summaryrefslogtreecommitdiff
path: root/openvpn/README.IPv6
blob: d504f4ff801ffbcae5dfe4a4b6a28e0e4565ca31 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
IPv6 payload support
--------------------

Latest IPv6 payload support code and documentation can be found from here:

  http://www.greenie.net/ipv6/openvpn.html

For TODO list, see TODO.IPv6.

Gert Doering, 31.12.2009



IPv6 transport support
----------------------

[ Last updated: 25-Mar-2011. ]

OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:
( --udp6 and --tcp6-{client,server} )

* Availability
  Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6

  Distro ready repos/packages:
  o Debian sid official repo, by Alberto Gonzalez Iniesta,
    starting from openvpn_2.1~rc20-2
  o Gentoo official portage tree, by Marcel Pennewiss:
    - https://bugs.gentoo.org/show_bug.cgi?id=287896
  o Ubuntu package, by Bernhard Schmidt:
    - https://launchpad.net/~berni/+archive/ipv6/+packages
  o Freetz.org, milestone freetz-1.2
    - http://trac.freetz.org/milestone/freetz-1.2

* Status:
  o OK:
    - upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1
    - udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux
      (gives a warning on local!=remote proto matching)
  o NOT:
    - win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused
  o NOT tested:
    - mgmt console

* Build setup:
  ./configure --enable-ipv6        (by default)

* Usage:
  For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example
  from man page ...

  On may:
    openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \
      --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key

  On june:
    openvpn --proto udp6 --remote <may_IPv6_addr>  --dev tun1 \
      --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key

  Same for --proto tcp6-client, tcp6-server.

* Main code changes summary:
  - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,
    (here I omitted #ifdef USE_PF_xxxx, see socket.h )

    struct openvpn_sockaddr {
	union {
		struct sockaddr sa;
		struct sockaddr_in in;
		struct sockaddr_in6 in6;
	} addr;
    };

    struct link_socket_addr
    {
            struct openvpn_sockaddr local;
            struct openvpn_sockaddr remote;
            struct openvpn_sockaddr actual;
    };

    PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc
    (also local.pi.in and local.pi.in6)

  - several function prototypes moved from sockaddr_in to openvpn_sockaddr
  - several new sockaddr functions needed to "generalize" AF_xxxx operations:
    addr_copy(), addr_zero(), ...etc
    proto_is_udp(), proto_is_dgram(), proto_is_net()

* For TODO list, see TODO.IPv6

--
JuanJo Ciarlante   jjo () google () com ............................
:                                                                  :
.                                         Linux IP Aliasing author .
.   Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .
.                                        OpenVPN over IPv6 support .
:......     plus other scattered free software bits in the wild ...: