diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2012-03-22 10:59:59 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2012-03-22 10:59:59 +0000 |
commit | 3cc0c95853fcb021a12c63581c971c65718cc685 (patch) | |
tree | 0c35ac6c657d2ed747d541f93d3fb75e32f2384c /main | |
parent | ab70e0bf119a65bcc337e60fe874c4695ba2960f (diff) | |
download | aports-3cc0c95853fcb021a12c63581c971c65718cc685.tar.bz2 aports-3cc0c95853fcb021a12c63581c971c65718cc685.tar.xz |
main/openvpn: upgrade to 2.2.2
rebase the ipv6 patch
Diffstat (limited to 'main')
-rw-r--r-- | main/openvpn/APKBUILD | 10 | ||||
-rw-r--r-- | main/openvpn/openvpn-2.2.2-ipv6.patch (renamed from main/openvpn/openvpn-2.2.0-ipv6-20110522-1.patch) | 986 |
2 files changed, 167 insertions, 829 deletions
diff --git a/main/openvpn/APKBUILD b/main/openvpn/APKBUILD index 7f96559a13..929cd73db5 100644 --- a/main/openvpn/APKBUILD +++ b/main/openvpn/APKBUILD @@ -1,7 +1,7 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=openvpn -pkgver=2.2.0 -pkgrel=2 +pkgver=2.2.2 +pkgrel=0 pkgdesc="A robust, and highly configurable VPN (Virtual Private Network)" url="http://openvpn.sourceforge.net/" arch="all" @@ -15,7 +15,7 @@ source="http://swupdate.openvpn.net/community/releases/$pkgname-$pkgver.tar.gz openvpn.confd openvpn.up openvpn.down - openvpn-2.2.0-ipv6-20110522-1.patch + openvpn-2.2.2-ipv6.patch " _builddir="$srcdir"/$pkgname-$pkgver @@ -88,9 +88,9 @@ doc() { default_doc } -md5sums="4f440603eac45fec7be218b87d570834 openvpn-2.2.0.tar.gz +md5sums="c5181e27b7945fa6276d21873329c5c7 openvpn-2.2.2.tar.gz ec99092827faa7226e9f548c2cd1d20c openvpn.initd 9eca88cac6294027ec1bb7be74185c3a openvpn.confd dc72fecd1a1bcef937603057cd6574b1 openvpn.up dc3ff0bae442b9aedd947b8ffda1687a openvpn.down -25172fa251672edc3f7a277b5d7f3f72 openvpn-2.2.0-ipv6-20110522-1.patch" +51b1ddade743505b84d27db9ebfd6c0a openvpn-2.2.2-ipv6.patch" diff --git a/main/openvpn/openvpn-2.2.0-ipv6-20110522-1.patch b/main/openvpn/openvpn-2.2.2-ipv6.patch index 85819de42f..f8b8015ea6 100644 --- a/main/openvpn/openvpn-2.2.0-ipv6-20110522-1.patch +++ b/main/openvpn/openvpn-2.2.2-ipv6.patch @@ -1,626 +1,7 @@ -diff --git openvpn-2.2.0/ChangeLog.IPv6 openvpn-2.2-ipv6-20110522-1/ChangeLog.IPv6 -new file mode 100644 -index 0000000..283fe6e ---- /dev/null -+++ openvpn-2.2-ipv6-20110522-1/ChangeLog.IPv6 -@@ -0,0 +1,440 @@ -+Do 31. Dez 15:32:40 CET 2009 Gert Doering -+ -+ * Basic IPv6 p2mp functionality implemented -+ -+ * new options: -+ - server-ipv6 -+ - ifconfig-ipv6 -+ - ifconfig-ipv6-pool -+ - route-ipv6 -+ - iroute-ipv6 -+ -+ * modules touched: -+ - init.c: init & setup IPv6 route list & add/delete IPv6 routes -+ - tun.c: add "ifconfig" and "route" handling for IPv6 -+ - multi.c: IPv6 ifconfig-pool assignments -+ put to route-hash table -+ push to client -+ - pool.c: extend pools to handle IPv4+IPv6, and also return IPv6 address -+ IPv6 address saved to file if ifconfig-pool-persist is set -+ (but ignored on read due to the way pools work) -+ - mroute.c: handle reading src/dst addresses from IPv6 packets -+ (so multi.c can check against route-hash table) -+ handle printing of IPv6 mroute_addr structure -+ - helper.c: implement "server-ipv6" macro (->ifconfig-ipv6, pool, ...) -+ - options.c: implement all the new options -+ add helper functions for IPv6 address handling -+ - forward.c: tell do_route() about IPv6 routes -+ - route.c: handle IPv6 route lists + route option lists -+ extend add_routes() to do IPv4 + IPv6 route lists -+ extend delete_routes() to do IPv4 + IPv6 route lists -+ implement add_route_ipv6(), delete_route_ipv6() to call -+ system-dependend external program to do the work -+ - push.c: handle pushing of "ifconfig-ipv6" option -+ - socket.c: helper function to check & print IPv6 address strings -+ -+ * known issues: -+ - operating system support on all but Linux (ifconfig, route) -+ - route-ipv6 gateway handling -+ - iroute-ipv6 not implemented -+ - TAP support: ifconfig, routing (route needs gateway!) -+ -+ * release as patch 20091231-1 -+ -+Thu Dec 31 17:02:08 CET 2009 -+ -+ * NetBSD port (NetBSD 3.1 on Sparc64) -+ -+ * mroute.c, socket.c: make byte/word access to in6_addr more portable -+ -+ * tun.c: fix IPv6 ifconfig arguments on NetBSD -+ -+ still doesn't work on NetBSD 3.1, "ifconfig tun0 inet6..." errors with -+ -+ ifconfig: SIOCAIFADDR: Address family not supported by protocol family -+ -+ (sys/net/if_tun.c, needs to be revision 1.80 or later, NetBSD PR 32944, -+ included in NetBSD 4.0 and up) -+ -+ -+Fri Jan 1 14:07:15 CET 2010 -+ -+ * FreeBSD port (FreeBSD 6.3-p12 on i386) -+ -+ * tun.c: implement IPv6 ifconfig setting for FreeBSD -+ -+ * route.c: fix %s/%s argument to IPv6 route add/delete command for *BSD -+ -+ * TEST SUCCESS: FreeBSD 6.3-p12, server-ipv6, route-ipv6, ccd/iroute-ipv6 -+ -+ * multi.c: implement setting and deleting of iroute-ipv6 -+ (multi_add_iroutes(), multi_del_iroutes()) -+ * mroute.c: add mroute_helper_add_iroute6(), mroute_helper_del_iroute6() -+ * mroute.h: add prototypes, increase MR_HELPER_NET_LEN to 129 (/0.../128) -+ * multi.c: zeroize host part of IPv6 iroutes in multi_learn_in6_addr() -+ * mroute.c: implement mroute_addr_mask_host_bits() for IPv6 -+ -+ * TEST SUCCESS: Linux 2.6.30 (Gentoo)/iproute2, server-ipv6, ccd/iroute-ipv6 -+ -+ * TEST SUCCESS: Linux 2.6.30 (Gentoo)/ifconfig, client-ipv6 -+ -+ * TEST FAIL: NetBSD 5.0, IPv6 client -+ - "ifconfig tun0 .../64" does not create a "connected" route -+ - adding routes fails -+ -+ --> more work to do here. -+ -+ * release as patch 20100101-1 -+ -+ * TEST FAIL: -+ FreeBSD 6.3-p12 server "--topology subnet" -+ Linux/ifconfig client -+ - BSD sends ICMP6 neighbor solicitations, which are ignored by Linux -+ - server tun interface is not in p2p mode, client tun interface *is* -+ -+ * TEST SUCCESS: non-ipv6 enabled client -> "--server-ipv6" server -+ (warnings in the log file, but no malfunctions) -+ -+ -+Sat Jan 2 19:48:35 CET 2010 -+ -+ * tun.c: change "ipv6_support()", do not turn off tt->ipv6 unconditionally -+ if we don't know about OS IPv6 support - just log warning -+ -+ * tun.c: implement "ifconfig inet6" setting for MacOS X / Darwin -+ -+ * route.c: split *BSD system dependent part of add/delete_route_ipv6() -+ into FreeBSD/Dragonfly and NetBSD/Darwin/OpenBSD variants -+ ("2001:db8::/64" vs. "2001:db8:: --prefixlen 64"). -+ -+ * tun.c: on MacOS X, NetBSD and OpenBSD, explicitely set on-link route -+ -+ * TEST SUCCESS: MacOS X, client-ipv6 with route-ipv6 -+ -+ -+Sun Jan 3 10:55:31 CET 2010 -+ -+ * route.c: NetBSD fails with "-iface tun0", needs gateway address -+ (assume that the same syntax is needed for OpenBSD) -+ -+ * route.h: introduce "remote_endpoint_ipv6" into "struct route_ipv6_list" -+ -+ * init.c: pass "ifconfig_ipv6_remote" as gateway to init_route_ipv6_list() -+ -+ * route.c: -+ - init_route_ipv6(): use "remote_endpoint_ipv6" as IPv6 gateway address -+ if no gateway was specified explicitely -+ -+ - init_route_ipv6_list(): fill in "remote_endpoint_ipv6", if parseable -+ -+ - get rid of "GATEWAY-LESS ROUTE6" warning -+ -+ * route.c, add_route_ipv6() -+ - explicitely clear host bits of base address, to be able to more -+ easily set up "connected" /64 routes on NetBSD+Darwin -+ -+ - split system-dependent part between Darwin and NetBSD/OpenBSD -+ (Darwin can use "-iface tun0", NetBSD/OpenBSD get gateway address) -+ -+ - change Solaris comments from "known-broken" to "unknown" -+ -+ * tun.c: rework NetBSD tunnel initialization and tun_read() / tun_write() -+ to work the same way OpenBSD and NetBSD do - tunnel is put into -+ "multi-af" mode, and all packet read/write activity is prepended by -+ a 32 bit value specifying the address family. -+ -+ * TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6 -+ -+ * TEST SUCCESS: MacOS X 10.5: client-ipv6 with route-ipv6 -+ -+ * (RE-)TEST SUCCESS: Linux/iproute2: server-ipv6 -+ Linux/ifconfig: client-ipv6 -+ FreeBSD 6.3: server-ipv6 -+ -+ * release as patch 20100103-1 -+ -+ * options.c: document all new options in "--help" -+ -+ * tun.c: fix typo in Solaris-specific section -+ -+ * socket.h, socket.c: change u_int32_t to uint32_t -+ (Solaris - and all the rest of the code uses "uintNN" anyway) -+ -+Mon Jan 4 17:46:58 CET 2010 -+ -+ * socket.c: rework add_in6_addr() to use 32-bit access to struct in6_addr -+ (Solaris has no 16-bit values in union, but this is more elegant as well) -+ -+ * tun.c: fix "ifconfig inet6" command for Solaris -+ -+ * tun.c: make sure "tun0 inet6" is unplumbed first, cleanup leftovers -+ -+ * route.c: add routes with "metric 0" on solaris, otherwise they just -+ don't work (someone who understands Solaris might want to fix this). -+ -+ * Solaris "sort of" works now - ifconfig works, route add does not give -+ errors, "netstat -rn" looks right, but packets are discarded unless -+ the routes are installed with "metric 0". So we just use "metric 0"... -+ -+ * CAVEAT: Solaris "ifconfig ... preferred" interferes with source address -+ selection. So if there are any active IPv6 interfaces configured with -+ "preferred", packets leaving out the tunnel will use the wrong source -+ IPv6 address. Not fixable from within OpenVPN. -+ -+ * CAVEAT2: Solaris insists on doing DHCPv6 on tun0 interfaces by default, -+ so DHCPv6 solicitation packets will be seen. Since the server end has -+ no idea what to do with them, they are a harmless nuisance. Fixable -+ on the Solaris side via "ndpd.conf" (see ``man ifconfig''). -+ -+ * release as patch 20100104-1 -+ -+Fri Jan 8 10:00:50 CET 2010 -+ -+ * import into git repository -+ -+ * options.c: add sanity checks for most typical error cases -+ (--ifconfig-ipv6-pool configured with no --ifconfig-ipv6, etc) -+ -+ * options.c: modify get_ipv6_addr() to be more flexible about netbits -+ (optional now, default to /64) and to return the address-without-netbits -+ string now (-> for options that want the IPv6 address in printable -+ form, but without /nn) -+ -+ * options.c: modify --ifconfig-ipv6 to optionally accept /netbits, -+ you can do now "ifconfig-ipv6 2001:df8::1/64 2001:df8::2" or just -+ "ifconfig-ipv6 2001:df8::5 2001:df8::7", defaulting to /64 -+ -+ * options.h: add necessary structure elements for --ifconfig-ipv6-push -+ -+ * options.c: implement "parse options" side of --ifconfig-ipv6-push -+ -+Tue Jan 12 22:42:09 CET 2010 -+ -+ * tun.c: in TARGET_NETBSD #ifdef, distinguish between "old" code -+ (IPv4 only, but unmodified read/write) and "new" code (multi-af, -+ extra 32 bit AF on read/write of the tun interface) - pre-4.0 -+ NetBSD systems don't have TUNSIFHEAD, no way to have common code. -+ -+ * TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6 (v4+v6) -+ -+ * TEST SUCCESS: NetBSD 3.1/Sparc64: client-ipv6 with route-ipv6 (v4-only) -+ -+Thu Jan 14 15:41:50 CET 2010 -+ -+ * multi.c: if "--ifconfig-push" is used together with "--ifconfig-ipv6-pool" -+ and no "--ifconfig-ipv6-push" is seen, issue warning - the current -+ implementation of pools has IPv6 tied to IPv4, so if v4 does not use -+ the pool, it breaks for IPv6. Not a *big* problem (since there is -+ enough v6, just give those users a static v6 address as well), but needs -+ to be pointed out clearly. -+ -+ * release as patch 20100114-1 -+ -+Tue Feb 16 14:43:28 CET 2010 -+ -+ * options.c: print "IPv6 payload patch" release date in "--version" -+ -+ * tun.c: undo change to init_tun() (moving "bool tun" and call to -+ "is_tun_p2p()" further up) - it wasn't needed and breaks "make check" -+ -+ * git stuff: rebase on David Sommerseth's openvpn-testing git tree -+ -+ * release as patch 20100216-1 -+ -+Fri Feb 26 19:59:01 CET 2010 -+ -+ * init.c: initialize tuntap->ipv6 in do_init_tun() (to make sure it's -+ always initialized early-enough, independent of the sequence of -+ do_ifconfig()/open_tun() [see ifconfig_order() in tun.h]) -+ -+ * tun.c, init.c: remove "bool ipv6" argument to tuncfg(), open_tun() -+ and open_tun_generic() - obsoleted by previous change -+ -+ * tun.c: remove ipv6_support() - original purpose was unclear, and all -+ current platforms (except linux-very-old) fully support IPv6 now :-) -+ -+ * tun.c: initial implementation of "netsh" IPv6-ifconfig for Win32 -+ -+ * RE-TEST SUCCESS: Linux/i386/ifconfig, client-tun/net30, v4+v6 -+ -+Sun Feb 28 17:05:57 CET 2010 -+ -+ * tun.c: NetBSD dependent part: correct destroying/re-creation of tun dev -+ -+ * tun.c: move adding of "connected" IPv6 prefix to new helper function, -+ add_route_connected_v6_net() -+ -+ * RE-TEST SUCCESS: NetBSD 5.0/Sparc64, client-tun/net30, v4+v6 -+ -+ * RE-TEST SUCCESS: NetBSD 3.1/Sparc64: client-tun/net30, v4-only -+ -+ * RE-TEST SUCCESS: Linux/i386/iproute2: server-tun/net30, v4+v6 -+ -+ * tun.c: add #ifdef TARGET_DARWIN block for *_tun() functions, to -+ be able to modify close_tun() for unconfiguring IPv6 -+ -+ * tun.c: on close_tun() on MacOS X, need to de-configure "lo0" route for -+ configured IPv6 address -+ -+ * RE-TEST SUCCESS: MacOS X (10.5)/i386: client-tun/net30, v4+v6 -+ -+ * route.c: implement ipv6 route adding / deletion via "netsh" for WIN32 -+ -+ * TEST FAIL: Windows XP fails, because the tun/tap driver does not -+ forward IPv6 frames kernel->userland if in "tun" mode -+ -+ * options.c: set IPv6 version to 20100228-1 -+ -+ * release as patch 20100228-1 -+ -+Sun Mar 7 19:17:33 CET 2010 -+ -+ * options.c: set IPv6 version to 20100307-1 -+ -+ * TODO.IPv6: add note about OpenBSD TODO (#16) -+ -+ * route.c: set (and remove) "magic next hop" fe80::8 for IPv6 routes on -+ Win32 -+ -+ * install-win32/settings.in: bump TAP driver version from 9.6 to 9.7 -+ and TAP_RELDATE to "07/03/2010" -+ -+ * tap-win32/proto.h: add data types and definitions needed for IPv6 -+ -+ * tap-win32/types.h: add m_UserToTap_IPv6 ethernet header for IPv6 packets -+ -+ * tap-win32/tapdrvr.c: implement support for IPv6 in TUN mode: -+ - IPv6 packets User->OS need correct ether type -+ - IPv6 packets OS->User get correctly forwarded -+ - IPv6 neighbour discovery packets for "fe80::8" (magic address -+ installed as route-nexthop by OpenVPN.exe) get answered locally -+ -+ * TEST SUCCESS: WindowsXP/32bit: client-tun/net30, v4+v6 -+ -+ * tun.c: if IPv6 requested in TUN mode, and TUN/TAP driver version -+ is older than 9.7, log warning and disable IPv6 (won't work anyway). -+ -+ * release as patch 20100307-1 -+ -+Sat Jul 10 14:37:52 CEST 2010 -+ -+ * TEST SUCCESS: point-to-point tun mode with --ifconfig-ipv6 between -+ Solaris10/sparc and Linux (Michal Ludvig) -+ (using the whiteboard tun driver on Solaris, otherwise "no IPv6") -+ -+Sun Aug 8 12:30:44 CEST 2010 -+ -+ * route.c: split NetBSD and OpenBSD parts of add_route_ipv6() and -+ delete_route_ipv6(), implement OpenBSD variant -+ (needs "-prefixlen nn" while NetBSD uses "/nn") -+ -+ * tun.c: implement IPv6 ifconfig for OpenBSD -+ -+ * tun.c: destroy tunX interface at tun_close() on OpenBSD (cleanup) -+ -+ * TEST SUCCESS: OpenBSD 4.7: client-tun/net30, v4+v6 -+ -+Thu Sep 2 21:18:32 CEST 2010 -+ -+ * tun.c: the TAP binary in 2.2-beta3 has the IPv6 related changes, but -+ the version number is 9.8 now -> check for 9.8, not 9.7 -+ -+Wed Sep 22 22:20:37 CEST 2010 -+ -+ * tun.c: bugfix for Linux/iproute2/"topology subnet". Works :-) -+ -+ * TEST SUCCESS: Linux/ifconfig: client-tun/net30+subnet, v4+v6 -+ -+ * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6 -+ -+ * options.c: tag as 20100922-1 so "allmerged" users can see IPv6 change -+ -+Fri Sep 24 17:57:41 CEST 2010 -+ -+ * TEST SUCCESS: Linux/<both>: client-tap, v4+v6, ping6 on connected addr -+ -+ * TEST FAIL: Linux/<both>: client-tap, v6, route6 (gateway missing) -+ -+Do 21. Okt 19:36:49 CEST 2010 -+ -+ * t_client.sh.in: cherrypick commit f25fe91a40aa3f and 6f1e61b41be52 -+ (proper exit codes to signal "SKIP" if we do not want to run) -+ -+So 16. Jan 17:25:23 CET 2011 -+ -+ * tun.c, route.c: cherrypick 121755c2cb4891f and f0eac1a5979096c67 -+ (TAP driver and "topology subnet" support for Solaris) -+ -+ * tun.c: add IPv6 configuration for TAP interfaces (<device>:1 inet6) -+ -+ * tun.c: on close_tun on Solaris, unplumb IPv6 TUN or TAP interfaces -+ -+ * TEST SUCCESS: OpenSolaris: client-tun, v4+v6 -+ TEST SUCCESS: OpenSolaris: client-tap, v4+v6, ping6 on connected addr -+ TEST FAIL: OpenSolaris: client-tap, v6, route6 (gateway missing) -+ -+So 24. Apr 16:51:45 CEST 2011 -+ -+ * rebase to "beta2.2" branch (at 2.2RC2 tag) -+ -+ * mroute.c: remove mroute_helper_lock/_unlock() calls for IPv6 -+ * socket.c: remove locking with L_INET_NTOA mutex -+ (all the threading stuff got removed by David Sommerseth for 2.2) -+ -+ * mroute.c: remove duplicate mroute_helper_add_iroute6() and -+ mroute_helper_del_iroute6() - "git rebase" artefact -+ -+ * ChangeLog.IPv6 and TODO.IPv6: add to commit -+ -+ * options.c: tag as 20110424-2 (2.2RC2) -+ -+ * TEST SUCCESS: Linux/ifconfig: client-tun/net30+subnet, v4+v6 -+ -+ * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6 -+ -+Thu Apr 28 19:10:01 CEST 2011 -+ -+ * rebase to "origin/release/2.2" branch (at v2.2.0 tag) -+ -+Thu May 19 20:51:12 CEST 2011 -+ -+ * include Windows "netsh add" -> "netsh set ... store=active" patch from -+ Seth Mos, to fix restart problems on Windows due to persistant addresses -+ -+ * TEST SUCCESS: Windows XP SP3: client-tun/net30, v4+v6 -+ -+Sat May 21 17:03:20 CEST 2011 -+ -+ * tun.c: Solaris cleanup (use CLEAR() to zero-out "ifr") -+ -+ * tun.c: Windows cleanup: remove route and IPv6 address on disconnect -+ -+ * route.c, route.h: remove "static" from delete_route_ipv6(), needed -+ for ipv6-route cleanup on disconnect -+ -+ * TEST SUCCESS: Windows XP SP3: client-tun/net30, v4+v6 -+ -+ * TEST SUCCESS: Windows 7 Home Premium: client-tun/net30, v4+v6 -+ -+So 22. Mai 14:46:12 CEST 2011 -+ -+ * Tony Lim: removing routes fails on windows if certain bits are set -+ in the "host part" (others are silently ignored) --> -+ -+ * route.c: create print_in6_addr_netbits_only() helper, call from -+ add_route_ipv6() and delete_route_ipv6() to get only network part -+ of route-to-be-modified -+ -+ * route.c: set 'store=active' on adding routes on WIN32 as well (Tony Lim) -+ -+ * options.c: bump IPv6 release to 20110522-1 -+ -+ * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6 -+ -+ * TEST SUCCESS: Windows XP SP3: client-tun/net30, v4+v6 -+ -+ * TEST SUCCESS: Windows 7 Home Premium: client-tun/net30, v4+v6 -+ -+ * TEST SUCCESS: OpenBSD 4.7: client-tun/net30, v4+v6 -+ TEST FAIL: OpenBSD 4.7: client-tun/subnet, v4 -+ (seems to be due to "topology subnet has just not been implemented yet") -diff --git openvpn-2.2.0/README.IPv6 openvpn-2.2-ipv6-20110522-1/README.IPv6 -new file mode 100644 -index 0000000..ca578f2 ---- /dev/null -+++ openvpn-2.2-ipv6-20110522-1/README.IPv6 -@@ -0,0 +1,8 @@ -+This is an experimentally patched version of OpenVPN 2.1 with IPv6 -+payload support. -+ -+Go here for release notes and documentation: -+ -+ http://www.greenie.net/ipv6/openvpn.html -+ -+Gert Doering, 31.12.2009 -diff --git openvpn-2.2.0/TODO.IPv6 openvpn-2.2-ipv6-20110522-1/TODO.IPv6 -new file mode 100644 -index 0000000..167ca51 ---- /dev/null -+++ openvpn-2.2-ipv6-20110522-1/TODO.IPv6 -@@ -0,0 +1,153 @@ -+known issues for IPv6 payload support in OpenVPN -+----------------------------------------------- -+ -+1.) "--topology subnet" doesn't work together with IPv6 payload on FreeBSD -+ (verified for FreeBSD server, Linux/ifconfig client, problems -+ with ICMP6 neighbor solicitations from BSD not being answered by Linux) -+ -+2.) NetBSD IPv6 support doesn't work -+ ("connected" route is not auto-created, "route-ipv6" adding fails) -+ -+ * fixed, 3.1.10 * -+ -+3.) route deletion for IPv6 routes is not yet done -+ -+ * fixed for configured routes, 3.1.10 * -+ * missing for manual-ifconfig-connected (NetBSD, Darwin, Win32) -+ * fixed for Win32, 22.5.2011 -+ -+4.) do "ifconfig tun0 inet6 unplumb" or "ifconfig tun0 destroy" for -+ Solaris, *BSD, ... at program termination time, to clean up leftovers -+ (unless tunnel persistance is desired). -+ -+ For Solaris, only the "ipv6 tun0" is affected, for the *BSDs all tun0 -+ stay around. -+ -+4a.) deconfigure IPv6 on tun interface on session termination, otherwise -+ one could end up with something like this (on NetBSD): -+ -+tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 -+ inet 10.9.0.18 -> 10.9.0.17 netmask 0xffffffff -+ inet6 fe80::a00:20ff:fece:d299%tun0 -> prefixlen 64 scopeid 0x3 -+ inet6 2001:608:4:eff::2000:3 -> prefixlen 64 -+ inet6 2001:608:4:eff::1:3 -> prefixlen 64 -+ -+ (pool was changed, previous address still active on tun0, breakage) -+ -+ * semi-fixed for NetBSD, 28.2.10, always do tun0 destroy / tun0 create -+ before actual ifconfig -- tunnel still lingers after OpenVPN quits -+ -+4b.) verify this - on FreeBSD, tun0 is auto-destroyed if created by -+ opening /dev/tun (and lingers if created by "ifconfig tun0 create") -+ -+ -> use for persistant tunnels on not-linux? -+ -+5.) add new option "ifconfig-ipv6-push" -+ (per-client static IPv6 assignment, -> radiusplugin, etc) -+ -+ * implemented, 14.1.10 * -+ -+6.) add new option "route-ipv6-gateway" -+ -+7.) add "full" gateway handling for IPv6 in route.c -+ (right now, the routes are just sent down the tun interface, if the -+ operating