mirror of
https://github.com/OpenVPN/openvpn.git
synced 2025-05-08 21:25:53 +08:00
5085ae1cbb
IPv6 is no longer provided by external patches - all has been integrated. Document that fact, point at the new configuration options, and at potential caveats. Acked-by: David Sommerseth <davids@redhat.com> Message-Id: 1359113954-25768-1-git-send-email-gert@greenie.muc.de URL: http://article.gmane.org/gmane.network.openvpn.devel/7305 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit c2f4c1918202f4395438663804b0806c93790501)
66 lines
2.0 KiB
Plaintext
66 lines
2.0 KiB
Plaintext
Since 2.3.0, OpenVPN officially supports IPv6, and all widely used
|
|
patches floating around for older versions have been integrated.
|
|
|
|
IPv6 payload support
|
|
--------------------
|
|
|
|
This is for "IPv6 inside OpenVPN", with server-pushed IPv6 configuration
|
|
on the client, and support for IPv6 configuration on the tun/tap interface
|
|
from within the openvpn config.
|
|
|
|
The code in 2.3.0 supersedes the IPv6 payload patches from Gert Doering,
|
|
formerly located at http://www.greenie.net/ipv6/openvpn.html
|
|
|
|
|
|
The following options have been added to handle IPv6 configuration,
|
|
analogous to their IPv4 counterparts (--server <-> --server-ipv6, etc.)
|
|
|
|
- server-ipv6
|
|
- ifconfig-ipv6
|
|
- ifconfig-ipv6-pool
|
|
- ifconfig-ipv6-push
|
|
- route-ipv6
|
|
- iroute-ipv6
|
|
|
|
see "man openvpn" for details how they are used.
|
|
|
|
|
|
|
|
IPv6 transport support
|
|
----------------------
|
|
|
|
This is to enable OpenVPN peers or client/servers to talk to each other
|
|
over an IPv6 network ("OpenVPN over IPv6").
|
|
|
|
The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
|
|
formerly located at http://github.com/jjo/openvpn-ipv6
|
|
|
|
|
|
Use the following options to select IPv6 transport:
|
|
|
|
--proto udp6
|
|
--proto tcp6-client
|
|
--proto tcp6-server
|
|
--proto tcp6 --client / --proto tcp6 --server
|
|
|
|
On systems that permit IPv4 connections on IPv6 sockets (Linux by
|
|
default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by
|
|
running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can
|
|
handle IPv4 connections on the IPv6 socket as well, making it a true
|
|
dual-stacked server.
|
|
|
|
On other systems, as of 2.3.0, you need to run separate server instances
|
|
for IPv4 and IPv6.
|
|
|
|
The client side code is not really "dual-stacked" yet, as it does not
|
|
automatically try both address families when connecting to a dual-stacked
|
|
server. For now, you can achieve this with <connection> stanzas in your
|
|
openvpn config:
|
|
|
|
<connection>
|
|
remote my.dual.stack.server 1194 udp6
|
|
</connection>
|
|
<connection>
|
|
remote my.dual.stack.server 1194 udp
|
|
</connection>
|