Apparently, `netsh interface ipv6 set address ...` defaults to using a subnet of /64, and therefore adds an onlink route of that size.
When using a tun tunnel, the tap adapter only replies to neighbor
discovery packets for fe80::8. This leads to the unfortunate situation
where all the hosts in the /64 are not reachable.
This patch fixes that situation by specifying a /128 netmask, as the real
route is added afterwards, via the gateway.
---
src/openvpn/tun.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
index 599fd817..8b054c80 100644
--- a/src/openvpn/tun.c
+++ b/src/openvpn/tun.c
@@ -982,15 +982,15 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname,
int tun_mtu,
else
{
/* example: netsh interface ipv6 set address interface=42
- * 2001:608:8003::d store=active
+ * 2001:608:8003::d/128 store=active
*/
char iface[64];
openvpn_snprintf(iface, sizeof(iface), "interface=%lu",
tt->adapter_index);
- argv_printf(&argv, "%s%sc interface ipv6 set address %s %s
store=active",
+ argv_printf(&argv, "%s%sc interface ipv6 set address %s %s/%d
store=active",
get_win_sys_path(), NETSH_PATH_SUFFIX, iface,
- ifconfig_ipv6_local);
+ ifconfig_ipv6_local, 128);
netsh_command(&argv, 4, M_FATAL);
/* set ipv6 dns servers if any are specified */
netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len, ifname);
--
2.20.1
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
