This option was useful when Ipv6 tun support was non standard and was an
internal/user specified flag that tracked the Ipv6 capability of the tun device.
All supported OS support IPv6. Also tun-ipv6 is pushable by the remote so not
putting tun-ipv6 does not forbid ipv6 addresses.
This commit also clean up a bit of the ipv6 related tun.c. Changes for most
platforms are minimal.
For linux a bit more cleanup is done:
- Remove compatibility defines that were added 2008
- Always use IFF_NO_PI for the linux tun and not only for IPv4 only tun setups
(Android also always IFF_NO_PI works fine with Ipv6).
This commit also remove a non ipv6 fallback for tap driver from OpenVPN
2.2-beta or earlier and only warns.
Patch V2: Integrate Gert's comments
Patch V3: Remove tun_ipv4 option. It only used for MTU discovery and there it
was wrong since it should on the transport protocol if at all
Patch V4: Completely remove support for NetBSD <= 4.0 and remove
NETBSD_MULTI_AF defines
Patch V5: Assume generic OS in tun.c is also IPv6 capable. Add changes to man
page. Fix typos/change message as suggest by David.
---
Changes.rst | 4 ++
doc/openvpn.8 | 21 ++-
src/openvpn/forward.c | 2 +-
src/openvpn/helper.c | 2 -
src/openvpn/init.c| 6 --
src/openvpn/multi.c | 8 +--
src/openvpn/openvpn.h | 5 --
src/openvpn/options.c | 13 +---
src/openvpn/options.h | 1 -
src/openvpn/route.c | 14 ++---
src/openvpn/tun.c | 160 +-
src/openvpn/tun.h | 2 -
12 files changed, 47 insertions(+), 191 deletions(-)
diff --git a/Changes.rst b/Changes.rst
index 9fcba75..27dc99e 100644
--- a/Changes.rst
+++ b/Changes.rst
@@ -135,6 +135,10 @@ User-visible Changes
ciphers configured in the config file. Use --ncp-disable if you don't want
that.
+- All tun devices on all platforms are always considered to be IPv6
+ capable. The --tun-ipv6 option is ignored (behaves like it is always
+ on).
+
Maintainer-visible changes
--
diff --git a/doc/openvpn.8 b/doc/openvpn.8
index 1c341ae..2e58f33 100644
--- a/doc/openvpn.8
+++ b/doc/openvpn.8
@@ -797,18 +797,6 @@ changes the interpretation of the arguments of
to mean "address netmask", no longer "local remote".
.\"*
.TP
-.B \-\-tun\-ipv6
-Build a tun link capable of forwarding IPv6 traffic.
-Should be used in conjunction with
-.B \-\-dev tun
-or
-.B \-\-dev tunX.
-A warning will be displayed
-if no specific IPv6 TUN support for your OS has been compiled into OpenVPN.
-
-See below for further IPv6-related configuration options.
-.\"*
-.TP
.B \-\-dev\-node node
Explicitly set the device node rather than using
/dev/net/tun, /dev/tun, /dev/tap, etc. If OpenVPN
@@ -3600,7 +3588,7 @@ Clients that connect with options that are incompatible
with those of the server will be disconnected.
Options that will be compared for compatibility include
-dev\-type, link\-mtu, tun\-mtu, proto, tun\-ipv6, ifconfig,
+dev\-type, link\-mtu, tun\-mtu, proto, ifconfig,
comp\-lzo, fragment, keydir, cipher, auth, keysize, secret,
no\-replay, no\-iv, tls\-auth, key\-method, tls\-server, and tls\-client.
@@ -5870,10 +5858,13 @@ is used.
.B \-\-server\-ipv6 ipv6addr/bits
convenience-function to enable a number of IPv6 related options at
once, namely
-.B \-\-ifconfig\-ipv6, \-\-ifconfig\-ipv6\-pool, \-\-tun\-ipv6
+.B \-\-ifconfig\-ipv6, \-\-ifconfig\-ipv6\-pool
and
.B \-\-push tun\-ipv6
-Is only accepted if ``\-\-mode server'' or ``\-\-server'' is set.
+Is only accepted if ``\-\-mode server'' or ``\-\-server'' is set. Pushing of
the
+.B \-\-tun\-ipv6
+directive is done for older clients which require an explicit
+``\-\-tun\-ipv6'' in their configuration.
.TP
.B \-\-ifconfig\-ipv6\-pool ipv6addr/bits
Specify an IPv6 address pool for dynamic assignment to clients. The
diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 6c11439..b3077ed 100644
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -391,7 +391,7 @@ check_fragment_dowork (struct context *c)
struct link_socket_info *lsi = get_link_socket_info (c);
/* OS MTU Hint? */
- if (lsi->mtu_changed && c->c2.ipv4_tun)
+ if (lsi->mtu_changed)
{
frame_adjust_path_mtu (&c->c2.frame_fragment, c->c2.link_socket->mtu,
c->options.ce.proto);
diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c
index 62f88ec..229523d 100644
--- a/src/openvpn/helper.c
+++ b/src/openvpn/helper.c
@@ -200,8 +200,6 @@ helper_client_server (struct options *o)
add_in6_addr( o->server_network_ipv6, 0x1000 );
o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6;
- o->tun_ipv6 = true;
-
push_option( o, "tun-ipv6", M_USAGE );
}
diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index cc8e945..73f8c6d 100644
--- a/src/openv