system in questions supports that, without care for the -+ gateway address - which does not work for gateways that are supposed -+ to point elsewhere. Also, it doesn't work for TAP interfaces. -+ -+8.) full IPv6 support for TAP interfaces -+ (main issue should be routes+gateway - and testing :-) ) -+ -+ test 2010/09/24: TAP itself works on linux/ifconfig+iproute2, but -+ route-via-tap doesn't work at all (route points to "tap0" which fails) -+ -+17:51:14.075412 fe:ab:6e:c5:53:71 > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: 2001:608:4:a053::1:0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:608:4:a001::1, length 32 -+ -+ how is iroute-via-tap supposed to work?? -+ -+9.) verify that iroute-ipv6 and route-ipv6 interact in the same way as -+ documented for iroute/route: -+ -+ A's subnet, OpenVPN must push this route to all clients -+ EXCEPT for A, since the subnet is already owned by A. -+ OpenVPN accomplishes this by not -+ not pushing a route to a client -+ if it matches one of the client's iroutes. -+ -+10.) extend "ifconfig-ipv6" to handle specification of /netbits, pushing -+ of /netbits, and correctly ifconfig'ing this -+ (default, if not specified: /64) -+ -+11.) do not add ipv6-routes if tun-ipv6 is not set - complain instead -+ -+ * done * 12.1.10 -+ -+12.) handle incoming [::] and [fe80:...] packets in tun-p2mp MULTI mode -+ (most likely those are DAD packets) -+ silently ignore DAD? -+ Or accept-and-forward iff (multicast && client2client)? -+ handle NS/NA -+ -+13.) from Martin List-Petersen: -+ -+ One thing, and I guess this requires modifications in -+ network-manager-openvpn: It also works, BUT ignores "push -+ route-ipv6-gateway" and "push route-ipv6 ...." (obviously routes pushed -+ from the server) entirely. -+ -+14.) from ##openvpn-discussion: -+ -+ new features should be #ifdef'ed -+ -+ (check whether this is feasible at all) -+ -+15.) IPv6 related environment variables -+ -+ - document all of them in openvpn.8 -+ - make sure that all existing IPv4 stuff has IPv6 counterparts -+ -+16.) OpenBSD -+ - implement ifconfig/route for IPv6 -+ - revert ifconfig/open_tun order to "normal" (separate commit!!!) -+ (openvpn-devel, Subject: OpenBSD) -+ - test -+ -+17.) client-option (Elwood) -+ - ignore-v6-push-options yes/no -+ - ignore-v6-route-push ("as for IPv4 routes") -+ -+18.) fail-save? "what if 'ip -6 addr add' fails" -> fail, or fallback to v4? -+ (-> recomment setting "ignore-v6-push-options yes") -+ -+19.) safety check: if connecting over IPv6 (v6 transport) and the pushed -+ route-ipv6 network encompasses the server IPv6 address, make sure -+ we at least log a warning (until we can fiddle with external routing -+ to make this work correctly). -+ -+20.) show "route add" / "route delete" commands for IPv6 in log file -+ (we show the "ifconfig" commands, so why not the routes?) -+ -+ 2010-08-07: this is a null-feature - it's already there, but with -+ different debug level (M_INFO vs. D_ROUTE) so user -+ didn't notice -+ -+21.) enable ipv6-only server operations -+ - decouple ipv6 pool handling from ipv4 pool -+ - make sure Rest of OpenVPN doesn't assume "there will always be IPv4" -+ -+22.) implement --learn-address for IPv6 -+ -+23.) FreeBSD 8 seems to require explicit setting of the "ifconfig" IPv6 -+ route, while FreeBSD 6+7 don't --> more testing, and code fix -+ -+ workaround for the time being: just add -+ -+ server-ipv6 2001:608:4:a051::/64 -+ route-ipv6 2001:608:4:a051::/64 -+ -+ to the config -+ -+ (problem + workaround applies both to tun and tap style devices) -+ -+24.) implement link-local IPv6 addresses -+ (OSPFv3 over TUN/multipoint does not work right now) -diff --git openvpn-2.2.0/forward.c openvpn-2.2-ipv6-20110522-1/forward.c +diff --git a/forward.c b/forward.c index 87d05cc..1f3d435 100644 ---- openvpn-2.2.0/forward.c -+++ openvpn-2.2-ipv6-20110522-1/forward.c +--- a/forward.c ++++ b/forward.c @@ -262,7 +262,8 @@ send_control_channel_string (struct context *c, const char *str, int msglevel) static void check_add_routes_action (struct context *c, const bool errors) @@ -631,10 +12,10 @@ index 87d05cc..1f3d435 100644 update_time (); event_timeout_clear (&c->c2.route_wakeup); event_timeout_clear (&c->c2.route_wakeup_expire); -diff --git openvpn-2.2.0/helper.c openvpn-2.2-ipv6-20110522-1/helper.c +diff --git a/helper.c b/helper.c index a9d7fd9..266b246 100644 ---- openvpn-2.2.0/helper.c -+++ openvpn-2.2-ipv6-20110522-1/helper.c +--- a/helper.c ++++ b/helper.c @@ -142,6 +142,55 @@ helper_client_server (struct options *o) #if P2MP @@ -691,10 +72,10 @@ index a9d7fd9..266b246 100644 /* * * HELPER DIRECTIVE: -diff --git openvpn-2.2.0/init.c openvpn-2.2-ipv6-20110522-1/init.c +diff --git a/init.c b/init.c index d47a4ef..7fc8eb7 100644 ---- openvpn-2.2.0/init.c -+++ openvpn-2.2-ipv6-20110522-1/init.c +--- a/init.c ++++ b/init.c @@ -843,7 +843,7 @@ do_persist_tuntap (const struct options *options) msg (M_FATAL|M_OPTERR, "options --mktun or --rmtun should only be used together with --dev"); @@ -832,10 +213,10 @@ index d47a4ef..7fc8eb7 100644 /* actually close tun/tap device based on --down-pre flag */ if (!c->options.down_pre) -diff --git openvpn-2.2.0/init.h openvpn-2.2-ipv6-20110522-1/init.h +diff --git a/init.h b/init.h index cf5ca8a..5a1d1dc 100644 ---- openvpn-2.2.0/init.h -+++ openvpn-2.2-ipv6-20110522-1/init.h +--- a/init.h ++++ b/init.h @@ -63,6 +63,7 @@ void init_instance (struct context *c, const struct env_set *env, const unsigned void do_route (const struct options *options, @@ -844,10 +225,10 @@ index cf5ca8a..5a1d1dc 100644 const struct tuntap *tt, const struct plugin_list *plugins, struct env_set *es); -diff --git openvpn-2.2.0/misc.c openvpn-2.2-ipv6-20110522-1/misc.c +diff --git a/misc.c b/misc.c index 4067d85..9d351f4 100644 ---- openvpn-2.2.0/misc.c -+++ openvpn-2.2-ipv6-20110522-1/misc.c +--- a/misc.c ++++ b/misc.c @@ -1001,7 +1001,9 @@ setenv_str_ex (struct env_set *es, { const char *str = construct_name_value (name_tmp, val_tmp, &gc); @@ -859,10 +240,10 @@ index 4067d85..9d351f4 100644 } else env_set_del (es, name_tmp); -diff --git openvpn-2.2.0/mroute.c openvpn-2.2-ipv6-20110522-1/mroute.c -index 3debd80..3182f65 100644 ---- openvpn-2.2.0/mroute.c -+++ openvpn-2.2-ipv6-20110522-1/mroute.c +diff --git a/mroute.c b/mroute.c +index 1b3488f..6cfec27 100644 +--- a/mroute.c ++++ b/mroute.c @@ -88,12 +88,33 @@ mroute_get_in_addr_t (struct mroute_addr *ma, const in_addr_t src, unsigned int } } @@ -897,41 +278,44 @@ index 3debd80..3182f65 100644 #ifdef ENABLE_PF static unsigned int -@@ -155,10 +176,29 @@ mroute_extract_addr_ipv4 (struct mroute_addr *src, +@@ -157,13 +178,29 @@ mroute_extract_addr_ipv4 (struct mroute_addr *src, } break; case 6: - { -- msg (M_WARN, "Need IPv6 code in mroute_extract_addr_from_packet"); +- if( !ipv6warned ) { +- msg (M_WARN, "IPv6 in tun mode is not supported in OpenVPN 2.2"); +- ipv6warned = true; +- } - break; - } -+ if (BLEN (buf) >= (int) sizeof (struct openvpn_ipv6hdr)) -+ { -+ const struct openvpn_ipv6hdr *ipv6 = (const struct openvpn_ipv6hdr *) BPTR (buf); -+#if 