Am 12.10.16 um 13:17 schrieb Jonathan K. Bullard: > Hi. > > On Wed, Oct 12, 2016 at 5:13 AM, Arne Schwabe <a...@rfc2549.org> wrote: >> This option was useful when Ipv6 tun support was >> non standard and was an internal/user specified flag >> that tracked the Ipv6 capability of the tun device. >> >> All supported OS support IPv6. Also tun-ipv6 is >> pushable by the remote so not putting tun-ipv6 >> does not forbid ipv6 addresses. > How will this patch affect a VPN on a system that has IPv6 disabled? > > Short version: Fail as miserable as before.
tun-ipv6 is not saying "My OS can do IPv6" but more "My OS has the required calls to configure a IPv6 tun". It came from a time when configuring/sending IPv6 packets into a non IPv6 prepared tun screwed things ups. You might think that leaving out tun-ipv6 might fix your problem but tun-ipv6 is a pushable option and the server-ipv6 macro will push it, so you end up with tun-ipv6 without having it in the client config. You can do pull-filter tun-ipv6 or disable pulling all together but then again you can do also pull-filter ifconfig-ipv6 and pull-filter route-ipv6 which is a cleaner way then letting those commands fails (and probably also the connection attempt). The option really serves no good purposse anymore. If someone really wants a disable IPv6 option this option isn't it. Arne ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
