Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi Gert > Sent: Saturday, April 30, 2022 at 10:14 PM > From: "Gert Doering" > To: "Stella Ashburne" > Cc: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added to > my connection? > > If you compare the log before/after closely, you can see that most of > the routers have not been installed. > Thank you for telling me that. I really appreciate it. Best regards. Stella ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi Gert > Sent: Saturday, April 30, 2022 at 2:13 AM > From: "Gert Doering" > To: "Jordan Hayes" > Cc: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added to > my connection? > > *I* have spent very much time to implement and improve the IPv6 support > (*and* to provide the tools to ignore server-pushed options, if someone > would bother to read the manuals) Your contributions to the development of OpenVPN cannot be overestimated. I really thank you from the bottom of my heart. > - and it pains me if people spread the > lore that "disabling IPv6 is a good way forward". > > OpenVPN developers are human and they are unable to foresee some unexpected security vulnerabilities. A good case in point is the VORACLE attack (https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/) > Half of the "you need to disable IPv6 to achieve..." is bullshit, and the > other half is misunderstood lore. > > Like, "with IPv6 in my VPN I can be tracked" - no, you can't, All VPN vendors/providers which are serious about security and privacy will invariably advise their customers to disable IPv6 support in Linux or to configure Microsoft Windows in such a way that IPv4 is preferred to IPv6. These serious VPN vendors/providers have been in the business for more than a decade and they do know what they are saying when they give such advice. You may be surprised that some of them may be contributors to the development of OpenVPN. > > There is reliable measurement data that performance from mobile networks > to dual-stacked servers is *better* using IPv6 than using IPv4, due to > the avoidance of CGNAT boxes, leading to better routing and less issues > due to CGNAT state overflow. > Thanks for this piece of information. What is the source of this "reliable measurement data"? However, in my opinion, performance cannot and should not trump security. Below is the quote from "VORACLE Attack Can Recover HTTP Data From VPN Connections" (https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/) [quote] But despite this, the OpenVPN project did not modify its default setting of compressing data before encrypting it as part of the VPN tunnel. This is because compressing data before the TLS encryption has performance benefits and a good reason why most VPN services/clients will continue to use this option. [end quote] If the above quote is factually correct, it shows that the folks at OpenVPN prioritize performance over security, which is a big NO for me. Best regards. Stella P.S.: This is off-topic but I hope you can satisfy my curiosity. What do you think of The Tor Project? Would you contribute to the project if you had the time? ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi, On Sat, Apr 30, 2022 at 02:47:53PM +0200, Stella Ashburne wrote: > It appears that the option, pull-filter ignore route-ipv6, fails to prevent > IPv6 routes from being added based on the following lines in the connection > log: If you compare the log before/after closely, you can see that most of the routers have not been installed. > add_route_ipv6(fdda:d0d0:cafe:443::/64 -> fdda:d0d0:cafe:443::1001 metric 0) > dev OpenVPN TAP-Windows6 This is the "connected subnet" route, which comes from "ifconfig-ipv6", not from "route-ipv6". gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Sent with ProtonMail secure email. --- Original Message --- On Saturday, April 30th, 2022 at 13:47, Stella Ashburne wrote: > Hi > > Thanks for your tip. > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > Hi, > > > > Sent with ProtonMail secure email. > > --- Original Message --- > > On Friday, April 29th, 2022 at 16:52, Stella Ashburne rewe...