From: Samuli Seppänen <sam...@openvpn.net> Prior to this patch were two sets of IPv6 README/TODO files: one from payload and one from transport patchset. Unfortunately Git on Windows gets very confused of these files, as they only differ in case. This patch merges these sets into one.
Signed-off-by: Samuli Seppänen <sam...@openvpn.net> --- README.IPv6 | 95 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- README.ipv6 | 81 -------------------------------------------------- TODO.IPv6 | 41 ++++++++++++++++++++++++- TODO.ipv6 | 30 ------------------ 4 files changed, 131 insertions(+), 116 deletions(-) delete mode 100644 README.ipv6 delete mode 100644 TODO.ipv6 diff --git a/README.IPv6 b/README.IPv6 index ca578f2..bbb9db3 100644 --- a/README.IPv6 +++ b/README.IPv6 @@ -1,8 +1,97 @@ -This is an experimentally patched version of OpenVPN 2.1 with IPv6 -payload support. +IPv6 payload support +-------------------- -Go here for release notes and documentation: +Latest IPv6 payload support code and documentation can be found from here: http://www.greenie.net/ipv6/openvpn.html +For TODO list, see TODO.IPv6. + Gert Doering, 31.12.2009 + + + +IPv6 transport support +---------------------- + +[ Last updated: 25-Mar-2011. ] + +OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases: +( --udp6 and --tcp6-{client,server} ) + +* Availability + Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6 + + Distro ready repos/packages: + o Debian sid official repo, by Alberto Gonzalez Iniesta, + starting from openvpn_2.1~rc20-2 + o Gentoo official portage tree, by Marcel Pennewiss: + - https://bugs.gentoo.org/show_bug.cgi?id=287896 + o Ubuntu package, by Bernhard Schmidt: + - https://launchpad.net/~berni/+archive/ipv6/+packages + o Freetz.org, milestone freetz-1.2 + - http://trac.freetz.org/milestone/freetz-1.2 + +* Status: + o OK: + - upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1 + - udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux + (gives a warning on local!=remote proto matching) + o NOT: + - win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused + o NOT tested: + - mgmt console + +* Build setup: + ./configure --enable-ipv6 (by default) + +* Usage: + For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example + from man page ... + + On may: + openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \ + --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key + + On june: + openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \ + --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key + + Same for --proto tcp6-client, tcp6-server. + +* Main code changes summary: + - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo, + (here I omitted #ifdef USE_PF_xxxx, see socket.h ) + + struct openvpn_sockaddr { + union { + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; + } addr; + }; + + struct link_socket_addr + { + struct openvpn_sockaddr local; + struct openvpn_sockaddr remote; + struct openvpn_sockaddr actual; + }; + + PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc + (also local.pi.in and local.pi.in6) + + - several function prototypes moved from sockaddr_in to openvpn_sockaddr + - several new sockaddr functions needed to "generalize" AF_xxxx operations: + addr_copy(), addr_zero(), ...etc + proto_is_udp(), proto_is_dgram(), proto_is_net() + +* For TODO list, see TODO.IPv6 + +-- +JuanJo Ciarlante jjo () google () com ............................ +: : +. Linux IP Aliasing author . +. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author . +. OpenVPN over IPv6 support . +:...... plus other scattered free software bits in the wild ...: diff --git a/README.ipv6 b/README.ipv6 deleted file mode 100644 index 4295f85..0000000 --- a/README.ipv6 +++ /dev/null @@ -1,81 +0,0 @@ -[ Last updated: 25-Mar-2011. ] - -OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases: -( --udp6 and --tcp6-{client,server} ) - -* Availability - Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6 - - Distro ready repos/packages: - o Debian sid official repo, by Alberto Gonzalez Iniesta, - starting from openvpn_2.1~rc20-2 - o Gentoo official portage tree, by Marcel Pennewiss: - - https://bugs.gentoo.org/show_bug.cgi?id=287896 - o Ubuntu package, by Bernhard Schmidt: - - https://launchpad.net/~berni/+archive/ipv6/+packages - o Freetz.org, milestone freetz-1.2 - - http://trac.freetz.org/milestone/freetz-1.2 - -* Status: - o OK: - - upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1 - - udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux - (gives a warning on local!