On Jan 13, 2020, at 11:55 AM, Tobias Heider <tobias.hei...@stusta.de> wrote: > > Hi, > > iked by default blocks all IPv6 traffic on a host unless any > of the configured policies use v6. This was originally meant > as a measure to prevent VPN leakage for people who did not > think of IPv6 when configuring IPsec. With the -6 flag > set, iked does not install this IPv6 blocking flow. > > I think we should discuss whether we can remove the flow > (and the -6 flag) as I constantly hear people complaining > that it broke their setups and I don't think anyone > expects some seemingly unrelated program breaking IPv6.
Ah, THAT's why iked nuked IPv6 on my router when I enabled it. I am strongly in favor of this proposal, with the subsequent recommendations to make it a warning instead of an error. - Dave