@gmx.com wrote: > > > > > > > > > Any tips as to how I can configure my client-side config file to prevent > > > IPv6 routes from being added during the connections? > > > > You could try --pull-filter-ignore 'route-ipv6 ' > > It could break everything though .. > > > > See the docs for details. > > > > tct > > > > Below is the connection log when I included the following option > > pull-filter ignore route-ipv6 > > in my client configuration file. > > > > 2022-04-28 20:23:17 Successful ARP Flush on interface [20] > {FB1A746D-116A-471A-A0B3-6017A1BF137A} > 2022-04-28 20:23:17 MANAGEMENT: > >STATE:1651321397,ASSIGN_IP,,10.5.0.3,fdda:d0d0:cafe:443::1001 > > 2022-04-28 20:23:17 IPv4 MTU set to 1500 on interface 20 using service > 2022-04-28 20:23:17 INET6 address service: add fdda:d0d0:cafe:443::1001/128 > 2022-04-28 20:23:17 add_route_ipv6(fdda:d0d0:cafe:443::/64 -> > fdda:d0d0:cafe:443::1001 metric 0) dev OpenVPN TAP-Windows6 > > 2022-04-28 20:23:17 IPv6 route addition via service succeeded > 2022-04-28 20:23:17 IPv6 MTU set to 1500 on interface 20 using service > 2022-04-28 20:23:17 Blocking outside dns using service succeeded. > 2022-04-28 20:23:22 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up > 2022-04-28 20:23:22 C:\Windows\system32\route.exe ADD 69.4.234.134 MASK > 255.255.255.255 192.168.1.1 > 2022-04-28 20:23:22 Route addition via service succeeded > 2022-04-28 20:23:22 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 > 10.5.0.1 > 2022-04-28 20:23:22 Route addition via service succeeded > 2022-04-28 20:23:22 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK > 128.0.0.0 10.5.0.1 > 2022-04-28 20:23:22 Route addition via service succeeded > 2022-04-28 20:23:22 WARNING: this configuration may cache passwords in memory > -- use the auth-nocache option to prevent this > 2022-04-28 20:23:22 Initialization Sequence Completed > 2022-04-28 20:23:22 MANAGEMENT: > >STATE:1651321402,CONNECTED,SUCCESS,10.5.0.3,69.4.234.134,443,192.168.10.93,50072,fdda:d0d0:cafe:443::1001 > > > > It appears that the option, pull-filter ignore route-ipv6, fails to prevent > IPv6 routes from being added based on the following lines in the connection > log: > > add_route_ipv6(fdda:d0d0:cafe:443::/64 -> fdda:d0d0:cafe:443::1001 metric 0) > dev OpenVPN TAP-Windows6 > > IPv6 route addition via service succeeded > IPv6 MTU set to 1500 on interface 20 using service > If you don't read the docs then don't expect it to work .. > It seems that the tip provided by Jordan Hayes does prevent IPv6 routes from > being added. > > Best regards. > > Stella > > > > ___ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users -BEGIN PGP SIGNATURE- Version: ProtonMail wsBzBAEBCAAGBQJibULtACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ3jRwf+NnTMrIAkm0NKTLBukx+Kz/qACrk1wueOqEFYdeGMIgNz1nQg vHqSHaukwBjtKQ47gpck91nKRPWZJIcnHPifaLcN1bCFwDFj3Wm12RHW8rb6 PT2XJCQljz6VfCyIVpQYLbqh7L0WKX3P2452EAYftI5NSfk0efIAT8nXrIfj JfbSrJ1A7pPLJLOzV7Do+LfrXAKiAS75DsyPEqowys83shZ2sjdDiZd/ncM0 M41zYelh6rn61RrfY8GwzeR0dZAZrVYhNnDB0AIgI0D+k6ahOAKn1LbBAe8s /ksUCVjLqggmwT6LbpA5UuXU1orV+2wgedZw7HeCCtUYHW3HNUBZXA== =xcjo -END PGP SIGNATURE- publickey - tincantech@protonmail.com - 0x09BC3D44.asc Description: application/pgp-keys publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi Thanks for your tip. >-BEGIN PGP SIGNED MESSAGE- >Hash: SHA256 > >Hi, > >Sent with ProtonMail secure email. >--- Original Message --- >On Friday, April 29th, 2022 at 16:52, Stella Ashburne wrote: > > > >> Any tips as to how I can configure my client-side config file to prevent >> IPv6 routes from being added during the connections? > >You could try --pull-filter-ignore 'route-ipv6 ' >It could break everything though .. > >See the docs for details. > >tct Below is the connection log when I included the following option pull-filter ignore route-ipv6 in my client configuration file. 2022-04-28 20:23:17 Successful ARP Flush on interface [20] {FB1A746D-116A-471A-A0B3-6017A1BF137A} 2022-04-28 20:23:17 MANAGEMENT: >STATE:1651321397,ASSIGN_IP,,10.5.0.3,fdda:d0d0:cafe:443::1001 2022-04-28 20:23:17 IPv4 MTU set to 1500 on interface 20 using service 2022-04-28 20:23:17 INET6 address service: add fdda:d0d0:cafe:443::1001/128 2022-04-28 20:23:17 add_route_ipv6(fdda:d0d0:cafe:443::/64 -> fdda:d0d0:cafe:443::1001 metric 0) dev OpenVPN TAP-Windows6 2022-04-28 20:23:17 IPv6 route addition via service succeeded 2022-04-28 20:23:17 IPv6 MTU set to 1500 on interface 20 using service 2022-04-28 20:23:17 Blocking outside dns using service succeeded. 