On 2018/07/03 13:42, Stefan Sperling wrote:
> On Tue, Jul 03, 2018 at 01:34:09PM +0200, David Dahlberg wrote:
> > Am Tuesday, den 03.07.2018, 13:29 +0200 schrieb Stefan Sperling:
> > > Not a bug. This behaviour is intentional and avoids VPN traffic
> > > leakage.
> > > See RFC 7359 and the iked(8) man page. Use the -6 option (risks
> > > leakage),
> >
> > Then sorry for the noise. I extensively seached for documentation of
> > this behaviour - apparently using the wrong keywords.
> >
> > Cheers,
> > David
> >
>
> I think the documentation could be improved.
>
> Would you be able to send a patch for the iked man page which
> explicitly mentions VPN traffic leakage and RFC 7359 (in the
> STANDARDS section, perhaps)?
>
It would easily be missed if only looking at iked.conf(5), but iked(8) seems
reasonably clear?
The options are as follows:
-6 Disable automatic blocking of IPv6 traffic. By default, iked blocks
any IPv6 traffic unless a flow for this address family has been
negotiated. This option is used to prevent VPN traffic leakages on
dual stack hosts.
