mirror of
https://github.com/OpenVPN/openvpn.git
synced 2024-09-20 03:52:28 +02:00
0b6f1912fc
(cherry picked from commit ea382a1d550ac100d27c8118777e3160c85d06d2)
72 lines
2.7 KiB
Plaintext
72 lines
2.7 KiB
Plaintext
known issues for IPv6 payload support in OpenVPN
|
|
-----------------------------------------------
|
|
|
|
1.) "--topology subnet" doesn't work together with IPv6 payload
|
|
(verified for FreeBSD server, Linux/ifconfig client, problems
|
|
with ICMP6 neighbor solicitations from BSD not being answered by Linux)
|
|
|
|
2.) NetBSD IPv6 support doesn't work
|
|
("connected" route is not auto-created, "route-ipv6" adding fails)
|
|
|
|
* fixed, 3.1.10 *
|
|
|
|
3.) route deletion for IPv6 routes is not yet done
|
|
|
|
* fixed for configured routes, 3.1.10 *
|
|
* missing for manual-ifconfig-connected (NetBSD, Darwin)
|
|
|
|
4.) do "ifconfig tun0 inet6 unplumb" or "ifconfig tun0 destroy" for
|
|
Solaris, *BSD, ... at program termination time, to clean up leftovers
|
|
(unless tunnel persistance is desired).
|
|
|
|
For Solaris, only the "ipv6 tun0" is affected, for the *BSDs all tun0
|
|
stay around.
|
|
|
|
4a.) deconfigure IPv6 on tun interface on session termination, otherwise
|
|
one could end up with something like this (on NetBSD):
|
|
|
|
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
|
|
inet 10.9.0.18 -> 10.9.0.17 netmask 0xffffffff
|
|
inet6 fe80::a00:20ff:fece:d299%tun0 -> prefixlen 64 scopeid 0x3
|
|
inet6 2001:608:4:eff::2000:3 -> prefixlen 64
|
|
inet6 2001:608:4:eff::1:3 -> prefixlen 64
|
|
|
|
(pool was changed, previous address still active on tun0, breakage)
|
|
|
|
5.) add new option "ifconfig-ipv6-push"
|
|
(per-client static IPv6 assignment, -> radiusplugin, etc)
|
|
|
|
6.) add new option "route-ipv6-gateway"
|
|
|
|
7.) add "full" gateway handling for IPv6 in route.c
|
|
(right now, the routes are just sent down the tun interface, if the
|
|
operating system in questions supports that, without care for the
|
|
gateway address - which does not work for gateways that are supposed
|
|
to point elsewhere. Also, it doesn't work for TAP interfaces.
|
|
|
|
8.) full IPv6 support for TAP interfaces
|
|
(main issue should be routes+gateway - and testing :-) )
|
|
|
|
9.) verify that iroute-ipv6 and route-ipv6 interact in the same way as
|
|
documented for iroute/route:
|
|
|
|
A's subnet, OpenVPN must push this route to all clients
|
|
EXCEPT for A, since the subnet is already owned by A.
|
|
OpenVPN accomplishes this by not
|
|
not pushing a route to a client
|
|
if it matches one of the client's iroutes.
|
|
|
|
10.) extend "ifconfig-ipv6" to handle specification of /netbits, pushing
|
|
of /netbits, and correctly ifconfig'ing this
|
|
(default, if not specified: /64)
|
|
|
|
11.) do not add ipv6-routes if tun-ipv6 is not set - complain instead
|
|
|
|
* done * 12.1.10
|
|
|
|
12.) handle incoming [::] and [fe80:...] packets in tun-p2mp MULTI mode
|
|
(most likely those are DAD packets)
|
|
silently ignore DAD?
|
|
Or accept-and-forward iff (multicast && client2client)?
|
|
handle NS/NA
|