Gert Doering, le Mon 27 May 2013 09:25:12 +0200, a écrit : > On Mon, May 27, 2013 at 12:36:39AM +0200, Samuel Thibault wrote: > > Gert Doering, le Sat 25 May 2013 13:58:19 +0200, a écrit : > > > > To make it short: yes, the ipv6 pool environment variables are useful, > > > > for user-defined scripts to be run at connection for instance to > > > > propagate routes, do accounting, etc. The patch below adds them. > > > > > > You keep claiming that "yes it's useful". The lack of feedback on the > > > list is partly due to the "To make it short" part of your mail... > > > > Ok. I was simply wondering whether it had perhaps got somehow dropped > > without reason. > > > > As I mentioned too briefly, the reason we need it is the same as for the > > IPv4 case: to announce the route to our bird daemon on connection, and > > drop it on disconnection. > > Mmmmh. Trying to understand this: so you're not using a common /64 for > the tun addresses (= the ifconfig-ipv6-pool),
We are, but, > which is then announced on-demand by bird? we need to announce it on-demand by bird, because we plan to possibly have several servers. Actually we also add the routes because we already have several openvpn daemons, because we have to let people connect through either udp and tcp, depending on the wild area they happen to have landed on. So we need to tell the kernel which tun (i.e. which openvpn daemon) to push paquets to. > Have you looked at the learn-address script? I use something similar > at a customer (adding and removing proxy-arp entries on client connect) > and learn-address does all I need just fine... That could do it yes, however, > Well, learn-address is run on disconnect, but not "right away" - true, > so having it in disconnect is useful. yes. The rather random delay hurts by preventing from reconnecting immediately (either to the same daemon, or to another one or even another server), which is a pain when trying to set up the VPN in a wild area :) > I wonder whether we should also export iroute-ipv6 settings, as that would > enable on-demand routing of more than a single IPv6 address. Actually in our case iroute is fed by radiusplugin, which happens to also already add the route for us, so we didn't have to add that one. But it could be better to have radiusplugin just pass iroute to openvpn, and let the userscript add the route if needed. Samuel
