You can find ipv6-network and ipv6-prefix in ocserv’s sample.config:
# The IPv6 subnet that leases will be given from.
#ipv6-network = fc00::
#ipv6-prefix = 16
which means ocserv should be compatible with IPv6.
And, in AnyConnect for iOS, ipv6 can be found somewhere, seems ipv6 is also compatible here.
My VPN is hosted on Linode VPS. Linode provides free IPv6 address pool. Open a ticket and ask for an address pool, you’ll get your own pool routed to your VPS’s ipv6 address.
After that, set the ipv6-network and ipv6-prefix.
Ocserv 0.8.9 does not send correct headers to AnyConnect for iOS, but 0.9.0-dev does.
I can now get a correct ipv6 address on my iPhone but with no connectivity. As it’s said, X-CSTP-Split-Include/Exclude is not well handled by AnyConnect for IPv6 addresses.
After that, I tried the latest AnyConnect for OSX, you can download it here: http://dl.sskaje.me/anyconnect/4.0/4.0.00051/
IPv6 is also assigned to my MBP, also with route, but still not working.
The service provider inyour current location isrestricting access tothe Internet.You need tolog on with the service provider before you can establishaVPN session.You can trythisby visiting any website with your browser.
Apr215:25:04sskajetekiMacBook-Pro.local acvpnui:Function:showConnectError File:../../vpn/Api/ConnectMgr.cpp Line:5511Attempt toconnect failed when Agent detectedanetwork issue.
Apr215:25:04sskajetekiMacBook-Pro.local acvpnui:Message type error sent tothe user:The service provider inyour current location isrestricting access tothe Internet.You need tolog on with the service provider before you can establishaVPN session.You can trythisby visiting any website with your browser.
I saw someone said that AnyConnect 3.1 added extra certificate verification than 3.0, which makes 3.1 not compatible with ocserv.
The latest version of AnyConnect for iOS is 3.0.12119, but for PC/Mac 3.1.05182.
I tried to find clients of AnyConnect 3.0.11042/3.0.11046, only two can be found, and MD5 checksum are same no matter where I downloaded.
I tested the OSX one, the PKG file requires me change security level of application installing, it really works, the bad news is, there’s nowhere to choose client certificate but clicking allow/decline of private key usage.
I’m using 4G by China Mobile, but the DNS it provides really sucks. Changing DNS from Cellular Data on a not-jailbroken iPhone is impossible so far as I know (I tried mobileconfig but can find any working options).
The first idea is pushing DNS from a PPTP server, which I wrote: Notes: PPTP/L2TP Server on Ubuntu.
I can create two connections on my iOS, one set default route, one not. All users share a same setting from PPTPd, it’s almost impossible if I want to use a different DNS in these two connections, changing default pptp port from 1723 to others is not as easy as it is on windows.
Don’t forget that PPTP is what GF*W likes. Continue reading “OpenConnect DNS Only + Google Only” »