On 4/4/25 14:18, David Gwynne wrote:
so linux has a feature where it will map ipv4 connections into the ipv4
mapped address space in ipv6 and let you handle them all with a single
ipv6 listener. have a look for the doco around the "net.ipv6.bindv6only"
sysctl on linux for a bit more explanaion. openbsd does not implement
this.
i'm guessing that openvpn is relying on this feature though.
I'd say so. Normally IPv6 sockets are dual-stack unless you specify
IPV6_V6ONLY.
the right solution is to configure the software to bind separate sockets
for each address family. i believe you can do this with openvpn by
specifying multiple "--local" arguments to the daemon. you should be
able to bind to ipv4 with "--local 0.0.0.0" and ipv6 with "--local ::".
i could be completely wrong though. i havent tried this myself, so it
may not work at all in practice.
Well, it was worth a try, What happened is the --local specified last
took precedence. So `--local :: --local 0.0.0.0` yielded IPv4,
reversing those yielded IPv6.
--
Stuart Longland (aka Redhatter, VK4MSL)
I haven't lost my mind...
...it's backed up on a tape somewhere.
