Hello, Any news on this issue?
Samuel Samuel Thibault, le Mon 27 May 2013 22:05:19 +0200, a écrit : > Gert Doering, le Mon 27 May 2013 09:25:12 +0200, a écrit : > > On Mon, May 27, 2013 at 12:36:39AM +0200, Samuel Thibault wrote: > > > Gert Doering, le Sat 25 May 2013 13:58:19 +0200, a écrit : > > > > > To make it short: yes, the ipv6 pool environment variables are useful, > > > > > for user-defined scripts to be run at connection for instance to > > > > > propagate routes, do accounting, etc. The patch below adds them. > > > > > > > > You keep claiming that "yes it's useful". The lack of feedback on the > > > > list is partly due to the "To make it short" part of your mail... > > > > > > Ok. I was simply wondering whether it had perhaps got somehow dropped > > > without reason. > > > > > > As I mentioned too briefly, the reason we need it is the same as for the > > > IPv4 case: to announce the route to our bird daemon on connection, and > > > drop it on disconnection. > > > > Mmmmh. Trying to understand this: so you're not using a common /64 for > > the tun addresses (= the ifconfig-ipv6-pool), > > We are, but, > > > which is then announced on-demand by bird? > > we need to announce it on-demand by bird, because we plan to possibly > have several servers. Actually we also add the routes because we already > have several openvpn daemons, because we have to let people connect > through either udp and tcp, depending on the wild area they happen to > have landed on. So we need to tell the kernel which tun (i.e. which > openvpn daemon) to push paquets to. > > > Have you looked at the learn-address script? I use something similar > > at a customer (adding and removing proxy-arp entries on client connect) > > and learn-address does all I need just fine... > > That could do it yes, however, > > > Well, learn-address is run on disconnect, but not "right away" - true, > > so having it in disconnect is useful. > > yes. The rather random delay hurts by preventing from reconnecting > immediately (either to the same daemon, or to another one or even > another server), which is a pain when trying to set up the VPN in a wild > area :) > > > I wonder whether we should also export iroute-ipv6 settings, as that would > > enable on-demand routing of more than a single IPv6 address. > > Actually in our case iroute is fed by radiusplugin, which happens to > also already add the route for us, so we didn't have to add that one. > But it could be better to have radiusplugin just pass iroute to openvpn, > and let the userscript add the route if needed.