2022-04-28 20:23:22 TEST ROUTES: 1/1 succeeded len=0 ret=1 a=0 u/d=up 2022-04-28 20:23:22 C:\Windows\system32\route.exe ADD 69.4.234.134 MASK 255.255.255.255 192.168.1.1 2022-04-28 20:23:22 Route addition via service succeeded 2022-04-28 20:23:22 C:\Windows\system32\route.exe ADD 0.0.0.0 MASK 128.0.0.0 10.5.0.1 2022-04-28 20:23:22 Route addition via service succeeded 2022-04-28 20:23:22 C:\Windows\system32\route.exe ADD 128.0.0.0 MASK 128.0.0.0 10.5.0.1 2022-04-28 20:23:22 Route addition via service succeeded 2022-04-28 20:23:22 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this 2022-04-28 20:23:22 Initialization Sequence Completed 2022-04-28 20:23:22 MANAGEMENT: >STATE:1651321402,CONNECTED,SUCCESS,10.5.0.3,69.4.234.134,443,192.168.10.93,50072,fdda:d0d0:cafe:443::1001 It appears that the option, pull-filter ignore route-ipv6, fails to prevent IPv6 routes from being added based on the following lines in the connection log: add_route_ipv6(fdda:d0d0:cafe:443::/64 -> fdda:d0d0:cafe:443::1001 metric 0) dev OpenVPN TAP-Windows6 IPv6 route addition via service succeeded IPv6 MTU set to 1500 on interface 20 using service It seems that the tip provided by Jordan Hayes does prevent IPv6 routes from being added. Best regards. Stella ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi Jordan Thanks for your tip. Sent: Saturday, April 30, 2022 at 1:13 AM From: "Jordan Hayes" To: openvpn-users@lists.sourceforge.net Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection? > Any tips as to how I can configure my client-side config file to prevent IPv6 > routes from being added during the connections? One trick to doing this on a Windows client is to open the adapter and deselect IPv6 support. ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users Firstly, based on your tip, I deselected IPv6 support of OpenVPN TAP-Windows6 adapter. Below is the connection log: 2022-04-30 19:11:24 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning. 2022-04-30 19:11:24 OpenVPN 2.5.6 Windows-MSVC [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Mar 16 2022 2022-04-30 19:11:24 Windows version 10.0 (Windows 10 or greater) 64bit 2022-04-30 19:11:24 library versions: OpenSSL 1.1.1n 15 Mar 2022, LZO 2.10 2022-04-30 19:11:24 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25374 2022-04-30 19:11:24 Need hold release from management interface, waiting... 2022-04-30 19:11:25 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25374 2022-04-30 19:11:25 MANAGEMENT: CMD 'state on' 2022-04-30 19:11:25 MANAGEMENT: CMD 'log all on' 2022-04-30 19:11:25 MANAGEMENT: CMD 'echo all on' 2022-04-30 19:11:25 MANAGEMENT: CMD 'bytecount 5' 2022-04-30 19:11:25 MANAGEMENT: CMD 'hold off' 2022-04-30 19:11:25 MANAGEMENT: CMD 'hold release' 2022-04-30 19:11:25 TCP/UDP: Preserving recently used remote address: [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:25 Socket Buffers: R=[65536->524288] S=[65536->524288] 2022-04-30 19:11:25 Attempting to establish TCP connection with [AF_INET]aa.bb.cc.dd:443 [nonblock] 2022-04-30 19:11:25 MANAGEMENT: >STATE:1651317085,TCP_CONNECT,, 2022-04-30 19:11:25 TCP connection established with [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:25 TCP_CLIENT link local: (not bound) 2022-04-30 19:11:25 TCP_CLIENT link remote: [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:25 MANAGEMENT: >STATE:1651317085,WAIT,, 2022-04-30 19:11:25 MANAGEMENT: >STATE:1651317085,AUTH,, 2022-04-30 19:11:25 TLS: Initial packet from [AF_INET]aa.bb.cc.dd:443, sid=22a213c3 9443bc90 2022-04-30 19:11:26 VERIFY OK: depth=2, C=XX, ST=Somewhere, L=Somecity, O=Verizon AB, OU=somevpn, CN=somevpn Root CA v2, emailAddress=secur...@somevpn.net 2022-04-30 19:11:26 VERIFY OK: depth=1, C=XX, ST=Somewhere, O=Verizon AB, OU=somevpn, CN=somevpn Intermediate CA v4, emailAddress=secur...@somevpn.net 2022-04-30 19:11:26 VERIFY KU OK 2022-04-30 19:11:26 Validating certificate extended key usage 2022-04-30 19:11:26 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication 2022-04-30 19:11:26 VERIFY EKU OK 2022-04-30 19:11:26 VERIFY OK: depth=0, C=XX, ST=Somewhere, O=Verizon AB, OU=somevpn, CN=us-dal-105.somevpn.net, emailAddress=secur...