=remote proto matching) - o NOT: - - win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused - o NOT tested: - - mgmt console - -* Build setup: - ./configure --enable-ipv6 (by default) - -* Usage: - For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example - from man page ... - - On may: - openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \ - --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key - - On june: - openvpn --proto udp6 --remote <may_IPv6_addr> --dev tun1 \ - --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key - - Same for --proto tcp6-client, tcp6-server. - -* Main code changes summary: - - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo, - (here I omitted #ifdef USE_PF_xxxx, see socket.h ) - - struct openvpn_sockaddr { - union { - struct sockaddr sa; - struct sockaddr_in in; - struct sockaddr_in6 in6; - } addr; - }; - - struct link_socket_addr - { - struct openvpn_sockaddr local; - struct openvpn_sockaddr remote; - struct openvpn_sockaddr actual; - }; - - PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc - (also local.pi.in and local.pi.in6) - - - several function prototypes moved from sockaddr_in to openvpn_sockaddr - - several new sockaddr functions needed to "generalize" AF_xxxx operations: - addr_copy(), addr_zero(), ...etc - proto_is_udp(), proto_is_dgram(), proto_is_net() - -* TODO: See TODO.ipv6 - --- -JuanJo Ciarlante jjo () google () com ............................ -: : -. Linux IP Aliasing author . -. Modular algo (AES et all) support for FreeSWAN/OpenSWAN author . -. OpenVPN over IPv6 support . -:...... plus other scattered free software bits in the wild ...: diff --git a/TODO.IPv6 b/TODO.IPv6 index 092a1a3..59f7453 100644 --- a/TODO.IPv6 +++ b/TODO.IPv6 @@ -1,5 +1,5 @@ -known issues for IPv6 payload support in OpenVPN ------------------------------------------------ +TODO for IPv6 payload support +----------------------------- 1.) "--topology subnet" doesn't work together with IPv6 payload on FreeBSD (verified for FreeBSD server, Linux/ifconfig client, problems @@ -147,3 +147,40 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 to the config (problem + workaround applies both to tun and tap style devices) + + + + +TODO for IPv6 transport support +------------------------------- + +[ Last updated: 11-Nov-2009. ] + +* All platforms: + o mgmt console: as currently passes straight in_addr_t bits around + + o make possible to get AF from getaddrinfo() answer, ie allow openvpn to + use ipv4/6 if DNS returns A/AAAA without specifying protocol. + Hard: requires deep changes in initialization/calling logic + + o use AI_PASSIVE + + o the getaddr()/getaddr6() interface is not prepared for handling socktype + "tagging", currently I abuse the sockflags bits for getting the ai_socktype + downstream. + + o implement comparison for mapped addesses: server in dual stack + listening IPv6 must permit incoming streams from allowed IPv4 peer, + currently you need to pass eg: --remote ffff::1.2.3.4 + + o do something with multi mode learn routes, for now just ignoring + ipv6 addresses seems the most sensible thing to do, because there's + no support for intra-tunnel ipv6 stuff. + +* win32: + o find out about mapped addresses, as I can't make it work + with bound at ::1 and connect to 127.0.0.1 + +* N/A: + o this is ipv6 *endpoint* support, so don't expect "ifconfig6"-like + support in this patch diff --git a/TODO.ipv6 b/TODO.ipv6 deleted file mode 100644 index 966af2d..0000000 --- a/TODO.ipv6 +++ /dev/null @@ -1,30 +0,0 @@ -[ Last updated: 11-Nov-2009. ] - -* All platforms: - o mgmt console: as currently passes straight in_addr_t bits around - - o make possible to get AF from getaddrinfo() answer, ie allow openvpn to - use ipv4/6 if DNS returns A/AAAA without specifying protocol. - Hard: requires deep changes in initialization/calling logic - - o use AI_PASSIVE - - o the getaddr()/getaddr6() interface is not prepared for handling socktype - "tagging", currently I abuse the sockflags bits for getting the ai_socktype - downstream. - - o implement comparison for mapped addesses: server in dual stack - listening IPv6 must permit incoming streams from allowed IPv4 peer, - currently you need to pass eg: --remote ffff::1.2.3.4 - - o do something with multi mode learn routes, for now just ignoring - ipv6 addresses seems the most sensible thing to do, because there's - no support for intra-tunnel ipv6 stuff. - -* win32: - o find out about mapped addresses, as I can't make it work - with bound at ::1 and connect to 127.0.0.1 - -* N/A: - o this is ipv6 *endpoint* support, so don't expect "ifconfig6"-like - support in this patch -- 1.7.4.1