0 /* very basic debug */ -+ struct gc_arena gc = gc_new (); -+ msg( M_INFO, "IPv6 packet! src=%s, dst=%s", -+ print_in6_addr( ipv6->saddr, 0, &gc ), -+ print_in6_addr( ipv6->daddr, 0, &gc )); -+ gc_free (&gc); ++ if (BLEN (buf) >= (int) sizeof (struct openvpn_ipv6hdr)) ++ { ++ const struct openvpn_ipv6hdr *ipv6 = (const struct openvpn_ipv6hdr *) BPTR (buf); ++#if 0 /* very basic debug */ ++ struct gc_arena gc = gc_new (); ++ msg( M_INFO, "IPv6 packet! src=%s, dst=%s", ++ print_in6_addr( ipv6->saddr, 0, &gc ), ++ print_in6_addr( ipv6->daddr, 0, &gc )); ++ gc_free (&gc); +#endif + -+ mroute_get_in6_addr (src, ipv6->saddr, 0); -+ mroute_get_in6_addr (dest, ipv6->daddr, 0); ++ mroute_get_in6_addr (src, ipv6->saddr, 0); ++ mroute_get_in6_addr (dest, ipv6->daddr, 0); + -+ if (mroute_is_mcast_ipv6 (ipv6->daddr)) -+ ret |= MROUTE_EXTRACT_MCAST; ++ if (mroute_is_mcast_ipv6 (ipv6->daddr)) ++ ret |= MROUTE_EXTRACT_MCAST; + -+ ret |= MROUTE_EXTRACT_SUCCEEDED; -+ } -+ break; -+ default: -+ msg (M_WARN, "IP packet with unknown IP version=%d seen", -+ OPENVPN_IPH_GET_VER (*BPTR(buf))); ++ ret |= MROUTE_EXTRACT_SUCCEEDED; ++ } ++ break; ++ default: ++ msg (M_WARN, "IP packet with unknown IP version=%d seen", ++ OPENVPN_IPH_GET_VER (*BPTR(buf))); } } return ret; -@@ -252,14 +292,36 @@ bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr, +@@ -257,14 +294,36 @@ bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr, * Zero off the host bits in an address, leaving * only the network bits, using the netbits member of * struct mroute_addr as the controlling parameter. @@ -971,7 +355,7 @@ index 3debd80..3182f65 100644 } /* -@@ -337,17 +399,24 @@ mroute_addr_print_ex (const struct mroute_addr *ma, +@@ -342,17 +401,24 @@ mroute_addr_print_ex (const struct mroute_addr *ma, } break; case MR_ADDR_IPV6: @@ -1007,7 +391,7 @@ index 3debd80..3182f65 100644 /* * mroute_helper's main job is keeping track of -@@ -418,6 +487,40 @@ mroute_helper_del_iroute (struct mroute_helper *mh, const struct iroute *ir) +@@ -423,6 +489,40 @@ mroute_helper_del_iroute (struct mroute_helper *mh, const struct iroute *ir) } } @@ -1048,10 +432,10 @@ index 3debd80..3182f65 100644 void mroute_helper_free (struct mroute_helper *mh) { -diff --git openvpn-2.2.0/mroute.h openvpn-2.2-ipv6-20110522-1/mroute.h +diff --git a/mroute.h b/mroute.h index 7265001..b72b5ff 100644 ---- openvpn-2.2.0/mroute.h -+++ openvpn-2.2-ipv6-20110522-1/mroute.h +--- a/mroute.h ++++ b/mroute.h @@ -85,7 +85,7 @@ struct mroute_addr { /* * Number of bits in an address. Should be raised for IPv6. @@ -1070,10 +454,10 @@ index 7265001..b72b5ff 100644 /* * Given a raw packet in buf, return the src and dest -diff --git openvpn-2.2.0/multi.c openvpn-2.2-ipv6-20110522-1/multi.c +diff --git a/multi.c b/multi.c index 22c0a3f..f703b8d 100644 ---- openvpn-2.2.0/multi.c -+++ openvpn-2.2-ipv6-20110522-1/multi.c +--- a/multi.c ++++ b/multi.c @@ -316,25 +316,18 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa */ if (t->options.ifconfig_pool_defined) @@ -1310,11 +694,11 @@ index 22c0a3f..f703b8d 100644 /* add routes locally, pointing to new client, if --iroute options have been specified */ multi_add_iroutes (m, mi); -diff --git openvpn-2.2.0/openvpn.8 openvpn-2.2-ipv6-20110522-1/openvpn.8 -index 7d213f9..11fd5ad 100644 ---- openvpn-2.2.0/openvpn.8 -+++ openvpn-2.2-ipv6-20110522-1/openvpn.8 -@@ -789,6 +789,8 @@ or +diff --git a/openvpn.8 b/openvpn.8 +index 67a9779..5322618 100644 +--- a/openvpn.8 ++++ b/openvpn.8 +@@ -794,6 +794,8 @@ or .B \-\-dev tunX. A warning will be displayed if no specific IPv6 TUN support for your OS has been compiled into OpenVPN. @@ -1323,7 +707,7 @@ index 7d213f9..11fd5ad 100644 .\"********************************************************* .TP .B \-\-dev-node node -@@ -4936,6 +4938,57 @@ if certificates are stored as private objects. +@@ -4949,6 +4951,57 @@ if certificates are stored as private objects. .B \-\-verb option can be used BEFORE this option to produce debugging information. .\"********************************************************* @@ -1381,10 +765,10 @@ index 7d213f9..11fd5ad 100644 .SH SCRIPTING AND ENVIRONMENTAL VARIABLES OpenVPN exports a series of environmental variables for use by user-defined scripts. -diff --git openvpn-2.2.0/openvpn.h openvpn-2.2-ipv6-20110522-1/openvpn.h +diff --git a/openvpn.h b/openvpn.h index 641bf93..e5e6e58 100644 ---- openvpn-2.2.0/openvpn.h -+++ openvpn-2.2-ipv6-20110522-1/openvpn.h +--- a/openvpn.h ++++ b/openvpn.h @@ -165,6 +165,9 @@ struct context_1 /* list of --route directives */ struct route_list *route_list; @@ -1407,10 +791,10 @@ index 641bf93..e5e6e58 100644 /* client authentication state, CAS_SUCCEEDED must be 0 */ # define CAS_SUCCEEDED 0 # define CAS_PENDING 1 -diff --git openvpn-2.2.0/options.c openvpn-2.2-ipv6-20110522-1/options.c -index 7708995..bf59e00 100644 ---- openvpn-2.2.0/options.c -+++ openvpn-2.2-ipv6-20110522-1/options.c +diff --git a/options.c b/options.c +index 7a5e35d..8fdd8a5 100644 +--- a/options.c ++++ b/options.c @@ -79,6 +79,7 @@ const char title_string[] = #ifdef ENABLE_EUREPHIA " [eurephia]" @@ -1419,7 +803,7 @@ index 7708995..bf59e00 100644 " built on " __DATE__ ; -@@ -171,6 +172,8 @@ static const char usage_message[] = +@@ -172,6 +173,8 @@ static const char usage_message[] = " addresses outside of the subnets used by either peer.\n" " TAP: configure device to use IP address l as a local\n" " endpoint and rn as a subnet mask.\n" @@ -1428,7 +812,7 @@ index 7708995..bf59e00 100644 "--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead\n" " pass --ifconfig parms by environment to scripts.\n" "--ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the\n" -@@ -181,6 +184,10 @@ static const char usage_message[] = +@@ -182,6 +185,10 @@ static const char usage_message[] = " netmask default: 255.255.255.255\n" " gateway default: taken from --route-gateway or --ifconfig\n" " Specify default by leaving blank or setting to \"nil\".\n" @@ -1439,7 +823,7 @@ index 7708995..bf59e00 100644 "--max-routes n : Specify the maximum number of routes that may be defined\n" " or pulled from a server.\n" "--route-gateway gw|'dhcp' : Specify a default gateway for use with --route.\n" -@@ -369,6 +376,7 @@ static const char usage_message[] = +@@ -370,6 +377,7 @@ static const char usage_message[] = "\n" "Multi-Client Server options (when --mode server is used):\n" "--server network netmask : Helper option to easily configure server mode.\n" @@ -1447,7 +831,7 @@ index 7708995..bf59e00 100644 "--server-bridge [IP netmask pool-start-IP pool-end-IP] : Helper option to\n" " easily configure ethernet bridging server mode.\n" "--push \"option\" : Push a config file option back to the peer for remote\n" -@@ -382,10 +390,16 @@ static const char usage_message[] = +@@ -383,10 +391,16 @@ static const char usage_message[] = "--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool\n" " data to file, at seconds intervals (default=600).\n" " If seconds=0, file will be treated as read-only.\n" @@ -1464,7 +848,7 @@ index 7708995..bf59e00 100644 " Sets up internal routes only.