IPv6 no route via VPN over IPv4 link
Testing methodology:
# start VPN
$ ip addr show up
$ ip -4 route show
$ ip -6 route show
$ ping -c1 1.1.1.1
$ ping -c1 2600::
# stop VPN
Wired IPv4 connection active in Network Manager without VPN:
$ ip addr show up
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a8:a1:59:32:11:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.2.124/24 brd 192.168.2.255 scope global dynamic noprefixroute enp5s0
valid_lft 86292sec preferred_lft 86292sec
inet6 fe80::940f:92b:a7f8:d10f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 14:f6:d8:43:e8:56 brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:bd:17:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr0
valid_lft forever preferred_lft forever
$ ip -4 route show
default via 192.168.2.1 dev enp5s0 proto dhcp metric 100
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
192.168.2.0/24 dev enp5s0 proto kernel scope link src 192.168.2.124 metric 100
192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown
$ ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev enp5s0 proto kernel metric 100 pref medium
$ ping -c1 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=52 time=21.9 ms
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 21.913/21.913/21.913/0.000 ms
$ ping -c1 2600::
ping: connect: Network is unreachable
Wired IPv4 connection active in Network Manager and run openvpn by command line:
$ sudo openvpn AirVPN_US-LosAngeles_Merope_UDP-443.ovpn
2020-10-17 02:32:33 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2020-10-17 02:32:33 OpenVPN 2.5_rc2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 30 2020
2020-10-17 02:32:33 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
2020-10-17 02:32:33 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2020-10-17 02:32:33 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
2020-10-17 02:32:33 TCP/UDP: Preserving recently used remote address: [AF_INET]107.167.244.50:443
2020-10-17 02:32:33 Socket Buffers: R=[212992->212992] S=[212992->212992]
2020-10-17 02:32:33 UDP link local: (not bound)
2020-10-17 02:32:33 UDP link remote: [AF_INET]107.167.244.50:443
2020-10-17 02:32:33 TLS: Initial packet from [AF_INET]107.167.244.50:443, sid=0bbf7305 2ac346dd
2020-10-17 02:32:33 net_route_v4_best_gw query: dst 0.0.0.0
2020-10-17 02:32:33 net_route_v4_best_gw result: via 192.168.2.1 dev enp5s0
2020-10-17 02:32:33 VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
2020-10-17 02:32:33 VERIFY KU OK
2020-10-17 02:32:33 Validating certificate extended key usage
2020-10-17 02:32:33 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-10-17 02:32:33 VERIFY EKU OK
2020-10-17 02:32:33 VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Merope, emailAddress=info@airvpn.org
2020-10-17 02:32:33 Control Channel: TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2020-10-17 02:32:33 [Merope] Peer Connection Initiated with [AF_INET]107.167.244.50:443
2020-10-17 02:32:34 SENT CONTROL [Merope]: 'PUSH_REQUEST' (status=1)
2020-10-17 02:32:34 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway ipv6 def1 bypass-dhcp,dhcp-option DNS 10.22.72.1,dhcp-option DNS6 fde6:7a:7d20:1248::1,tun-ipv6,route-gateway 10.22.72.1,topology subnet,ping 10,ping-restart 60,ifconfig-ipv6 fde6:7a:7d20:1248::10db/64 fde6:7a:7d20:1248::1,ifconfig 10.22.72.221 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2020-10-17 02:32:34 OPTIONS IMPORT: timers and/or timeouts modified
2020-10-17 02:32:34 OPTIONS IMPORT: compression parms modified
2020-10-17 02:32:34 OPTIONS IMPORT: --ifconfig/up options modified
2020-10-17 02:32:34 OPTIONS IMPORT: route options modified
2020-10-17 02:32:34 OPTIONS IMPORT: route-related options modified
2020-10-17 02:32:34 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-10-17 02:32:34 OPTIONS IMPORT: peer-id set
