1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
|
Do 31. Dez 15:32:40 CET 2009 Gert Doering
* Basic IPv6 p2mp functionality implemented
* new options:
- server-ipv6
- ifconfig-ipv6
- ifconfig-ipv6-pool
- route-ipv6
- iroute-ipv6
* modules touched:
- init.c: init & setup IPv6 route list & add/delete IPv6 routes
- tun.c: add "ifconfig" and "route" handling for IPv6
- multi.c: IPv6 ifconfig-pool assignments
put to route-hash table
push to client
- pool.c: extend pools to handle IPv4+IPv6, and also return IPv6 address
IPv6 address saved to file if ifconfig-pool-persist is set
(but ignored on read due to the way pools work)
- mroute.c: handle reading src/dst addresses from IPv6 packets
(so multi.c can check against route-hash table)
handle printing of IPv6 mroute_addr structure
- helper.c: implement "server-ipv6" macro (->ifconfig-ipv6, pool, ...)
- options.c: implement all the new options
add helper functions for IPv6 address handling
- forward.c: tell do_route() about IPv6 routes
- route.c: handle IPv6 route lists + route option lists
extend add_routes() to do IPv4 + IPv6 route lists
extend delete_routes() to do IPv4 + IPv6 route lists
implement add_route_ipv6(), delete_route_ipv6() to call
system-dependend external program to do the work
- push.c: handle pushing of "ifconfig-ipv6" option
- socket.c: helper function to check & print IPv6 address strings
* known issues:
- operating system support on all but Linux (ifconfig, route)
- route-ipv6 gateway handling
- iroute-ipv6 not implemented
- TAP support: ifconfig, routing (route needs gateway!)
* release as patch 20091231-1
Thu Dec 31 17:02:08 CET 2009
* NetBSD port (NetBSD 3.1 on Sparc64)
* mroute.c, socket.c: make byte/word access to in6_addr more portable
* tun.c: fix IPv6 ifconfig arguments on NetBSD
still doesn't work on NetBSD 3.1, "ifconfig tun0 inet6..." errors with
ifconfig: SIOCAIFADDR: Address family not supported by protocol family
(sys/net/if_tun.c, needs to be revision 1.80 or later, NetBSD PR 32944,
included in NetBSD 4.0 and up)
Fri Jan 1 14:07:15 CET 2010
* FreeBSD port (FreeBSD 6.3-p12 on i386)
* tun.c: implement IPv6 ifconfig setting for FreeBSD
* route.c: fix %s/%s argument to IPv6 route add/delete command for *BSD
* TEST SUCCESS: FreeBSD 6.3-p12, server-ipv6, route-ipv6, ccd/iroute-ipv6
* multi.c: implement setting and deleting of iroute-ipv6
(multi_add_iroutes(), multi_del_iroutes())
* mroute.c: add mroute_helper_add_iroute6(), mroute_helper_del_iroute6()
* mroute.h: add prototypes, increase MR_HELPER_NET_LEN to 129 (/0.../128)
* multi.c: zeroize host part of IPv6 iroutes in multi_learn_in6_addr()
* mroute.c: implement mroute_addr_mask_host_bits() for IPv6
* TEST SUCCESS: Linux 2.6.30 (Gentoo)/iproute2, server-ipv6, ccd/iroute-ipv6
* TEST SUCCESS: Linux 2.6.30 (Gentoo)/ifconfig, client-ipv6
* TEST FAIL: NetBSD 5.0, IPv6 client
- "ifconfig tun0 .../64" does not create a "connected" route
- adding routes fails
--> more work to do here.
* release as patch 20100101-1
* TEST FAIL:
FreeBSD 6.3-p12 server "--topology subnet"
Linux/ifconfig client
- BSD sends ICMP6 neighbor solicitations, which are ignored by Linux
- server tun interface is not in p2p mode, client tun interface *is*
* TEST SUCCESS: non-ipv6 enabled client -> "--server-ipv6" server
(warnings in the log file, but no malfunctions)
Sat Jan 2 19:48:35 CET 2010
* tun.c: change "ipv6_support()", do not turn off tt->ipv6 unconditionally
if we don't know about OS IPv6 support - just log warning
* tun.c: implement "ifconfig inet6" setting for MacOS X / Darwin
* route.c: split *BSD system dependent part of add/delete_route_ipv6()
into FreeBSD/Dragonfly and NetBSD/Darwin/OpenBSD variants
("2001:db8::/64" vs. "2001:db8:: --prefixlen 64").
