You can find ipv6-network and ipv6-prefix in ocserv’s sample.config:
# The IPv6 subnet that leases will be given from.
#ipv6-network = fc00::
#ipv6-prefix = 16
which means ocserv should be compatible with IPv6.
And, in AnyConnect for iOS, ipv6 can be found somewhere, seems ipv6 is also compatible here.
My VPN is hosted on Linode VPS. Linode provides free IPv6 address pool. Open a ticket and ask for an address pool, you’ll get your own pool routed to your VPS’s ipv6 address.
After that, set the ipv6-network and ipv6-prefix.
Ocserv 0.8.9 does not send correct headers to AnyConnect for iOS, but 0.9.0-dev does.
I can now get a correct ipv6 address on my iPhone but with no connectivity. As it’s said, X-CSTP-Split-Include/Exclude is not well handled by AnyConnect for IPv6 addresses.
After that, I tried the latest AnyConnect for OSX, you can download it here: http://dl.sskaje.me/anyconnect/4.0/4.0.00051/
IPv6 is also assigned to my MBP, also with route, but still not working.
The service provider inyour current location isrestricting access tothe Internet.You need tolog on with the service provider before you can establishaVPN session.You can trythisby visiting any website with your browser.
Apr215:25:04sskajetekiMacBook-Pro.local acvpnui:Function:showConnectError File:../../vpn/Api/ConnectMgr.cpp Line:5511Attempt toconnect failed when Agent detectedanetwork issue.
Apr215:25:04sskajetekiMacBook-Pro.local acvpnui:Message type error sent tothe user:The service provider inyour current location isrestricting access tothe Internet.You need tolog on with the service provider before you can establishaVPN session.You can trythisby visiting any website with your browser.
I saw someone said that AnyConnect 3.1 added extra certificate verification than 3.0, which makes 3.1 not compatible with ocserv.
The latest version of AnyConnect for iOS is 3.0.12119, but for PC/Mac 3.1.05182.
I tried to find clients of AnyConnect 3.0.11042/3.0.11046, only two can be found, and MD5 checksum are same no matter where I downloaded.
I tested the OSX one, the PKG file requires me change security level of application installing, it really works, the bad news is, there’s nowhere to choose client certificate but clicking allow/decline of private key usage.