Hi. On Wed, Oct 12, 2016 at 5:13 AM, Arne Schwabe <a...@rfc2549.org> wrote: > > This option was useful when Ipv6 tun support was > non standard and was an internal/user specified flag > that tracked the Ipv6 capability of the tun device. > > All supported OS support IPv6. Also tun-ipv6 is > pushable by the remote so not putting tun-ipv6 > does not forbid ipv6 addresses.
How will this patch affect a VPN on a system that has IPv6 disabled? To prevent information leakage, Tunnelblick has an option in tun mode that forces the OS to disable IPv6 (via a "networksetup -setv6off" OS X command.) The information leakage when using IPv6 in a VPN is described in [1]. As of the date of the article (June 2015), the problem was common among VPN service providers. The "disable IPv6" feature was added to Tunnelblick because disabling IPv6 was the only way that a user of such services could protect themselves. It isn't clear if all VPN service providers have fixed their configurations yet (or will ever fix their configurations). Best regards, Jon Bullard [1] http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel