Hi, On Fri, Aug 06, 2021 at 12:50:44PM +0200, François Kooman wrote: > > On Fri, Aug 06, 2021 at 10:38:36AM +0200, François Kooman wrote: > >> However, it does not explain how it exactly would rewrite --server-ipv6 > >> fd42::/112 to those three statements. > >> > >> --ifconfig-ipv6 fd42::1/112 <????> > >> --ifconfig-ipv6-pool fd42::1000/112 > >> --push "tun-ipv6" > > > > This should work. And you can leave off the "push" bit :-) > > Ah right, that is implicit now (OpenVPN >= 2.4): "All tun devices on all > platforms are always considered to be IPv6 capable. The --tun-ipv6 > option is ignored (behaves like it is always on)."
Yep. This is a very old option, which we still push in case a very old
client connects. But it's really obsolete :-)
> > A random IP in that subnet, like "fd42::1/112 fd42::2" - this is a
> > somewhat unlucky artefact of the implementation of --ifconfig-ipv6,
> > which insists on having a "remote" even if that is not used in
> > many cases.
>
> Right, I'll set it to the same IP as the tun0 device itself, i.e.
> fd42::1 if it can be random anyway ;-)
In tun mode, that is fine. In TAP mode, you need a gateway for routes,
but on the *server*, this needs a proper gateway address ("this client's
IPv6 address") for routes to actually work, so it won't make a big
difference there either :-)
> > Without having tested it, I would agree that this is what it is.
> Actually I did test it now properly and it does work!
Now that was easy ;-)
And - thanks for prompting me to go look and clean up that code. I have
sent a patch to the list that removes the requirement for the second
parameter to --ifconfig-ipv6, and "it seems to still work for me".
(So, in tun mode, no visible difference, and in tap mode, it will then
refuse to install IPv6 routes unless --route-ipv6-gateway or a gateway
parameter for --route-ipv6 is set up -> works as designed)
@Antonio: on that one, I would really appreciate if you could do a
"full" review, with all the "route_ipv6_list" etc related code paths,
if I have overlooked a corner case.
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
