Network-manager, OpenVPN et IPv6

Bonjour,

J’ai actuellement une connexion openVPN dont le serveur a cette configuration :

dev h2v
dev-type tun
port 11002
ifconfig 10.255.255.9 10.255.255.10
tun-ipv6
ifconfig-ipv6 2001:bc8:3335:ff02:: 2001:bc8:3335:ff02::1
<secret>
[une clef]
</secret>

Comme vous le voyez, cette connexion OVPN a une adresse IPv6.
Le client de cette connexion est un Debian Stretch avec le paquet network-manager-openvpn installé, j’ai créé la connexion OVPN sur network-manager, mais je ne peux que mettre l’adresse IPv4, il ne prend pas l’adresse IPv6, comme on le voit ici :

4: v2h: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.255.255.10 peer 10.255.255.9/32 brd 10.255.255.10 scope global v2h
       valid_lft forever preferred_lft forever
    inet6 fe80::cb49:bcaa:e573:678f/64 scope link flags 800 
       valid_lft forever preferred_lft forever

Pourtant, l’adresse est dans la configuration :

connection.id:                          v2h
connection.uuid:                        41973d35-cb9a-4129-81e5-a725f71f4baf
connection.stable-id:                   --
connection.interface-name:              --
connection.type:                        vpn
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (par défaut)
connection.timestamp:                   1501657995
connection.read-only:                   no
connection.permissions:                 user:gilles
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (par défaut)
connection.secondaries:
connection.gateway-ping-timeout:        0
connection.metered:                     inconnu
connection.lldp:                        -1 (default)
ipv4.method:                            auto
ipv4.dns:                               10.255.255.9
ipv4.dns-search:                        almtesh.net
ipv4.dns-options:                       (par défaut)
ipv4.dns-priority:                      0
ipv4.addresses:
ipv4.gateway:                           --
ipv4.routes:
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-timeout:                      0
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.dad-timeout:                       -1 (par défaut)
ipv6.method:                            ignore
ipv6.dns:                               
ipv6.dns-search:                        
ipv6.dns-options:                       (par défaut)
ipv6.dns-priority:                      0
ipv6.addresses:                         
ipv6.gateway:                           --
ipv6.routes:                            
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (inconnu)
ipv6.addr-gen-mode:                     stable-privacy
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
ipv6.token:                             --
vpn.service-type:                       org.freedesktop.NetworkManager.openvpn
vpn.user-name:                          --
vpn.data:                               dev = v2h, dev-type = tun, mssfix = no, static-key = /home/gilles/.local/share/networkmanagement/certificates/v2h/secret.key, port = 11002, remote-ip = 10.255.255.9, proto-tcp = no, remote = 163.172.41.50, connection-type = static-key, remote-random = no, local-ip = 10.255.255.10
vpn.secrets:                            <hidden>
vpn.persistent:                         no
vpn.timeout:                            0
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
GENERAL.NOM:                            v2h
GENERAL.UUID:                           41973d35-cb9a-4129-81e5-a725f71f4baf
GENERAL.PÉRIPHÉRIQUES:                  eno1
GENERAL.ÉTAT:                           activé
GENERAL.PAR DÉFAUT:                     non
GENERAL.DEFAULT6:                       non
GENERAL.VPN:                            oui
GENERAL.ZONE:                           --
GENERAL.CHEMIN DBUS:                    /org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/5
GENERAL.SPEC-OBJECT:                    /org/freedesktop/NetworkManager/ActiveConnection/1
GENERAL.CHEMIN-MAÎTRE:                  /org/freedesktop/NetworkManager/Devices/2
IP4.ADRESSE[1]:                         10.255.255.10/32
IP4.PASSERELLE:                         --
IP4.DNS[1]:                             10.255.255.9
VPN.TYPE:                               openvpn
VPN.NOM D'UTILISATEUR:                  --
VPN.PASSERELLE:                         163.172.41.50
VPN.BANNIÈRE:                           --
VPN.ÉTAT-VPN:                           5 - VPN connecté
VPN.CFG[1]:                             dev = v2h
VPN.CFG[2]:                             dev-type = tun
VPN.CFG[3]:                             mssfix = no
VPN.CFG[4]:                             static-key = /home/gilles/.local/share/networkmanagement/certificates/v2h/secret.key
VPN.CFG[5]:                             port = 11002
VPN.CFG[6]:                             remote-ip = 10.255.255.9
VPN.CFG[7]:                             proto-tcp = no
VPN.CFG[8]:                             remote = 163.172.41.50
VPN.CFG[9]:                             connection-type = static-key
VPN.CFG[10]:                            remote-random = no
VPN.CFG[11]:                            local-ip = 10.255.255.10

Sans doute ai-je configuré l’adresse IPv6 au mauvais endroit, je ne sais pas…

J’ai beau regarder, je ne vois pas d’adresse IPv6 dans la configuration de NM.
Par contre je vois ceci :

ipv6.method:                            ignore

Oui, une erreur de ma part, je n’ai pas donné le bon. Voici donc la configuration avec l’IPv6 :

[connection]
id=v2h
uuid=41973d35-cb9a-4129-81e5-a725f71f4baf
type=vpn
permissions=user:gilles:;

