On Wed, Jan 15, 2020 at 07:41:46PM +, Stuart Henderson wrote:
> On 2020/01/14 21:48, Stuart Henderson wrote:
> > > while ((c = getopt(argc, argv, "6dD:nf:vSTt")) != -1) {
> > > switch (c) {
> > > case '6':
> > > - opts |= IKED_OPT_NOIPV6BLOCKING;
> > > +
I strongly agree that we should avoid use of the word 'deprecated'
towards the public. People interpret what it means differently,
so try to be EXACT.
'deprecated' is our choice to make the change, but 'ignored' is
the result of that decision upon the people.
Stuart Henderson wrote:
> On 2020/
On 2020/01/14 21:48, Stuart Henderson wrote:
> > while ((c = getopt(argc, argv, "6dD:nf:vSTt")) != -1) {
> > switch (c) {
> > case '6':
> > - opts |= IKED_OPT_NOIPV6BLOCKING;
> > + log_warnx("the -6 option is deprecated and will be "
>
On 2020/01/14 21:48, Stuart Henderson wrote:
> On 2020/01/14 21:03, Tobias Heider wrote:
> > On Tue, Jan 14, 2020 at 09:17:11AM -0700, Theo de Raadt wrote:
> > > Stuart Henderson wrote:
> > >
> > > > On 2020/01/13 20:51, Klemens Nanni wrote:
> > > > > I'm in favour of removing the option and OK w
On 2020/01/14 21:03, Tobias Heider wrote:
> On Tue, Jan 14, 2020 at 09:17:11AM -0700, Theo de Raadt wrote:
> > Stuart Henderson wrote:
> >
> > > On 2020/01/13 20:51, Klemens Nanni wrote:
> > > > I'm in favour of removing the option and OK with your diff, but simply
> > > > removing it is probably
On Tue, Jan 14, 2020 at 09:03:04PM +0100, Tobias Heider wrote:
> Makes sense. I added a warning and a notice in current.html.
OK kn
On Tue, Jan 14, 2020 at 09:17:11AM -0700, Theo de Raadt wrote:
> Stuart Henderson wrote:
>
> > On 2020/01/13 20:51, Klemens Nanni wrote:
> > > I'm in favour of removing the option and OK with your diff, but simply
> > > removing it is probably a bad idea given its nature.
> > >
> > > What about
On Jan 13, 2020, at 11:55 AM, Tobias Heider wrote:
>
> Hi,
>
> iked by default blocks all IPv6 traffic on a host unless any
> of the configured policies use v6. This was originally meant
> as a measure to prevent VPN leakage for people who did not
> think of IPv6 when configuring IPsec. With t
Stuart Henderson wrote:
> On 2020/01/13 20:51, Klemens Nanni wrote:
> > I'm in favour of removing the option and OK with your diff, but simply
> > removing it is probably a bad idea given its nature.
> >
> > What about printing a deprecation warning so that users can safely
> > adjust their rcct
On 2020/01/13 23:31, Sebastian Benoit wrote:
> Alexander Bluhm(alexander.bl...@gmx.net) on 2020.01.13 18:19:31 +0100:
> > On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> > > I think we should discuss whether we can remove the flow
> > > (and the -6 flag) as I constantly hear people
Alexander Bluhm(alexander.bl...@gmx.net) on 2020.01.13 18:19:31 +0100:
> On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> > I think we should discuss whether we can remove the flow
> > (and the -6 flag) as I constantly hear people complaining
> > that it broke their setups and I don
On 2020/01/13 18:19, Alexander Bluhm wrote:
> On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> > I think we should discuss whether we can remove the flow
> > (and the -6 flag) as I constantly hear people complaining
> > that it broke their setups and I don't think anyone
> > expects
We use the -6 option and I agree with deprecating it for one OpenBSD
release instead.
Especially now with sysupgrade(8), after upgrading our remote servers, our
site-to-site VPN wouldn't come back up after upgrade.
On Mon, Jan 13, 2020 at 12:58 PM Klemens Nanni wrote:
> On Mon, Jan 13, 2020 at
On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> iked by default blocks all IPv6 traffic on a host unless any
> of the configured policies use v6. This was originally meant
> as a measure to prevent VPN leakage for people who did not
> think of IPv6 when configuring IPsec. With th
On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote:
> I think we should discuss whether we can remove the flow
> (and the -6 flag) as I constantly hear people complaining
> that it broke their setups and I don't think anyone
> expects some seemingly unrelated program breaking IPv6.
A mi
Hi,
iked by default blocks all IPv6 traffic on a host unless any
of the configured policies use v6. This was originally meant
as a measure to prevent VPN leakage for people who did not
think of IPv6 when configuring IPsec. With the -6 flag
set, iked does not install this IPv6 blocking flow.
I t
16 matches
Mail list logo
