 system openvpn[7906]: TUN/TAP device tun0 opened
Jul 26 11:46:36 system openvpn[7906]: net_iface_mtu_set: mtu 1500 for tun0
Jul 26 11:46:36 system openvpn[7906]: net_iface_up: set tun0 up
Jul 26 11:46:36 system openvpn[7906]: net_addr_v4_add: 172.21.2.11/24 dev tun0
Jul 26 11:46:36 system openvpn[7906]: net_iface_mtu_set: mtu 1500 for tun0
Jul 26 11:46:36 system openvpn[7906]: net_iface_up: set tun0 up
Jul 26 11:46:36 system openvpn[7906]: net_addr_v6_add: fc00:db8:0:2::1009/64 dev tun0
Jul 26 11:46:36 system openvpn[7906]: sitnl_send: rtnl: generic error (-13): Permission denied
Jul 26 11:46:36 system openvpn[7906]: Linux can't add IPv6 to interface tun0
Jul 26 11:46:36 system openvpn[7906]: Exiting due to fatal error
Jul 26 11:49:43 system /etc/init.d/openvpn.provider[8029]: status: inactive
|
|
|