Am 27.11.19 um 14:43 schrieb Laurent Fasnacht:
> Apparently, `netsh interface ipv6 set address ...` defaults to using
> a subnet of /64, and therefore adds an onlink route of that size.
>
> When using a tun tunnel, the tap adapter only replies to neighbor
> discovery packets for fe80::8. This leads to the unfortunate situation
> where all the hosts in the /64 are not reachable.
>
> This patch fixes that situation by specifying a /128 netmask, as the real
> route is added afterwards, via the gateway.
> ---
> src/openvpn/tun.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/src/openvpn/tun.c b/src/openvpn/tun.c
> index 599fd817..8b054c80 100644
> --- a/src/openvpn/tun.c
> +++ b/src/openvpn/tun.c
> @@ -982,15 +982,15 @@ do_ifconfig_ipv6(struct tuntap *tt, const char *ifname,
> int tun_mtu,
> else
> {
> /* example: netsh interface ipv6 set address interface=42
> - * 2001:608:8003::d store=active
> + * 2001:608:8003::d/128 store=active
> */
> char iface[64];
>
> openvpn_snprintf(iface, sizeof(iface), "interface=%lu",
> tt->adapter_index);
> - argv_printf(&argv, "%s%sc interface ipv6 set address %s %s
> store=active",
> + argv_printf(&argv, "%s%sc interface ipv6 set address %s %s/%d
> store=active",
> get_win_sys_path(), NETSH_PATH_SUFFIX, iface,
> - ifconfig_ipv6_local);
> + ifconfig_ipv6_local, 128);
> netsh_command(&argv, 4, M_FATAL);
> /* set ipv6 dns servers if any are specified */
> netsh_set_dns6_servers(tt->options.dns6, tt->options.dns6_len,
> ifname);Instead changing the implicit /64 to an explicit /128, wouldn't it be better to use the correct tt->netbits_ipv6 like on other platforms? Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