\n" " Only valid in a client-specific config file.\n" "--disable : Client is disabled.\n" -@@ -870,6 +884,78 @@ get_ip_addr (const char *ip_string, int msglevel, bool *error) +@@ -871,6 +885,78 @@ get_ip_addr (const char *ip_string, int msglevel, bool *error) return ret; } @@ -1543,7 +927,7 @@ index 7708995..bf59e00 100644 static char * string_substitute (const char *src, int from, int to, struct gc_arena *gc) { -@@ -988,6 +1074,8 @@ show_p2mp_parms (const struct options *o) +@@ -989,6 +1075,8 @@ show_p2mp_parms (const struct options *o) #if P2MP_SERVER msg (D_SHOW_PARMS, " server_network = %s", print_in_addr_t (o->server_network, 0, &gc)); msg (D_SHOW_PARMS, " server_netmask = %s", print_in_addr_t (o->server_netmask, 0, &gc)); @@ -1552,7 +936,7 @@ index 7708995..bf59e00 100644 msg (D_SHOW_PARMS, " server_bridge_ip = %s", print_in_addr_t (o->server_bridge_ip, 0, &gc)); msg (D_SHOW_PARMS, " server_bridge_netmask = %s", print_in_addr_t (o->server_bridge_netmask, 0, &gc)); msg (D_SHOW_PARMS, " server_bridge_pool_start = %s", print_in_addr_t (o->server_bridge_pool_start, 0, &gc)); -@@ -1008,6 +1096,9 @@ show_p2mp_parms (const struct options *o) +@@ -1009,6 +1097,9 @@ show_p2mp_parms (const struct options *o) msg (D_SHOW_PARMS, " ifconfig_pool_netmask = %s", print_in_addr_t (o->ifconfig_pool_netmask, 0, &gc)); SHOW_STR (ifconfig_pool_persist_filename); SHOW_INT (ifconfig_pool_persist_refresh_freq); @@ -1562,7 +946,7 @@ index 7708995..bf59e00 100644 SHOW_INT (n_bcast_buf); SHOW_INT (tcp_queue_limit); SHOW_INT (real_hash_size); -@@ -1021,6 +1112,9 @@ show_p2mp_parms (const struct options *o) +@@ -1022,6 +1113,9 @@ show_p2mp_parms (const struct options *o) SHOW_BOOL (push_ifconfig_defined); msg (D_SHOW_PARMS, " push_ifconfig_local = %s", print_in_addr_t (o->push_ifconfig_local, 0, &gc)); msg (D_SHOW_PARMS, " push_ifconfig_remote_netmask = %s", print_in_addr_t (o->push_ifconfig_remote_netmask, 0, &gc)); @@ -1572,7 +956,7 @@ index 7708995..bf59e00 100644 SHOW_BOOL (enable_c2c); SHOW_BOOL (duplicate_cn); SHOW_INT (cf_max); -@@ -1075,6 +1169,25 @@ option_iroute (struct options *o, +@@ -1076,6 +1170,25 @@ option_iroute (struct options *o, o->iroutes = ir; } @@ -1598,7 +982,7 @@ index 7708995..bf59e00 100644 #endif /* P2MP_SERVER */ #endif /* P2MP */ -@@ -1112,6 +1225,13 @@ rol_check_alloc (struct options *options) +@@ -1113,6 +1226,13 @@ rol_check_alloc (struct options *options) options->routes = new_route_option_list (options->max_routes, &options->gc); } @@ -1612,7 +996,7 @@ index 7708995..bf59e00 100644 #ifdef ENABLE_DEBUG static void show_connection_entry (const struct connection_entry *o) -@@ -1202,6 +1322,9 @@ show_settings (const struct options *o) +@@ -1203,6 +1323,9 @@ show_settings (const struct options *o) SHOW_STR (ifconfig_remote_netmask); SHOW_BOOL (ifconfig_noexec); SHOW_BOOL (ifconfig_nowarn); @@ -1622,7 +1006,7 @@ index 7708995..bf59e00 100644 #ifdef HAVE_GETTIMEOFDAY SHOW_INT (shaper); -@@ -1862,8 +1985,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne +@@ -1863,8 +1986,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne if (options->connection_list) msg (M_USAGE, "<connection> cannot be used with --mode server"); #endif @@ -1633,7 +1017,7 @@ index 7708995..bf59e00 100644 if (options->shaper) msg (M_USAGE, "--shaper cannot be used with --mode server"); if (options->inetd) -@@ -1888,6 +2013,11 @@ options_postprocess_verify_ce (const struct options *options, const struct conne +@@ -1889,6 +2014,11 @@ options_postprocess_verify_ce (const struct options *options, const struct conne msg (M_USAGE, "--up-delay cannot be used with --mode server"); if (!options->ifconfig_pool_defined && options->ifconfig_pool_persist_filename) msg (M_USAGE, "--ifconfig-pool-persist must be used with --ifconfig-pool"); @@ -1645,7 +1029,7 @@ index 7708995..bf59e00 100644 if (options->auth_user_pass_file) msg (M_USAGE, "--auth-user-pass cannot be used with --mode server (it should be used on the client side only)"); if (options->ccd_exclusive && !options->client_config_dir) -@@ -1919,6 +2049,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne +@@ -1920,6 +2050,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne */ if (options->ifconfig_pool_defined || options->ifconfig_pool_persist_filename) msg (M_USAGE, "--ifconfig-pool/--ifconfig-pool-persist requires --mode server"); @@ -1654,7 +1038,7 @@ index 7708995..bf59e00 100644 if (options->real_hash_size != defaults.real_hash_size || options->virtual_hash_size != defaults.virtual_hash_size) msg (M_USAGE, "--hash-size requires --mode server"); -@@ -2460,6 +2592,8 @@ options_string (const struct options *o, +@@ -2461,6 +2593,8 @@ options_string (const struct options *o, o->topology, o->ifconfig_local, o->ifconfig_remote_netmask, @@ -1663,7 +1047,7 @@ index 7708995..bf59e00 100644 (in_addr_t)0, (in_addr_t)0, false, -@@ -3785,6 +3919,30 @@ add_option (struct options *options, +@@ -3786,6 +3920,30 @@ add_option (struct options *options, goto err; } } @@ -1694,7 +1078,7 @@ index 7708995..bf59e00 100644 else if (streq (p[0], "ifconfig-noexec")) { VERIFY_PERMISSION (OPT_P_UP); -@@ -4585,6 +4743,26 @@ add_option (struct options *options, +@@ -4586,6 +4744,26 @@ add_option (struct options *options, } add_route_to_option_list (options->routes, p[1], p[2], p[3], p[4]); } @@ -1721,7 +1105,7 @@ index 7708995..bf59e00 100644 else if (streq (p[0], "max-routes") && p[1]) { int max_routes; -@@ -4796,6 +4974,33 @@ add_option (struct options *options, +@@ -4797,6 +4975,33 @@ add_option (struct options *options, } } } @@ -1755,7 +1139,7 @@ index 7708995..bf59e00 100644 else if (streq (p[0], "server-bridge") && p[1] && p[2] && p[3] && p[4]) { const int lev = M_WARN; -@@ -4880,6 +5085,28 @@ add_option (struct options *options, +@@ -4881,6 +5086,28 @@ add_option (struct options *options, VERIFY_PERMISSION (OPT_P_GENERAL); options->topology = TOP_P2P; } @@ -1784,7 +1168,7 @@ index 7708995..bf59e00 100644 else if (streq (p[0], "hash-size") && p[1] && p[2]) { int real, virtual; -@@ -5075,6 +5302,11 @@ add_option (struct options *options, +@@ -5076,6 +5303,11 @@ add_option (struct options *options, } option_iroute (options, p[1], netmask, msglevel); } @@ -1796,7 +1180,7 @@ index 7708995..bf59e00 100644 else if (streq (p[0], "ifconfig-push") && p[1] && p[2]) { in_addr_t local, remote_netmask; -@@ -5113,6 +5345,43 @@ add_option (struct options *options, +@@ -5114,6 +5346,43 @@ add_option (struct options *options, goto err; } } @@ -1840,10 +1224,10 @@ index 7708995..bf59e00 100644 else if (streq (p[0], "disable")) { VERIFY_PERMISSION (OPT_P_INSTANCE); -diff --git openvpn-2.2.0/options.h openvpn-2.2-ipv6-20110522-1/options.h -index 7f4c0cd..dd04ee8 100644 ---- openvpn-2.2.0/options.h -+++ openvpn-2.2-ipv6-20110522-1/options.h +diff --git a/options.h b/options.h +index dd49355..3b01597 100644 +--- a/options.h ++++ b/options.h @@ -205,6 +205,9 @@ struct options int topology; /* one of the TOP_x values from proto.h */ const char *ifconfig_local; @@ -1862,15 +1246,7 @@ index 7f4c0cd..dd04ee8 100644 bool route_nopull; bool