On Wed, Oct 12, 2016 at 5:13 AM, Arne Schwabe <a...@rfc2549.org> wrote:
> This option was useful when Ipv6 tun support was
> non standard and was an internal/user specified flag
> that tracked the Ipv6 capability of the tun device.
> All supported OS support IPv6. Also tun-ipv6 is
> pushable by the remote so not putting tun-ipv6
> does not forbid ipv6 addresses.

How will this patch affect a VPN on a system that has IPv6 disabled?

To prevent information leakage, Tunnelblick has an option in tun mode
that forces the OS to disable IPv6 (via a "networksetup -setv6off" OS
X command.)

The information leakage when using IPv6 in a VPN is described in [1].
As of the date of the article (June 2015), the problem was common
among VPN service providers. The "disable IPv6" feature was added to
Tunnelblick because disabling IPv6 was the only way that a user of
such services could protect themselves. It isn't clear if all VPN
service providers have fixed their configurations yet (or will ever
fix their configurations).

Best regards,

Jon Bullard

[1] http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf

Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
Openvpn-devel mailing list

Reply via email to