Re: [Openvpn-devel] [PATCH 07/10] Implement '--redirect-gateway ipv6'

Tue, 15 Sep 2015 11:10:29 +0000 


Am 11.09.15 um 16:33 schrieb Gert Doering:
> Add "ipv6" and "!ipv4" sub-options to "--redirect-gateway" option.
>
> This is done in the same way as in the OpenVPN 3 code base, so
> "--redirect-gateway ipv6" will redirect both IPv4 and IPv6 - if you
> want v6-only, use "--redirect-gateway ipv6 !ipv4".
>
> The actual implementation is much simpler than for IPv4 - we just
> add a few extra routes to the route_ipv6_option_list and leave it to
> init_route_ipv6_list() to figure out whether there is an overlap with
> IPv6 transport, and if yes, insert a host route to the VPN server
> via the current IPv6 default gateway.
>
> Signed-off-by: Gert Doering <g...@greenie.muc.de>
> ---
>  doc/openvpn.8         | 11 +++++++++++
>  src/openvpn/init.c    | 15 +++++++++++++++
>  src/openvpn/options.c |  7 +++++++
>  3 files changed, 33 insertions(+)
>
> diff --git a/doc/openvpn.8 b/doc/openvpn.8
> index 0692a80..98378aa 100644
> --- a/doc/openvpn.8
> +++ b/doc/openvpn.8
> @@ -1240,6 +1240,17 @@ on non-Windows clients).
>  Block access to local LAN when the tunnel is active, except for
>  the LAN gateway itself.  This is accomplished by routing the local
>  LAN (except for the LAN gateway address) into the tunnel.
> +
> +.B ipv6 --
> +Redirect IPv6 routing into the tunnel.  This works similar to the
> +.B def1
> +flag, that is, more specific IPv6 routes are added (2000::/4, 3000::/4),
> +covering the whole IPv6 unicast space.
> +
> +.B !ipv4 --
> +Do not redirect IPv4 traffic - typically used in the flag pair
> +.B "ipv6 !ipv4"
> +to redirect IPv6-only.
>  .\"*********************************************************
>  .TP
>  .B \-\-link\-mtu n
> diff --git a/src/openvpn/init.c b/src/openvpn/init.c
> index 0416e35..c47f4a8 100644
> --- a/src/openvpn/init.c
> +++ b/src/openvpn/init.c
> @@ -1195,6 +1195,21 @@ do_init_route_ipv6_list (const struct options *options,
>    if (options->route_default_metric)
>      metric = options->route_default_metric;
>  
> +  /* redirect (IPv6) gateway to VPN?  if yes, add a few more specifics
> +   */
> +  if ( options->routes_ipv6->flags & RG_REROUTE_GW )
> +    {
> +      char *opt_list[] = { "::/3", "2000::/4", "3000::/4", "fc00::/7", NULL 
> };
> +      int i;
> +
>
I cannot judge how good or bad this default list is. I usually have don
the the ::/1 and 8000::/1 stuff.

Otherwise the patch is fine, so ACK.

Arne

Reply via email to