@somevpn.net 2022-04-30 19:11:26 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1559', remote='link-mtu 1560' 2022-04-30 19:11:26 WARNING: 'comp-lzo' is present in remote config but missing in local config, remote='comp-lzo' 2022-04-30 19:11:26 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_CHACHA20_POLY1305_SHA256, peer certificate: 4096 bit RSA, signature: RSA-SHA256 2022-04-30 19:11:26 [us-dal-105.somevpn.net] Peer Connection Initiated with [AF_INET]aa.bb.cc.dd:443 2022-04-30 19:11:28 MANAGEMENT: >STATE:1651317088,GET_CONFIG,, 2022-04-30 19:11:28 SENT CONTROL [us-dal-105.somevpn.net]: 'PUSH_REQUEST' (status=1) 2022-04-30 19:11:33 SENT CONTROL [us-dal-105.somevpn.net]: 'PUSH_REQUEST' (status=1) 2022-04-30 19:11:34 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 10.5.0.1,redirect-gateway def1 bypass-dhcp,route-ipv6 ::/2,route-ipv6 4000::/2,route-ipv6 8000::/2,route-ipv6 C000::/2,comp-lzo no,route-gateway 10.5.0.1,topology subnet,socket-flags TCP_NODELAY,ifconfig-ipv6 fdda:d0d0:cafe:443::1001/64 fdda:d0d0:cafe:443::,ifconfig 10.5.0.3 255.255.0.0,peer-id 0,cipher AES-256-GCM' 2022-04-30 19:11:34 OPTIONS IMPORT: compression parms modified 2022-04-30 19:11:34 OPTIONS IMPORT: --socket-flags option modified 2022-04-30 19:11:34 OPTIONS IMPORT: --ifconfig/up options modified 2022-04-30 19:11:34 OPTIONS IMPORT: route options modified 2022-04-30 19:11:34 OPTIONS IMPORT: route-related options modified 2022-04-30 19:11:34 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified 2022-04-30 19:11:34 OPTIONS IMPORT: peer-id set 2022-04-30 19:11:34 OPTIONS IMPORT: adjusting li
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Just wow... Verzonden met ProtonMail beveiligde e-mail. --- Original Message --- Op vrijdag 29 april 2022 om 19:59 schreef Jordan Hayes : > > Why would anyone want that? > > > This is the least useful answer you could give. > > How about: it's a condition of my parole? > > It's none of your business why someone might want to use the tool in > this way. Can you do it or not? > > That's the only question you're being asked. > > It's super annoying to see this kind of behavior. > > /jordan > > > > ___ > Openvpn-users mailing list > Openvpn-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-users ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi, On Fri, Apr 29, 2022 at 10:59:22AM -0700, Jordan Hayes wrote: > It's super annoying to see this kind of behavior. Yes, thanks very much for *your* contributions to the OpenVPN ecosystem. *I* have spent very much time to implement and improve the IPv6 support (*and* to provide the tools to ignore server-pushed options, if someone would bother to read the manuals) - and it pains me if people spread the lore that "disabling IPv6 is a good way forward". It is not, and it only leads to more work for other people later on. Half of the "you need to disable IPv6 to achieve..." is bullshit, and the other half is misunderstood lore. Like, "with IPv6 in my VPN I can be tracked" - no, you can't, it's still "just an IP address that the VPN provider assigns", and as IPv4, it can change, or can not, over time *depending on what the VPN provider does*. From a server perspective, it's the same thing: an IP address belonging to the VPN provider. One with dots, one with colons. There is reliable measurement data that performance from mobile networks to dual-stacked servers is *better* using IPv6 than using IPv4, due to the avoidance of CGNAT boxes, leading to better routing and less issues due to CGNAT state overflow. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
>Why would anyone want that? This is the least useful answer you could give. How about: it's a condition of my parole? It's none of your business why someone might want to use the tool in this way. Can you do it or not? That's the only question you're being asked. It's super annoying to see this kind of behavior. /jordan ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi, On Fri, Apr 29, 2022 at 05:50:00PM +0200, Stella Ashburne wrote: > > Sent: Friday, April 29, 2022 at 10:03 PM > > From: "Gert Doering" > > To: "Stella Ashburne" > > Cc: openvpn-users@lists.sourceforge.net > > Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added > > to my connection? > > > > Why would anyone want that? > > Firstly I define privacy ??? anonymity > > Secondly using IPv6 in VPN connections decreases privacy. It doesn't. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