2020-10-17 02:32:34 OPTIONS IMPORT: adjusting link_mtu to 1625
2020-10-17 02:32:34 OPTIONS IMPORT: data channel crypto options modified
2020-10-17 02:32:34 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-10-17 02:32:34 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-10-17 02:32:34 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-10-17 02:32:34 net_route_v4_best_gw query: dst 0.0.0.0
2020-10-17 02:32:34 net_route_v4_best_gw result: via 192.168.2.1 dev enp5s0
2020-10-17 02:32:34 ROUTE_GATEWAY 192.168.2.1/255.255.255.0 IFACE=enp5s0 HWADDR=a8:a1:59:32:11:2b
2020-10-17 02:32:34 GDG6: remote_host_ipv6=n/a
2020-10-17 02:32:34 net_route_v6_best_gw query: dst ::
2020-10-17 02:32:34 sitnl_send: rtnl: generic error (-101): Network is unreachable
2020-10-17 02:32:34 ROUTE6: default_gateway=UNDEF
2020-10-17 02:32:34 TUN/TAP device tun0 opened
2020-10-17 02:32:34 net_iface_mtu_set: mtu 1500 for tun0
2020-10-17 02:32:34 net_iface_up: set tun0 up
2020-10-17 02:32:34 net_addr_v4_add: 10.22.72.221/24 dev tun0
2020-10-17 02:32:34 net_iface_mtu_set: mtu 1500 for tun0
2020-10-17 02:32:34 net_iface_up: set tun0 up
2020-10-17 02:32:34 net_addr_v6_add: fde6:7a:7d20:1248::10db/64 dev tun0
2020-10-17 02:32:39 net_route_v4_add: 107.167.244.50/32 via 192.168.2.1 dev [NULL] table 0 metric -1
2020-10-17 02:32:39 net_route_v4_add: 0.0.0.0/1 via 10.22.72.1 dev [NULL] table 0 metric -1
2020-10-17 02:32:39 net_route_v4_add: 128.0.0.0/1 via 10.22.72.1 dev [NULL] table 0 metric -1
2020-10-17 02:32:39 add_route_ipv6(::/3 -> fde6:7a:7d20:1248::1 metric -1) dev tun0
2020-10-17 02:32:39 net_route_v6_add: ::/3 via :: dev tun0 table 0 metric -1
2020-10-17 02:32:39 add_route_ipv6(2000::/4 -> fde6:7a:7d20:1248::1 metric -1) dev tun0
2020-10-17 02:32:39 net_route_v6_add: 2000::/4 via :: dev tun0 table 0 metric -1
2020-10-17 02:32:39 add_route_ipv6(3000::/4 -> fde6:7a:7d20:1248::1 metric -1) dev tun0
2020-10-17 02:32:39 net_route_v6_add: 3000::/4 via :: dev tun0 table 0 metric -1
2020-10-17 02:32:39 add_route_ipv6(fc00::/7 -> fde6:7a:7d20:1248::1 metric -1) dev tun0
2020-10-17 02:32:39 net_route_v6_add: fc00::/7 via :: dev tun0 table 0 metric -1
2020-10-17 02:32:39 Initialization Sequence Completed
$ ip addr show up
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a8:a1:59:32:11:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.2.124/24 brd 192.168.2.255 scope global dynamic noprefixroute enp5s0
valid_lft 85955sec preferred_lft 85955sec
inet6 fe80::940f:92b:a7f8:d10f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 14:f6:d8:43:e8:56 brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:bd:17:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr0
valid_lft forever preferred_lft forever
10: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.22.72.221/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fde6:7a:7d20:1248::10db/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::fc70:4e92:1622:62f1/64 scope link stable-privacy
valid_lft forever preferred_lft forever
$ ip -4 route show
0.0.0.0/1 via 10.22.72.1 dev tun0
default via 192.168.2.1 dev enp5s0 proto dhcp metric 100
10.22.72.0/24 dev tun0 proto kernel scope link src 10.22.72.221
107.167.244.50 via 192.168.2.1 dev enp5s0
128.0.0.0/1 via 10.22.72.1 dev tun0
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
192.168.2.0/24 dev enp5s0 proto kernel scope link src 192.168.2.124 metric 100
192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown
$ ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
::/3 dev tun0 metric 1024 pref medium
2000::/4 dev tun0 metric 1024 pref medium
3000::/4 dev tun0 metric 1024 pref medium
fde6:7a:7d20:1248::/64 dev tun0 proto kernel metric 256 pref medium
fc00::/7 dev tun0 metric 1024 pref medium
