On 2020/01/13 18:19, Alexander Bluhm wrote: > On Mon, Jan 13, 2020 at 05:55:06PM +0100, Tobias Heider wrote: > > I think we should discuss whether we can remove the flow > > (and the -6 flag) as I constantly hear people complaining > > that it broke their setups and I don't think anyone > > expects some seemingly unrelated program breaking IPv6. > > A missing -6 flag on the iked command line, is a very unexpected > way to break your IPv6 setup. So we should remove that. > > OK bluhm@ > > If there is demand for such a feature, we could create an option > in the example/iked.conf that shows how to disable IPv6. > And perhaps one to disable IPv4 for the IPv6 hipser :-)
It would need to be in ipsec.conf - iked.conf doesn't allow setting manual flows. On 2020/01/13 20:51, Klemens Nanni wrote: > I'm in favour of removing the option and OK with your diff, but simply > removing it is probably a bad idea given its nature. > > What about printing a deprecation warning so that users can safely > adjust their rcctl flags instead of running into "iked(failed)" on the > next snapshot. Yes please make -6 a noop or a warning rather than an error. Sometimes breakage is unavoidable, but this isn't one of those cases.