route_gateway_via_dhcp; bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */ -@@ -355,12 +359,17 @@ struct options - struct plugin_option_list *plugin_list; - #endif - -+ const char *tmp_dir; -+ - #if P2MP - - #if P2MP_SERVER +@@ -363,6 +367,9 @@ struct options bool server_defined; in_addr_t server_network; in_addr_t server_netmask; @@ -1880,42 +1256,37 @@ index 7f4c0cd..dd04ee8 100644 # define SF_NOPOOL (1<<0) # define SF_TCP_NODELAY_HELPER (1<<1) -@@ -382,24 +391,33 @@ struct options +@@ -384,6 +391,11 @@ struct options in_addr_t ifconfig_pool_netmask; const char *ifconfig_pool_persist_filename; int ifconfig_pool_persist_refresh_freq; + -+ bool ifconfig_ipv6_pool_defined; /* IPv6 */ -+ struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */ -+ int ifconfig_ipv6_pool_netbits; /* IPv6 */ ++ bool ifconfig_ipv6_pool_defined; /* IPv6 */ ++ struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */ ++ int ifconfig_ipv6_pool_netbits; /* IPv6 */ + int real_hash_size; int virtual_hash_size; const char *client_connect_script; - const char *client_disconnect_script; - const char *learn_address_script; -- const char *tmp_dir; - const char *client_config_dir; - bool ccd_exclusive; - bool disable; +@@ -395,12 +407,17 @@ struct options int n_bcast_buf; int tcp_queue_limit; struct iroute *iroutes; -+ struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */ ++ struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */ bool push_ifconfig_defined; in_addr_t push_ifconfig_local; in_addr_t push_ifconfig_remote_netmask; bool push_ifconfig_constraint_defined; in_addr_t push_ifconfig_constraint_network; in_addr_t push_ifconfig_constraint_netmask; -+ bool push_ifconfig_ipv6_defined; /* IPv6 */ -+ struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */ -+ int push_ifconfig_ipv6_netbits; /* IPv6 */ -+ struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */ ++ bool push_ifconfig_ipv6_defined; /* IPv6 */ ++ struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */ ++ int push_ifconfig_ipv6_netbits; /* IPv6 */ ++ struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */ bool enable_c2c; bool duplicate_cn; int cf_max; -@@ -722,6 +740,10 @@ void options_string_import (struct options *options, +@@ -723,6 +740,10 @@ void options_string_import (struct options *options, unsigned int *option_types_found, struct env_set *es); @@ -1926,10 +1297,10 @@ index 7f4c0cd..dd04ee8 100644 /* * inline functions */ -diff --git openvpn-2.2.0/pool.c openvpn-2.2-ipv6-20110522-1/pool.c +diff --git a/pool.c b/pool.c index 84333df..60dc520 100644 ---- openvpn-2.2.0/pool.c -+++ openvpn-2.2-ipv6-20110522-1/pool.c +--- a/pool.c ++++ b/pool.c @@ -132,7 +132,10 @@ ifconfig_pool_verify_range (const int msglevel, const in_addr_t start, const in_ } @@ -2078,10 +1449,10 @@ index 84333df..60dc520 100644 if (h < 0) break; msg (M_INFO | M_NOPREFIX, "IFCONFIG_POOL TEST pass 3: l=%s r=%s cn=%s", -diff --git openvpn-2.2.0/pool.h openvpn-2.2-ipv6-20110522-1/pool.h +diff --git a/pool.h b/pool.h index 81264a9..fc9d6ab 100644 ---- openvpn-2.2.0/pool.h -+++ openvpn-2.2-ipv6-20110522-1/pool.h +--- a/pool.h ++++ b/pool.h @@ -52,6 +52,9 @@ struct ifconfig_pool int size; int type; @@ -2108,10 +1479,10 @@ index 81264a9..fc9d6ab 100644 bool ifconfig_pool_release (struct ifconfig_pool* pool, ifconfig_pool_handle hand, const bool hard); -diff --git openvpn-2.2.0/proto.h openvpn-2.2-ipv6-20110522-1/proto.h +diff --git a/proto.h b/proto.h index 55f0832..b8e8997 100644 ---- openvpn-2.2.0/proto.h -+++ openvpn-2.2-ipv6-20110522-1/proto.h +--- a/proto.h ++++ b/proto.h @@ -108,6 +108,21 @@ struct openvpn_iphdr { }; @@ -2134,10 +1505,10 @@ index 55f0832..b8e8997 100644 * UDP header */ struct openvpn_udphdr { -diff --git openvpn-2.2.0/push.c openvpn-2.2-ipv6-20110522-1/push.c +diff --git a/push.c b/push.c index 08c7f99..1fd8bea 100644 ---- openvpn-2.2.0/push.c -+++ openvpn-2.2-ipv6-20110522-1/push.c +--- a/push.c ++++ b/push.c @@ -189,8 +189,26 @@ send_push_reply (struct context *c) const int safe_cap = BCAP (&buf) - extra; bool push_sent = false; @@ -2165,10 +1536,10 @@ index 08c7f99..1fd8bea 100644 while (e) { if (e->enable) -diff --git openvpn-2.2.0/route.c openvpn-2.2-ipv6-20110522-1/route.c +diff --git a/route.c b/route.c index b5092fe..7c81f75 100644 ---- openvpn-2.2.0/route.c -+++ openvpn-2.2-ipv6-20110522-1/route.c +--- a/route.c ++++ b/route.c @@ -35,6 +35,7 @@ #include "socket.h" #include "manage.h" @@ -2835,10 +2206,10 @@ index b5092fe..7c81f75 100644 /* * The --redirect-gateway option requires OS-specific code below * to get the current default gateway. -diff --git openvpn-2.2.0/route.h openvpn-2.2-ipv6-20110522-1/route.h +diff --git a/route.h b/route.h index c5cbb7c..6a7704f 100644 ---- openvpn-2.2.0/route.h -+++ openvpn-2.2-ipv6-20110522-1/route.h +--- a/route.h ++++ b/route.h @@ -92,6 +92,19 @@ struct route_option_list { struct route_option routes[EMPTY_ARRAY_SIZE]; }; @@ -2960,10 +2331,10 @@ index c5cbb7c..6a7704f 100644 bool is_special_addr (const char *addr_str); -diff --git openvpn-2.2.0/socket.c openvpn-2.2-ipv6-20110522-1/socket.c +diff --git a/socket.c b/socket.c index 4720398..c04edc9 100644 ---- openvpn-2.2.0/socket.c -+++ openvpn-2.2-ipv6-20110522-1/socket.c +--- a/socket.c ++++ b/socket.c @@ -342,6 +342,24 @@ ip_addr_dotted_quad_safe (const char *dotted_quad) } } @@ -3104,10 +2475,10 @@ index 4720398..c04edc9 100644 int socket_recv_queue (struct link_socket *sock, int maxsize) { -diff --git openvpn-2.2.0/socket.h openvpn-2.2-ipv6-20110522-1/socket.h +diff --git a/socket.h b/socket.h index eef98d1..17943e7 100644 ---- openvpn-2.2.0/socket.h -+++ openvpn-2.2-ipv6-20110522-1/socket.h +--- a/socket.h ++++ b/socket.h @@ -351,6 +351,8 @@ const char *print_link_socket_actual (const struct link_socket_actual *act, #define IA_EMPTY_IF_UNDEF (1<<0) #define IA_NET_ORDER (1<<1) @@ -3125,10 +2496,10 @@ index eef98d1..17943e7 100644 socket_descriptor_t create_socket_tcp (void); -diff --git openvpn-2.2.0/syshead.h openvpn-2.2-ipv6-20110522-1/syshead.h -index 63b82ba..a01c2c4 100644 ---- openvpn-2.2.0/syshead.h -+++ openvpn-2.2-ipv6-20110522-1/syshead.h +diff --git a/syshead.h b/syshead.h +index b81ce59..fe4af3f 100644 +--- a/syshead.h ++++ b/syshead.h @@ -28,6 +28,10 @@ /* * Only include if not during configure @@ -3150,10 +2521,10 @@ index 63b82ba..a01c2c4 100644 #endif #ifdef HAVE_SYS_MMAN_H -diff --git openvpn-2.2.0/tun.c openvpn-2.2-ipv6-20110522-1/tun.c -index 59e87dc..cea1784 100644 ---- openvpn-2.2.0/tun.c -+++ openvpn-2.2-ipv6-20110522-1/tun.c +diff --git a/tun.c b/tun.c +index d03e8c7..4be71de 100644 +--- a/tun.c ++++ b/tun.c @@ -56,13 +56,14 @@ static void netsh_ifconfig (const struct tuntap_options *to, const in_addr_t ip, const in_addr_t netmask, @@ -3618,23 +2989,7 @@ index 59e87dc..cea1784 100644 /* * We handle --dev null specially, we do not open /dev/null for this. -@@ -1215,13 +1457,13 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 - close (tt->fd); - tt->fd = -1; - } -- open_tun_generic (dev, dev_type, dev_node, ipv6, false, true, tt); -+ open_tun_generic (dev, dev_type, dev_node, false, true, tt); - } - - #else - - void --open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, struct tuntap *tt) -+open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt) - { - ASSERT (0); - } -@@ -1231,9 +1473,9 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 +@@ -1222,9 +1464,9 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 #else void @@ -3646,7 +3001,7 @@ index 59e87dc..cea1784 100644 } #endif /* HAVE_LINUX_IF_TUN_H */ -@@ -1253,7 +1495,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 +@@ -1244,7 +1486,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 #endif void @@ -3655,7 +3010,7 @@ index 59e87dc..cea1784 100644 { struct tuntap *tt; -@@ -1261,7 +1503,7 @@ tuncfg (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, +@@ -1252,7 +1494,7 @@ tuncfg (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, clear_tuntap (tt); tt->type = dev_type_enum (dev, dev_type); tt->options = *options; @@ -3664,7 +3019,7 @@ index 59e87dc..cea1784 100644 if (ioctl (tt->fd, TUNSETPERSIST, persist_mode) < 0) msg (M_ERR, "Cannot ioctl TUNSETPERSIST(%d) %s", persist_mode, dev); if (username != NULL) -@@ -1404,7 +1646,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) +@@ -1395,7 +1637,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) #endif void @@ -3673,7 +3028,7 @@ index 59e87dc..cea1784 100644 { int if_fd, ip_muxid, arp_muxid, arp_fd, ppa = -1; struct lifreq ifr; -@@ -1415,8 +1657,11 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 +@@ -1406,8 +1648,11 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 bool is_tun; struct strioctl strioc_if, strioc_ppa; @@ -3687,7 +3042,7 @@ index 59e87dc..cea1784 100644 if (tt->type == DEV_TYPE_NULL) { -@@ -1570,6 +1815,18 @@ solaris_close_tun (struct tuntap *tt) +@@ -1561,6 +1806,18 @@ solaris_close_tun (struct tuntap *tt) { if (tt) { @@ -3706,7 +3061,7 @@ index 59e87dc..cea1784 100644 if (tt->ip_fd >= 0) { struct lifreq ifr; -@@ -1622,11 +1879,20 @@ close_tun (struct tuntap *tt) +@@ -1613,11 +1870,20 @@ close_tun (struct tuntap *tt) } static void @@ -3728,7 +3083,7 @@ index 59e87dc..cea1784 100644 argv_printf (&argv, "%s %s unplumb", IFCONFIG_PATH, -@@ -1683,9 +1949,9 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) +@@ -1674,9 +1940,9 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) */ void @@ -3740,7 +3095,7 @@ index 59e87dc..cea1784 100644 /* Enable multicast on the interface */ if (tt->fd >= 0) -@@ -1706,12 +1972,31 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 +@@ -1697,12 +1963,31 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 } } @@ -3772,7 +3127,7 @@ index 59e87dc..cea1784 100644 free (tt); } } -@@ -1774,33 +2059,51 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) +@@ -1765,33 +2050,51 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) #elif defined(TARGET_NETBSD) /* @@ -3835,7 +3190,7 @@ index 59e87dc..cea1784 100644 if (tt) { close_tun_generic (tt); -@@ -1808,6 +2111,65 @@ close_tun (struct tuntap *tt) +@@ -1799,6 +2102,65 @@ close_tun (struct tuntap *tt) } } @@ -3901,7 +3256,7 @@ index 59e87dc..cea1784 100644 int write_tun (struct tuntap* tt, uint8_t *buf, int len) { -@@ -1819,6 +2181,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) +@@ -1810,6 +2172,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) { return read (tt->fd, buf, len); } @@ -3909,7 +3264,7 @@ index 59e87dc..cea1784 100644 #elif defined(TARGET_FREEBSD) -@@ -1832,9 +2195,9 @@ freebsd_modify_read_write_return (int len) +@@ -1823,9 +2186,9 @@ freebsd_modify_read_write_return (int len) } void @@ -3921,7 +3276,7 @@ index 59e87dc..cea1784 100644 if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN) { -@@ -1920,9 +2283,9 @@ dragonfly_modify_read_write_return (int len) +@@ -1911,9 +2274,9 @@ dragonfly_modify_read_write_return (int len) } void @@ -3933,7 +3288,7 @@ index 59e87dc..cea1784 100644 if (tt->fd >= 0) { -@@ -1991,6 +2354,61 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) +@@ -1982,6 +2345,61 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) return read (tt->fd, buf, len); } @@ -3995,7 +3350,7 @@ index 59e87dc..cea1784 100644 #elif defined(WIN32) int -@@ -3976,7 +4394,7 @@ fork_register_dns_action (struct tuntap *tt) +@@ -3967,7 +4385,7 @@ fork_register_dns_action (struct tuntap *tt) } void @@ -4004,7 +3359,7 @@ index 59e87dc..cea1784 100644 { struct gc_arena gc = gc_new (); char device_path[256]; -@@ -3987,7 +4405,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 +@@ -3978,7 +4396,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 /*netcmd_semaphore_lock ();*/ @@ -4013,24 +3368,7 @@ index 59e87dc..cea1784 100644 if (tt->type == DEV_TYPE_NULL) { -@@ -4109,6 +4527,16 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 - msg (M_FATAL, "ERROR: This version of " PACKAGE_NAME " requires a TAP-Win32 driver that is at least version %d.%d -- If you recently upgraded your " PACKAGE_NAME " distribution, a reboot is probably required at this point to get Windows to see the new driver.", - TAP_WIN32_MIN_MAJOR, - TAP_WIN32_MIN_MINOR); -+ -+ /* usage of numeric constants is ugly, but this is really tied to -+ * *this* version of the driver -+ */ -+ if ( tt->ipv6 && tt->type == DEV_TYPE_TUN && -+ info[0] == 9 && info[1] < 8) -+ { -+ msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not support IPv6 in TUN mode. IPv6 will be disabled. Upgrade to Tap-Win32 9.8 (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0], (int) info[1] ); -+ tt->ipv6 = false; -+ } - } - - /* get driver MTU */ -@@ -4433,6 +4861,26 @@ close_tun (struct tuntap *tt) +@@ -4432,6 +4850,26 @@ close_tun (struct tuntap *tt) if (tt) { @@ -4057,7 +3395,7 @@ index 59e87dc..cea1784 100644 #if 1 if (tt->ipapi_context_defined) { -@@ -4536,9 +4984,9 @@ ipset2ascii_all (struct gc_arena *gc) +@@ -4535,9 +4973,9 @@ ipset2ascii_all (struct gc_arena *gc) #else /* generic */ void @@ -4069,10 +3407,10 @@ index 59e87dc..cea1784 100644 } void -diff --git openvpn-2.2.0/tun.h openvpn-2.2-ipv6-20110522-1/tun.h +diff --git a/tun.h b/tun.h index 011ab54..f28b8d8 100644 ---- openvpn-2.2.0/tun.h -+++ openvpn-2.2-ipv6-20110522-1/tun.h +--- a/tun.h ++++ b/tun.h @@ -130,6 +130,7 @@ struct tuntap int topology; /* one of the TOP_x values */ @@ -4119,10 +3457,10 @@ index 011ab54..f28b8d8 100644 in_addr_t local_public, in_addr_t remote_public, const bool strict_warn, -diff --git openvpn-2.2.0/win32.c openvpn-2.2-ipv6-20110522-1/win32.c +diff --git a/win32.c b/win32.c index 2b7bf7b..cf6cc2d 100644 ---- openvpn-2.2.0/win32.c -+++ openvpn-2.2-ipv6-20110522-1/win32.c +--- a/win32.c ++++ b/win32.c @@ -874,16 +874,21 @@ win_safe_filename (const char *fn) static char * env_block (const struct env_set *es) @@ -4164,10 +3502,10 @@ index 2b7bf7b..cf6cc2d 100644 *p = '\0'; return ret; } -diff --git openvpn-2.2.0/win32.h openvpn-2.2-ipv6-20110522-1/win32.h +diff --git a/win32.h b/win32.h index b6a162e..829933f 100644 ---- openvpn-2.2.0/win32.h -+++ openvpn-2.2-ipv6-20110522-1/win32.h +--- a/win32.h ++++ b/win32.h @@ -269,6 +269,8 @@ char *get_win_sys_path (void); /* call self in a subprocess */ |