fe80::/64 dev enp5s0 proto kernel metric 100 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
$ ping -c1 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=28.2 ms
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 28.221/28.221/28.221/0.000 ms
$ ping -c1 2600::
PING 2600::(2600::) 56 data bytes
64 bytes from 2600::: icmp_seq=1 ttl=53 time=87.5 ms
--- 2600:: ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 87.451/87.451/87.451/0.000 ms
2020-10-17 02:36:52 event_wait : Interrupted system call (code=4)
2020-10-17 02:36:52 SIGTERM received, sending exit notification to peer
2020-10-17 02:36:58 net_route_v4_del: 107.167.244.50/32 via 192.168.2.1 dev [NULL] table 0 metric -1
2020-10-17 02:36:58 net_route_v4_del: 0.0.0.0/1 via 10.22.72.1 dev [NULL] table 0 metric -1
2020-10-17 02:36:58 net_route_v4_del: 128.0.0.0/1 via 10.22.72.1 dev [NULL] table 0 metric -1
2020-10-17 02:36:58 delete_route_ipv6(::/3)
2020-10-17 02:36:58 net_route_v6_del: ::/3 via :: dev tun0 table 0 metric -1
2020-10-17 02:36:58 delete_route_ipv6(2000::/4)
2020-10-17 02:36:58 net_route_v6_del: 2000::/4 via :: dev tun0 table 0 metric -1
2020-10-17 02:36:58 delete_route_ipv6(3000::/4)
2020-10-17 02:36:58 net_route_v6_del: 3000::/4 via :: dev tun0 table 0 metric -1
2020-10-17 02:36:58 delete_route_ipv6(fc00::/7)
2020-10-17 02:36:58 net_route_v6_del: fc00::/7 via :: dev tun0 table 0 metric -1
2020-10-17 02:36:58 Closing TUN/TAP interface
2020-10-17 02:36:58 net_addr_v4_del: 10.22.72.221 dev tun0
2020-10-17 02:36:58 net_addr_v6_del: fde6:7a:7d20:1248::10db/64 dev tun0
2020-10-17 02:36:58 SIGTERM[soft,exit-with-notification] received, process exiting
Wired IPv4 connection active in Network Manager and using VPN profile in Network Manager:
$ nmcli c up AirVPN_US-LosAngeles_Merope_UDP-443
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)
$ ip addr show up
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether a8:a1:59:32:11:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.2.124/24 brd 192.168.2.255 scope global dynamic noprefixroute enp5s0
valid_lft 85309sec preferred_lft 85309sec
inet6 fe80::940f:92b:a7f8:d10f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: wlp6s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 14:f6:d8:43:e8:56 brd ff:ff:ff:ff:ff:ff
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:bd:17:90 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr0
valid_lft forever preferred_lft forever
12: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.22.72.221/24 brd 10.22.72.255 scope global noprefixroute tun0
valid_lft forever preferred_lft forever
inet6 fe80::b3b:9c86:b01f:5ea1/64 scope link stable-privacy
valid_lft forever preferred_lft forever
$ ip -4 route show
default via 10.22.72.1 dev tun0 proto static metric 50
default via 192.168.2.1 dev enp5s0 proto dhcp metric 100
10.22.72.0/24 dev tun0 proto kernel scope link src 10.22.72.221 metric 50
107.167.244.50 via 192.168.2.1 dev enp5s0 proto static metric 100
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
192.168.2.0/24 dev enp5s0 proto kernel scope link src 192.168.2.124 metric 100
192.168.2.1 dev enp5s0 proto static scope link metric 100
192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 linkdown
$ ip -6 route show
::1 dev lo proto kernel metric 256 pref medium
fe80::/64 dev enp5s0 proto kernel metric 100 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
$ ping -c1 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=55 time=50.5 ms
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 50.540/50.540/50.540/0.000 ms
$ ping -c1 2600::
ping: connect: Network is unreachable
$ nmcli c down AirVPN_US-LosAngeles_Merope_UDP-443
Connection 'AirVPN_US-LosAngeles_Merope_UDP-443' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/16)