Openconnect cannot listen in ipv6 address?

wuhao0015 · June 18, 2024, 9:13am

hello everyone!
when i config my vyos openconnect vpn ,the openconnect cannot listen in ipv6 address?

vyos@vyos:~$ show version 
Version:          VyOS 1.4-20240617
Release train:    sagitta
Release flavor:   iso

Built by:         [email protected]
Built on:         Tue 18 Jun 2024 03:19 UTC
Build UUID:       f920f028-0926-4aa1-a28e-fdec7c6f5358
Build commit ID:  14e6c50ad1b914

Architecture:     x86_64
Boot via:         installed image
System type:      VMware guest

Hardware vendor:  VMware, Inc.
Hardware model:   VMware Virtual Platform
Hardware S/N:     VMware-56 4d 25 92 0d fa 1e e1-3f 0d a4 56 dc 52 63 5b
Hardware UUID:    92254d56-fa0d-e11e-3f0d-a456dc52635b

Copyright:        VyOS maintainers and contributors

vyos@vyos:~$ netstat -tnal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:10443           0.0.0.0:*               LISTEN     
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2612          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2609          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2608          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2623          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2617          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2616          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2605          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2604          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2601          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2602          0.0.0.0:*               LISTEN     
tcp        0      0 192.168.50.200:22       0.0.0.0:*               LISTEN     
tcp        0      0 192.168.50.200:36437    192.168.50.254:179      ESTABLISHED
tcp        0    320 192.168.50.200:22       192.168.189.95:8868     ESTABLISHED
tcp6       0      0 :::179                  :::*                    LISTEN     
tcp6       0      0 ::1:2603                :::*                    LISTEN     
tcp6       0      0 ::1:2606                :::*                    LISTEN     
tcp6       0      0 ::1:2622                :::*                    LISTEN

vyos@vyos:~$ show configuration commands | match vpn
set vpn openconnect authentication local-users username vyos password 'vyos'
set vpn openconnect authentication mode local 'password'
set vpn openconnect listen-ports tcp '10443'
set vpn openconnect listen-ports udp '10443'
set vpn openconnect network-settings client-ip-settings subnet '192.168.52.0/24'
set vpn openconnect network-settings push-route '192.168.0.0/16'
set vpn openconnect ssl ca-certificate 'ca.local'
set vpn openconnect ssl certificate 'nj-yd.wuhao.net.cn'
set vpn openconnect tls-version-min '1.0'

what is the problem ?

wuhao0015 · June 19, 2024, 3:18am

I think I have already solved this problem.

sudo nano /run/ocserv/ocserv.conf

add

listen-host = ::

and restart service

systemctl restart ocserv

ok, it works nice

vyos@vyos:~$ netstat -tnal
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State      
tcp        0      0 0.0.0.0:179             0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:199           0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2612          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2609          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2608          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2623          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2617          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2616          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2605          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2604          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2601          0.0.0.0:*               LISTEN     
tcp        0      0 127.0.0.1:2602          0.0.0.0:*               LISTEN     
tcp        0      0 192.168.50.200:22       0.0.0.0:*               LISTEN     
tcp        0      0 192.168.50.200:36437    192.168.50.254:179      ESTABLISHED
tcp        0     96 192.168.50.200:22       192.168.189.95:1037     ESTABLISHED
tcp6       0      0 :::10443                :::*                    LISTEN     
tcp6       0      0 :::179                  :::*                    LISTEN     
tcp6       0      0 ::1:2603                :::*                    LISTEN     
tcp6       0      0 ::1:2606                :::*                    LISTEN     
tcp6       0      0 ::1:2622                :::*                    LISTEN     

vyos@vyos:~$ show openconnect-server sessions 
Interface    Username    IP            Remote IP                              RX      TX         State      Uptime
-----------  ----------  ------------  -------------------------------------  ------  ---------  ---------  --------
sslvpn0      vyos        192.168.52.9  240e:3a1:6b0:1x61:dxc5:3536:ex4a:c11b  1.4 KB  152 bytes  connected  50s
vyos@vyos:~$

I still want to say why does this default not support IPv6 address connections?

system · July 19, 2024, 3:19am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.