2011-08-12 00:00:57 +08:00
|
|
|
IPv6 payload support
|
|
|
|
|
--------------------
|
2010-01-07 21:51:40 +08:00
|
|
|
|
2011-08-12 00:00:57 +08:00
|
|
|
Latest IPv6 payload support code and documentation can be found from here:
|
2010-01-07 21:51:40 +08:00
|
|
|
|
|
|
|
|
http://www.greenie.net/ipv6/openvpn.html
|
|
|
|
|
|
2011-08-12 00:00:57 +08:00
|
|
|
For TODO list, see TODO.IPv6.
|
|
|
|
|
|
2010-01-07 21:51:40 +08:00
|
|
|
Gert Doering, 31.12.2009
|
2011-08-12 00:00:57 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
IPv6 transport support
|
|
|
|
|
----------------------
|
|
|
|
|
|
|
|
|
|
[ Last updated: 25-Mar-2011. ]
|
|
|
|
|
|
|
|
|
|
OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:
|
|
|
|
|
( --udp6 and --tcp6-{client,server} )
|
|
|
|
|
|
|
|
|
|
* Availability
|
|
|
|
|
Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6
|
|
|
|
|
|
|
|
|
|
Distro ready repos/packages:
|
|
|
|
|
o Debian sid official repo, by Alberto Gonzalez Iniesta,
|
|
|
|
|
starting from openvpn_2.1~rc20-2
|
|
|
|
|
o Gentoo official portage tree, by Marcel Pennewiss:
|
|
|
|
|
- https://bugs.gentoo.org/show_bug.cgi?id=287896
|
|
|
|
|
o Ubuntu package, by Bernhard Schmidt:
|
|
|
|
|
- https://launchpad.net/~berni/+archive/ipv6/+packages
|
|
|
|
|
o Freetz.org, milestone freetz-1.2
|
|
|
|
|
- http://trac.freetz.org/milestone/freetz-1.2
|
|
|
|
|
|
|
|
|
|
* Status:
|
|
|
|
|
o OK:
|
|
|
|
|
- upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1
|
|
|
|
|
- udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux
|
|
|
|
|
(gives a warning on local!=remote proto matching)
|
|
|
|
|
o NOT:
|
|
|
|
|
- win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused
|
|
|
|
|
o NOT tested:
|
|
|
|
|
- mgmt console
|
|
|
|
|
|
|
|
|
|
* Build setup:
|
|
|
|
|
./configure --enable-ipv6 (by default)
|
|
|
|
|
|
|
|
|
|
* Usage:
|
|
|
|
|
For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example
|
|
|
|
|
from man page ...
|
|
|
|
|
|
|
|
|
|
On may:
|
|
|
|
|
openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \
|
|
|
|
|
--ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key
|
|
|
|
|
|
|
|
|
|
On june:
|
|
|
|
|
openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \
|
|
|
|
|
--ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key
|
|
|
|
|
|
|
|
|
|
Same for --proto tcp6-client, tcp6-server.
|
|
|
|
|
|
|
|
|
|
* Main code changes summary:
|
|
|
|
|
- socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,
|
|
|
|
|
(here I omitted #ifdef USE_PF_xxxx, see socket.h )
|
|
|
|
|
|
|
|
|
|
struct openvpn_sockaddr {
|
|
|
|
|
union {
|
|
|
|
|
struct sockaddr sa;
|
|
|
|
|
struct sockaddr_in in;
|
|
|
|
|
struct sockaddr_in6 in6;
|
|
|
|
|
} addr;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct link_socket_addr
|
|
|
|
|
{
|
|
|
|
|
struct openvpn_sockaddr local;
|
|
|
|
|
struct openvpn_sockaddr remote;
|
|
|
|
|
struct openvpn_sockaddr actual;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc
|
|
|
|
|
(also local.pi.in and local.pi.in6)
|
|
|
|
|
|
|
|
|
|
- several function prototypes moved from sockaddr_in to openvpn_sockaddr
|
|
|
|
|
- several new sockaddr functions needed to "generalize" AF_xxxx operations:
|
|
|
|
|
addr_copy(), addr_zero(), ...etc
|
|
|
|
|
proto_is_udp(), proto_is_dgram(), proto_is_net()
|
|
|
|
|
|
|
|
|
|
* For TODO list, see TODO.IPv6
|
|
|
|
|
|
|
|
|
|
--
|
|
|
|
|
JuanJo Ciarlante jjo () google () com ............................
|
|
|
|
|
: :
|
|
|
|
|
. Linux IP Aliasing author .
|
|
|
|
|
. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .
|
|
|
|
|
. OpenVPN over IPv6 support .
|
|
|
|
|
:...... plus other scattered free software bits in the wild ...:
|
