Am 29.10.18 um 23:09 schrieb Gert Doering:
Hi,
On Mon, Oct 29, 2018 at 09:06:13PM +0000, Kristian McColm wrote:
Will this feature break VPNs that use NAT64 to connect to IPv4-only OpenVPN
servers?
No.
This is an opt-in feature which you can enable by pushing "block-ipv6"
from the server to the client, to avoid IPv6 traffic (to, say, youtube)
bypassing your IPv4-only VPN.
If your VPN is dual-stacked *inside* the tunnel, you wouldn't enable
this. If your VPN is IPv4-only, but the client has external IPv6
connectivity, you might consider enabling this.
gert
Sure?
NAT64 means the client has (only) IPv6 connectivity. I am not sure
about, if a openvpn connections survive from an IPv6-only/NAT64 endpoint
to an IPv4-only server (transport protocol is changing during the
transport from 6 to 4 and vice versa). May be they do it via NAT64 or
via 464xlat. But if you block IPv6 ("external") at the client, you will
lose also you connectivity. (except 464xlat which generates a v4 socket)
I cannot test it at the moment. I have two IPv6-only configured ovpn
servers and two NAT64-ISP (tm and lrz) but no time to build an
IPv4-only-openvpn-Server.
Regards,
Thomas
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
