diff options
| author | Arne Schwabe <arne@rfc2549.org> | 2014-01-03 15:49:40 +0100 |
|---|---|---|
| committer | Gert Doering <gert@greenie.muc.de> | 2014-01-03 16:01:12 +0100 |
| commit | 69e03f4cd4971c8748faa83be45c89694d4b7a51 (patch) | |
| tree | 50ccfaccaee9e3be3b7a32507e589242970f69b4 | |
| parent | 813aa55754c27bdae5380dce415497a574b47e1b (diff) | |
| download | openvpn-69e03f4cd4971c8748faa83be45c89694d4b7a51.tar.gz openvpn-69e03f4cd4971c8748faa83be45c89694d4b7a51.tar.xz openvpn-69e03f4cd4971c8748faa83be45c89694d4b7a51.zip | |
Update IPv6 related readme files
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1388760580-7548-1-git-send-email-arne@rfc2549.org>
URL: http://article.gmane.org/gmane.network.openvpn.devel/8167
Signed-off-by: Gert Doering <gert@greenie.muc.de>
| -rw-r--r-- | README.IPv6 | 27 | ||||
| -rw-r--r-- | TODO.IPv6 | 10 |
2 files changed, 17 insertions, 20 deletions
diff --git a/README.IPv6 b/README.IPv6 index 56c97ab..18068fe 100644 --- a/README.IPv6 +++ b/README.IPv6 @@ -35,31 +35,22 @@ over an IPv6 network ("OpenVPN over IPv6"). The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante, formerly located at http://github.com/jjo/openvpn-ipv6 +OpenVPN 2.4.0 includes a big overhaul of the IPv6 transport patches +originally implemented for the Android client (ics-openvpn) -Use the following options to select IPv6 transport: +IPv4/IPv6 transport is automatically is selected when resolving addresses. +Use a 6 or 4 suffix to force IPv6/IPv4: --proto udp6 + --proto tcp4 --proto tcp6-client - --proto tcp6-server + --proto tcp4-server --proto tcp6 --client / --proto tcp6 --server -On systems that permit IPv4 connections on IPv6 sockets (Linux by -default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by -running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can +On systems that allow IPv4 connections on IPv6 sockets +(all systems supporting IPV6_V6ONLY setsockopt), an OpenVPN server can handle IPv4 connections on the IPv6 socket as well, making it a true -dual-stacked server. +dual-stacked server. Use bind ipv6only to disable this behaviour. On other systems, as of 2.3.0, you need to run separate server instances for IPv4 and IPv6. - -The client side code is not really "dual-stacked" yet, as it does not -automatically try both address families when connecting to a dual-stacked -server. For now, you can achieve this with <connection> stanzas in your -openvpn config: - - <connection> - remote my.dual.stack.server 1194 udp6 - </connection> - <connection> - remote my.dual.stack.server 1194 udp - </connection> @@ -183,7 +183,7 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 TODO for IPv6 transport support ------------------------------- -[ Last updated: 10-Jun-2012. ] +[ Last updated: 2014-01-03. ] * All platforms: o mgmt console: as currently passes straight in_addr_t bits around @@ -191,19 +191,25 @@ TODO for IPv6 transport support o make possible to get AF from getaddrinfo() answer, ie allow openvpn to use ipv4/6 if DNS returns A/AAAA without specifying protocol. Hard: requires deep changes in initialization/calling logic + - Done by dual stack patches o use AI_PASSIVE + - Done by dual stack patches o the getaddr()/getaddr6() interface is not prepared for handling socktype "tagging", currently I abuse the sockflags bits for getting the ai_socktype downstream. + - Still done by flags, seems clean enough. o implement comparison for mapped addesses: server in dual stack listening IPv6 must permit incoming streams from allowed IPv4 peer, currently you need to pass eg: --remote ffff::1.2.3.4 - + - OpenVPN will compare all address of a remote + but will still fail on mapped addresses * win32: o find out about mapped addresses, as I can't make it work with bound at ::1 and connect to 127.0.0.1 + - Should be fixed by 8832c6c - "Implement listing on IPv4/IPv6 dual + socket on all platform" |