* tun.c: on MacOS X, NetBSD and OpenBSD, explicitely set on-link route
* TEST SUCCESS: MacOS X, client-ipv6 with route-ipv6
Sun Jan 3 10:55:31 CET 2010
* route.c: NetBSD fails with "-iface tun0", needs gateway address
(assume that the same syntax is needed for OpenBSD)
* route.h: introduce "remote_endpoint_ipv6" into "struct route_ipv6_list"
* init.c: pass "ifconfig_ipv6_remote" as gateway to init_route_ipv6_list()
* route.c:
- init_route_ipv6(): use "remote_endpoint_ipv6" as IPv6 gateway address
if no gateway was specified explicitely
- init_route_ipv6_list(): fill in "remote_endpoint_ipv6", if parseable
- get rid of "GATEWAY-LESS ROUTE6" warning
* route.c, add_route_ipv6()
- explicitely clear host bits of base address, to be able to more
easily set up "connected" /64 routes on NetBSD+Darwin
- split system-dependent part between Darwin and NetBSD/OpenBSD
(Darwin can use "-iface tun0", NetBSD/OpenBSD get gateway address)
- change Solaris comments from "known-broken" to "unknown"
* tun.c: rework NetBSD tunnel initialization and tun_read() / tun_write()
to work the same way OpenBSD and NetBSD do - tunnel is put into
"multi-af" mode, and all packet read/write activity is prepended by
a 32 bit value specifying the address family.
* TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6
* TEST SUCCESS: MacOS X 10.5: client-ipv6 with route-ipv6
* (RE-)TEST SUCCESS: Linux/iproute2: server-ipv6
Linux/ifconfig: client-ipv6
FreeBSD 6.3: server-ipv6
* release as patch 20100103-1
* options.c: document all new options in "--help"
* tun.c: fix typo in Solaris-specific section
* socket.h, socket.c: change u_int32_t to uint32_t
(Solaris - and all the rest of the code uses "uintNN" anyway)
Mon Jan 4 17:46:58 CET 2010
* socket.c: rework add_in6_addr() to use 32-bit access to struct in6_addr
(Solaris has no 16-bit values in union, but this is more elegant as well)
* tun.c: fix "ifconfig inet6" command for Solaris
* tun.c: make sure "tun0 inet6" is unplumbed first, cleanup leftovers
* route.c: add routes with "metric 0" on solaris, otherwise they just
don't work (someone who understands Solaris might want to fix this).
* Solaris "sort of" works now - ifconfig works, route add does not give
errors, "netstat -rn" looks right, but packets are discarded unless
the routes are installed with "metric 0". So we just use "metric 0"...
* CAVEAT: Solaris "ifconfig ... preferred" interferes with source address
selection. So if there are any active IPv6 interfaces configured with
"preferred", packets leaving out the tunnel will use the wrong source
IPv6 address. Not fixable from within OpenVPN.
* CAVEAT2: Solaris insists on doing DHCPv6 on tun0 interfaces by default,
so DHCPv6 solicitation packets will be seen. Since the server end has
no idea what to do with them, they are a harmless nuisance. Fixable
on the Solaris side via "ndpd.conf" (see ``man ifconfig'').
* release as patch 20100104-1
Fri Jan 8 10:00:50 CET 2010
* import into git repository
* options.c: add sanity checks for most typical error cases
(--ifconfig-ipv6-pool configured with no --ifconfig-ipv6, etc)
* options.c: modify get_ipv6_addr() to be more flexible about netbits
(optional now, default to /64) and to return the address-without-netbits
string now (-> for options that want the IPv6 address in printable
form, but without /nn)
* options.c: modify --ifconfig-ipv6 to optionally accept /netbits,
you can do now "ifconfig-ipv6 2001:df8::1/64 2001:df8::2" or just
"ifconfig-ipv6 2001:df8::5 2001:df8::7", defaulting to /64
* options.h: add necessary structure elements for --ifconfig-ipv6-push
* options.c: implement "parse options" side of --ifconfig-ipv6-push
Tue Jan 12 22:42:09 CET 2010
* tun.c: in TARGET_NETBSD #ifdef, distinguish between "old" code
(IPv4 only, but unmodified read/write) and "new" code (multi-af,
extra 32 bit AF on read/write of the tun interface) - pre-4.0
NetBSD systems don't have TUNSIFHEAD, no way to have common code.
* TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6 (v4+v6)
* TEST SUCCESS: NetBSD 3.1/Sparc64: client-ipv6 with route-ipv6 (v4-only)
Thu Jan 14 15:41:50 CET 2010
* multi.c: if "--ifconfig-push" is used together with "--ifconfig-ipv6-pool"
and no "--ifconfig-ipv6-push" is seen, issue warning - the current
implementation of pools has IPv6 tied to IPv4, so if v4 does not use
the pool, it breaks for IPv6. Not a *big* problem (since there is
enough v6, just give those users a static v6 address as well), but needs
to be pointed out clearly.
* release as patch 20100114-1
|
