Hi Gert! :-)
OpenVPN is using a single IPv6-socket set to "dual-stack mode", so we
send IPv4 packets in the v4-mapped format via the v6 socket.
This has triggered bugs in the kernel before (like, "--multihome" not
working in this case) because these code paths are not as well
excercised, thus not so well tested. And sometimes code had just not
been written yet for this special case.
I've guessed just that.
If I had time to do testing, I'd test this with an openvpn instance
bound to IPv4-only ("proto udp4"), and alternatively by turning on
--multihome - both change the way we talk to the socket interface
(IPv4-only socket, and using ancilliary data to the set source IP).
multihome is on. For testing I had to build a test environment.
Under normal conditions, neither should make any difference, but if this
triggers a kernel bug, it might...
Did you have a look at that kernel code? Maybe this will my first linux
kernel bug report?
Is there a way to circumvent this (like binding to every address
separately, like bind9 and ntpd do)?
Viele Grüße,
Frank
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
