Framed-IPv6-Prefix

Description of problem:

IPv6 split routes supplied by RADIUS using Framed-IPv6-Prefix do not appear to be applied to the user session.

Version of ocserv used:

ocserv 1.4.1

Client used:

Not client-specific. Reproduced/observed with a standard AnyConnect/OpenConnect-compatible VPN session.

Distributor of ocserv

Built from upstream ocserv 1.4.1 source.

How reproducible:

Seems reproducible when IPv6 routes are supplied by RADIUS using Framed-IPv6-Prefix.

Describe the steps to reproduce the issue:

  1. Configure ocserv to use RADIUS authentication.

  2. Configure the RADIUS server to return an IPv6 route using Framed-IPv6-Prefix, for example:
     Framed-IPv6-Prefix = 2001:db8:1234::/64

  3. Connect a VPN client and check the routes assigned to the user session.

Actual results:

The IPv6 split route from Framed-IPv6-Prefix does not appear to be added to the user session.

Expected results:

The IPv6 prefix supplied by RADIUS should be converted to a route and added to the user session, for example: 2001:db8:1234::/64

Edited Apr 27, 2026 by Alex Protsko