I have had a functioning dual-stack configuration for quite sometime. My ERL requests a /60 prefix from Comcast, assigning prefix IDs :1 and :2 to eth1 and eth0 respectively (eth2 is my WAN). I use SLAAC on the LAN side with no issues.
I also have OpenVPN setup and working for IPv4 traffic as vtun0. I am trying to add IPv6 support to this tunnel.
Whenever I try to
set interfaces openvpn vtun0 ipv6 router-advert send-advert true commit
I get an radvd seg fault when it tries to restart, and the commit fails. The /etc/radvd.conf is then in an inconsistent state, because it includes a section for vtun0 that keeps causing the seg fault, but subsequent commits aren't regenerating that section because the commit script is not detecting any changes. By jumping through hoops I can get the vtun0 portion of /etc/radvd.conf to become disabled, and then commits and radvd restarts work again.
Abridged configuration causing seg fault:
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description "LAN A"
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
}
ethernet eth1 {
address 192.168.2.1/24
description "LAN B"
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
}
ethernet eth2 {
address dhcp
description "WAN"
dhcpv6-pd {
pd 0 {
interface eth0 {
host-address ::1
prefix-id :2
service slaac
}
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
interface vtun0 {
host-address ::1
prefix-id :3
service slaac
}
prefix-length /60
}
rapid-commit enable
}
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
description "VPN"
encryption aes256
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
local-port 1194
mode server
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option --persist-local-ip
openvpn-option --persist-remote-ip
openvpn-option "--keepalive 8 30"
openvpn-option --comp-lzo
openvpn-option --duplicate-cn
openvpn-option "--user nobody --group nogroup"
openvpn-option --client-to-client
openvpn-option "--verb 1"
openvpn-option --tls-server
openvpn-option "--tun-mtu 1500"
protocol udp6
server {
domain-name example.com
push-route 192.168.2.0/24
subnet 10.2.1.0/24
topology subnet
}
tls {
ca-cert-file /config/auth/openvpn/keys/ca.crt
cert-file /config/auth/openvpn/keys/example.com.crt
dh-file /config/auth/openvpn/keys/dh2048.pem
key-file /config/auth/openvpn/keys/example.com.key
}
}
}
Abridged configuration (working, but only IPv4 traffic in OpenVPN tunnel):
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description "LAN A"
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
}
ethernet eth1 {
address 192.168.2.1/24
description "LAN B"
duplex auto
ipv6 {
dup-addr-detect-transmits 1
router-advert {
cur-hop-limit 64
link-mtu 0
managed-flag false
max-interval 600
other-config-flag false
prefix ::/64 {
autonomous-flag true
on-link-flag true
valid-lifetime 2592000
}
reachable-time 0
retrans-timer 0
send-advert true
}
}
speed auto
}
ethernet eth2 {
address dhcp
description "WAN"
dhcpv6-pd {
pd 0 {
interface eth0 {
host-address ::1
prefix-id :2
service slaac
}
interface eth1 {
host-address ::1
prefix-id :1
service slaac
}
prefix-length /60
}
rapid-commit enable
}
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
description "VPN"
encryption aes256
local-port 1194
mode server
openvpn-option --persist-key
openvpn-option --persist-tun
openvpn-option --persist-local-ip
openvpn-option --persist-remote-ip
openvpn-option "--keepalive 8 30"
openvpn-option --comp-lzo
openvpn-option --duplicate-cn
openvpn-option "--user nobody --group nogroup"
openvpn-option --client-to-client
openvpn-option "--verb 1"
openvpn-option --tls-server
openvpn-option "--tun-mtu 1500"
protocol udp6
server {
domain-name example.com
push-route 192.168.2.0/24
subnet 10.2.1.0/24
topology subnet
}
tls {
ca-cert-file /config/auth/openvpn/keys/ca.crt
cert-file /config/auth/openvpn/keys/example.com.crt
dh-file /config/auth/openvpn/keys/dh2048.pem
key-file /config/auth/openvpn/keys/example.com.key
}
}
}