> Any tips as to how I can configure my client-side config file to prevent IPv6 routes from being added during the connections? One trick to doing this on a Windows client is to open the adapter and deselect IPv6 support. ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, Sent with ProtonMail secure email. --- Original Message --- On Friday, April 29th, 2022 at 16:52, Stella Ashburne wrote: > Any tips as to how I can configure my client-side config file to prevent IPv6 > routes from being added during the connections? You could try --pull-filter-ignore 'route-ipv6 ' It could break everything though .. See the docs for details. tct -BEGIN PGP SIGNATURE- Version: ProtonMail wsBzBAEBCAAGBQJibBiMACEJEE+XnPZrkLidFiEECbw9RGejjXJ5xVVVT5ec 9muQuJ1ufAf/ewnJpX5yrH0/LAAurlmMk2CP2FwlmgDynEaoKRjE/7KrZXTx Gun/utLkDiDH/Mpj7uzgeLYprg/DWRh40YpR7dsyflU/xiVelwsWrQ9Ub5Zf jPADlHMGzRJYLqqFnJFoFaHg4+hv7RgnDStj7uf3QDeaC4dJ9De/Ouz4mN7V PNTxsULFVkBO1EvtcEDLrhis8lnHlhAmd9LeIRPBKwX92BF0cPCpgYoa7nf0 DbCjYGNahpICEFJ6GUH28zH6XASCvnT/5AP7Bk2qlFRiPcBIFmp6p2lnjdMn JqidkhnnDTUlAxSzbmanBw/uQOTk5KPYY037AnQACAFX7wQpGcUt+g== =scvm -END PGP SIGNATURE- publickey - tincantech@protonmail.com - 0x09BC3D44.asc Description: application/pgp-keys publickey - tincantech@protonmail.com - 0x09BC3D44.asc.sig Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
W dniu 29.04.2022 o 16:03, Gert Doering pisze: Hi, On Fri, Apr 29, 2022 at 03:34:24PM +0200, Stella Ashburne wrote: I have configured my system to prefer IPv4 over IPv6 using the guide: https://kb.firedaemon.com/support/solutions/articles/4000160803-prioritising-ipv4-over-ipv6-on-windows-10-and-11 [..] 1. How do I modify my configuration file (client config file) such that IPv6 routes are not added to my connection? Why would anyone want that? We've spent quite a bit of effort in ensuring that IPv6 works as well as IPv4 (often, better actually) and your VPN provider also has done the necessary work, it seems. gert IPv6 support in OpenVPN is decent since a longer while. This support is so good that some people think they have a native ip6 from ISP (but they don't)! I am kidding you not, that's my experience, have received some feedback related to this issue. -- Marek Zarychta ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi Marek Thanks for your reply. > Sent: Friday, April 29, 2022 at 11:49 PM > From: "Marek Zarychta" > To: "Gert Doering" , "Stella Ashburne" > Cc: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added to > my connection? > > IPv6 support in OpenVPN is decent since a longer while. > > This support is so good that some people think they have a native ip6 > from ISP (but they don't)! > > I am kidding you not, that's my experience, have received some feedback > related to this issue. Any tips as to how I can configure my client-side config file to prevent IPv6 routes from being added during the connections? Best regards. Stella ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi Gert Thanks for your reply. > Sent: Friday, April 29, 2022 at 10:03 PM > From: "Gert Doering" > To: "Stella Ashburne" > Cc: openvpn-users@lists.sourceforge.net > Subject: Re: [Openvpn-users] How do I prevent IPv6 routes from being added to > my connection? > > Why would anyone want that? > Firstly I define privacy ≠ anonymity Secondly using IPv6 in VPN connections decreases privacy. Best regards. Stella ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
Re: [Openvpn-users] How do I prevent IPv6 routes from being added to my connection?
Hi, On Fri, Apr 29, 2022 at 03:34:24PM +0200, Stella Ashburne wrote: > I have configured my system to prefer IPv4 over IPv6 using the guide: > https://kb.firedaemon.com/support/solutions/articles/4000160803-prioritising-ipv4-over-ipv6-on-windows-10-and-11 [..] > 1. How do I modify my configuration file (client config file) such that IPv6 > routes are not added to my connection? Why would anyone want that? We've spent quite a bit of effort in ensuring that IPv6 works as well as IPv4 (often, better actually) and your VPN provider also has done the necessary work, it seems. gert -- "If was one thing all people took for granted, was conviction that if you feed honest figures into a computer, honest figures come out. Never doubted it myself till I met a computer with a sense of humor." Robert A. Heinlein, The Moon is a Harsh Mistress Gert Doering - Munich, Germany g...@greenie.muc.de signature.asc Description: PGP signature ___ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users