[vpn]
connection-type=static-key
dev=v2h
dev-type=tun
local-ip=10.255.255.10
mssfix=no
port=11002
proto-tcp=no
remote=163.172.41.50
remote-ip=10.255.255.9
remote-random=no
static-key=/home/gilles/.local/share/networkmanagement/certificates/v2h/secret.key
service-type=org.freedesktop.NetworkManager.openvpn

[ipv4]
dns=10.255.255.9;
dns-search=almtesh.net;
method=auto

[ipv6]
addr-gen-mode=stable-privacy
address1=2001:bc8:3335:ff02::1/64,2001:bc8:3335:ff02::
dns=2001:bc8:3335:ff02::;
dns-search=almtesh.net;
method=manual

ou telle que retournée par nmcli :

connection.id:                          v2h
connection.uuid:                        41973d35-cb9a-4129-81e5-a725f71f4baf
connection.stable-id:                   --
connection.interface-name:              --
connection.type:                        vpn
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (par défaut)
connection.timestamp:                   1501664295
connection.read-only:                   no
connection.permissions:                 user:gilles
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (par défaut)
connection.secondaries:
connection.gateway-ping-timeout:        0
connection.metered:                     inconnu
connection.lldp:                        -1 (default)
ipv4.method:                            auto
ipv4.dns:                               10.255.255.9
ipv4.dns-search:                        almtesh.net
ipv4.dns-options:                       (par défaut)
ipv4.dns-priority:                      0
ipv4.addresses:
ipv4.gateway:                           --
ipv4.routes:
ipv4.route-metric:                      -1
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-timeout:                      0
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.dad-timeout:                       -1 (par défaut)
ipv6.method:                            manual
ipv6.dns:                               2001:bc8:3335:ff02::
ipv6.dns-search:                        almtesh.net
ipv6.dns-options:                       (par défaut)
ipv6.dns-priority:                      0
ipv6.addresses:                         2001:bc8:3335:ff02::1/64
ipv6.gateway:                           2001:bc8:3335:ff02::
ipv6.routes:                            
ipv6.route-metric:                      -1
ipv6.ignore-auto-routes:                no
ipv6.ignore-auto-dns:                   no
ipv6.never-default:                     no
ipv6.may-fail:                          yes
ipv6.ip6-privacy:                       -1 (inconnu)
ipv6.addr-gen-mode:                     stable-privacy
ipv6.dhcp-send-hostname:                yes
ipv6.dhcp-hostname:                     --
ipv6.token:                             --
vpn.service-type:                       org.freedesktop.NetworkManager.openvpn
vpn.user-name:                          --
vpn.data:                               dev = v2h, dev-type = tun, mssfix = no, static-key = /home/gilles/.local/share/networkmanagement/certificates/v2h/secret.key, port = 11002, remote-ip = 10.255.255.9, proto-tcp = no, remote = 163.172.41.50, connection-type = static-key, remote-random = no, local-ip = 10.255.255.10
vpn.secrets:                            <hidden>
vpn.persistent:                         no
vpn.timeout:                            0
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
GENERAL.NOM:                            v2h
GENERAL.UUID:                           41973d35-cb9a-4129-81e5-a725f71f4baf
GENERAL.PÉRIPHÉRIQUES:                  eno1
GENERAL.ÉTAT:                           activé
GENERAL.PAR DÉFAUT:                     non
GENERAL.DEFAULT6:                       non
GENERAL.VPN:                            oui
GENERAL.ZONE:                           --
GENERAL.CHEMIN DBUS:                    /org/freedesktop/NetworkManager/ActiveConnection/6
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/5
GENERAL.SPEC-OBJECT:                    /org/freedesktop/NetworkManager/ActiveConnection/1
GENERAL.CHEMIN-MAÎTRE:                  /org/freedesktop/NetworkManager/Devices/2
IP4.ADRESSE[1]:                         10.255.255.10/32
IP4.PASSERELLE:                         --
IP4.DNS[1]:                             10.255.255.9
VPN.TYPE:                               openvpn
VPN.NOM D'UTILISATEUR:                  --
VPN.PASSERELLE:                         163.172.41.50
VPN.BANNIÈRE:                           --
VPN.ÉTAT-VPN:                           5 - VPN connecté
VPN.CFG[1]:                             dev = v2h
VPN.CFG[2]:                             dev-type = tun
VPN.CFG[3]:                             mssfix = no
VPN.CFG[4]:                             static-key = /home/gilles/.local/share/networkmanagement/certificates/v2h/secret.key
VPN.CFG[5]:                             port = 11002
VPN.CFG[6]:                             remote-ip = 10.255.255.9
VPN.CFG[7]:                             proto-tcp = no
VPN.CFG[8]:                             remote = 163.172.41.50
VPN.CFG[9]:                             connection-type = static-key
VPN.CFG[10]:                            remote-random = no
VPN.CFG[11]:                            local-ip = 10.255.255.10

Après, ce que je remarque, c’est que la configuration IPv6 n’est pas au même endroit que la configuration IPv4, mais je pense que c’est normal.

Depuis Stretch, j’ai des problèmes de ports, avant statiques, qui ne le sont plus et, bien sûr, qui se modifient à leur bon vouloir.
je ne sais pas s’il peut y avoir un rapport avec ton problème.