Op 27-11-2012 14:58, Fernando Gont schreef: > Folks, > > FYI. This is might affect FreeBSD users employing e.g. OpenVPN: > <http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages>. > > For a project such as OpenVPN, a (portable) fix might be non-trivial. > However, I guess FreeBSD might hook some PF rules when establishing the > VPN tunnel, such that e.g. all v6 traffic is filtered (yes, this is > certainly not the most desirable fix, but still probably better than > having your supposedly-secured traffic being sent in the clear).
No need for filtering. Just forward the traffic over the tunnel. The newer OpenVPN already supports IPv6 and both servers and clients are actively out in the wild. Even the Android OpenVPN client supports both stacks. Our OpenVPN server for road warriors sends a IPv6 prefix to be used on OpenVPN as well as a IPv4 address. It works well. Regards, Seth _______________________________________________ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
