On Wed, Oct 23, 2019 at 2:23 AM Leendert van Doorn <leendert@xxxxxxxxxxxxxx> wrote: > > I wanted to let this list know some of my observations with getting IPv6 to work on my iPhone with Anyconnect and an ocserv server. I noticed some much older threads on this list but no one got it working as far as I can tell. > > I have a personal IPv6 environment where I run ocserv and I hand out iPv6 (and IPv4) addresses to my VPN clients. With CISCO's anyconnect client on my Windows system things work fine. It properly sets things up and installs a default IPv6 route. > > On my iPhone anyconnect client, it gets an IPv6 address and a default route (::/0) but no IPv6 packets are routed. While the app states full tunnel mode for IPv6, nothing happens. > > However, when I force a route to the IPv6 unicast space with a split route by adding a custom header to my ocserv.conf > > custom-header = "X-CSTP-Split-Include-IP6: 2000::/3" > > things work fine. I had to use the custom header because ocserv doesn't send routes to non-openconnect clients. > > I'm puzzled why the iPhone client and the Windows client behave differently because they do seem to share quite a lot of code. Is there something we can do on the ocserv side to improve that? Should if we send the routes to the mobile client would it work? Would you like to propose a patch? regards, Nikos _______________________________________________ openconnect-devel mailing list openconnect-devel@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/openconnect-devel
