summaryrefslogtreecommitdiff
path: root/openvpn/README.IPv6
diff options
context:
space:
mode:
Diffstat (limited to 'openvpn/README.IPv6')
-rw-r--r--openvpn/README.IPv6138
1 files changed, 53 insertions, 85 deletions
diff --git a/openvpn/README.IPv6 b/openvpn/README.IPv6
index d504f4ff..56c97abb 100644
--- a/openvpn/README.IPv6
+++ b/openvpn/README.IPv6
@@ -1,97 +1,65 @@
+Since 2.3.0, OpenVPN officially supports IPv6, and all widely used
+patches floating around for older versions have been integrated.
+
IPv6 payload support
--------------------
-Latest IPv6 payload support code and documentation can be found from here:
+This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration
+on the client, and support for IPv6 configuration on the tun/tap interface
+from within the openvpn config.
+
+The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering,
+formerly located at http://www.greenie.net/ipv6/openvpn.html
+
- http://www.greenie.net/ipv6/openvpn.html
+The following options have been added to handle IPv6 configuration,
+analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.)
-For TODO list, see TODO.IPv6.
+ - server-ipv6
+ - ifconfig-ipv6
+ - ifconfig-ipv6-pool
+ - ifconfig-ipv6-push
+ - route-ipv6
+ - iroute-ipv6
-Gert Doering, 31.12.2009
+see "man openvpn" for details how they are used.
IPv6 transport support
----------------------
-[ Last updated: 25-Mar-2011. ]
-
-OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:
-( --udp6 and --tcp6-{client,server} )
-
-* Availability
- Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6
-
- Distro ready repos/packages:
- o Debian sid official repo, by Alberto Gonzalez Iniesta,
- starting from openvpn_2.1~rc20-2
- o Gentoo official portage tree, by Marcel Pennewiss:
- - https://bugs.gentoo.org/show_bug.cgi?id=287896
- o Ubuntu package, by Bernhard Schmidt:
- - https://launchpad.net/~berni/+archive/ipv6/+packages
- o Freetz.org, milestone freetz-1.2
- - http://trac.freetz.org/milestone/freetz-1.2
-
-* Status:
- o OK:
- - upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1
- - udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux
- (gives a warning on local!=remote proto matching)
- o NOT:
- - win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused
- o NOT tested:
- - mgmt console
-
-* Build setup:
- ./configure --enable-ipv6 (by default)
-
-* Usage:
- For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example
- from man page ...
-
- On may:
- openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \
- --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key
-
- On june:
- openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \
- --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key
-
- Same for --proto tcp6-client, tcp6-server.
-
-* Main code changes summary:
- - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,
- (here I omitted #ifdef USE_PF_xxxx, see socket.h )
-
- struct openvpn_sockaddr {
- union {
- struct sockaddr sa;
- struct sockaddr_in in;
- struct sockaddr_in6 in6;
- } addr;
- };
-
- struct link_socket_addr
- {
- struct openvpn_sockaddr local;
- struct openvpn_sockaddr remote;
- struct openvpn_sockaddr actual;
- };
-
- PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc
- (also local.pi.in and local.pi.in6)
-
- - several function prototypes moved from sockaddr_in to openvpn_sockaddr
- - several new sockaddr functions needed to "generalize" AF_xxxx operations:
- addr_copy(), addr_zero(), ...etc
- proto_is_udp(), proto_is_dgram(), proto_is_net()
-
-* For TODO list, see TODO.IPv6
-
---
-JuanJo Ciarlante jjo () google () com ............................
-: :
-. Linux IP Aliasing author .
-. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .
-. OpenVPN over IPv6 support .
-:...... plus other scattered free software bits in the wild ...:
+This is to enable OpenVPN peers or client/servers to talk to each other
+over an IPv6 network ("OpenVPN over IPv6").
+
+The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
+formerly located at http://github.com/jjo/openvpn-ipv6
+
+
+Use the following options to select IPv6 transport:
+
+ --proto udp6
+ --proto tcp6-client
+ --proto tcp6-server
+ --proto tcp6 --client / --proto tcp6 --server
+
+On systems that permit IPv4 connections on IPv6 sockets (Linux by
+default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by
+running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can
+handle IPv4 connections on the IPv6 socket as well, making it a true
+dual-stacked server.
+
+On other systems, as of 2.3.0, you need to run separate server instances
+for IPv4 and IPv6.
+
+The client side code is not really "dual-stacked" yet, as it does not
+automatically try both address families when connecting to a dual-stacked
+server. For now, you can achieve this with <connection> stanzas in your
+openvpn config:
+
+ <connection>
+ remote my.dual.stack.server 1194 udp6
+ </connection>
+ <connection>
+ remote my.dual.stack.server 1194 udp
+ </connection>