For the latest on our response to Coronavirus (COVID-19), click here.
Unable to access local server from outside over IPv6 behind BGW210-700
I have AT&T Fiber 1000 and a BGW210-700 acting as my router. I have an instance of OpenVPN running on a Raspberry Pi on my local network so that I can access my LAN from external networks (like using my mobile phone's data or when traveling). Everything works fine over IPv4, and I can get the server to route IPv6 inside the VPN tunnel using a delegated /64 block that the Pi requests from the BGW210.
However, I am unable to connect to the OpenVPN server using IPv6 as the transport (outside the tunnel). Here's the behavior I see and things I've tried:
- In general, IPv6 connectivity appears normal for my LAN devices. Everyone gets an address; DNS resolves; traffic routes.
- The IPv6 server address (my Raspberry Pi's Global Unicast Address) and selected port appears unreachable from outside the network.
- If I connect to that same IPv6 address from inside my LAN, the VPN works (UDP6 transport connection, with IPv4 and IPv6 working inside the tunnel...and with new addressed assigned by the VPN server)
- I can easily connect to my VPN using IPv4 as the outside-the-tunnel transport by pointing to my router's WAN address, and the requested port is forwarded to the Pi using NAT rules I put in the router. (UDP4 transport connection, with IPv4 and IPv6 both working inside the tunnel)
- I have tried completely disabling all Advanced Firewall settings in the BGW210.
- I have tried creating a packet filter "Pass" rule to forward IPv6 packets destined for the VPN server's port, the VPN server address, a combination of both, and even all IPv6 packets regardless of destination.
- Previously, I had IPv6 outside the tunnel working when there was a Google WiFi router behind my BGW210, using IP Passthrough. At the time, I wasn't able to get IPv6 inside the tunnel because of an inability for the Pi to request a Prefix Delegation through the intermediate router, but the IPv6 transport for VPN worked as long as I told the Google WiFi to open the right port on IPv6. The BGW210 doesn't appear to have any options for explicitly opening IPv6 ports for clients, besides the packet filter options I have already tried without success.
In short, should I be able to access a server on my LAN from the outside using IPv6? I haven't been able to figure out how permit it using any settings available to me. And no, I don't absolutely need to be able to do this, since IPv4 connectivitiy to the server is fine. But I like things that should work to, you know, actually work.