Message ID | 20180605090421.9746-1-a@unstable.cc |
---|---|
Headers | show |
Series | Allow IPv6-only tunnels | expand |
Hi, I have applied these 5 patches to master on ubuntu 18.04LTS The resulting binary gave server+client ipv6 *only* tunnel over ipv4 network. 100% success Using only: --server-ipv6 12fc:1918::10:186:0:0/112 I am sure buildbot runs more extensive tests than my single test but I would be happy to ACK this if i could work out how to. Thanks On 05/06/18 10:04, Antonio Quartulli wrote: > This patchset allows clients and servers to work with a > tunnel configured with IPv6 only. > > Patches 2 and 3 are mere cosmetic changes and could be merged > regardless of the rest (note that 3 depends on 2). > > With this change a server can be configured by using only the > '--server-ipv6' directive. > This will result in clients receiving only 'ifconfig-ipv6' > setting in their push-reply (and no IPv4 at all). > > Given that different components required changes in order > to achieve this goal, the patchset has been organized as follows: > - patch 1 alters the tun logic (client & server side) > - patch 4 alters the ifconfig-pool logic (server side) > - patch 5 alters the server config logic (server side) > > > Although I have tested the patchset with different configurations > and with our buildbots, such change would definitely benefit > from a broader testing campaign (even before being merged). > > > Cheers, > > Trac: #208 > > Antonio Quartulli (5): > tun: ensure interface can be configured with IPv6 only > pool: restyle ipv4/ipv6 members to improve readability > pool: convert pool 'type' to enum > pool: allow to configure an IPv6-only ifconfig-pool > make server capable of starting with an IPv6-only tunnel > > src/openvpn/helper.c | 8 +- > src/openvpn/multi.c | 10 +- > src/openvpn/pool.c | 179 ++++++++++++++-------- > src/openvpn/pool.h | 31 ++-- > src/openvpn/tun.c | 357 +++++++++++++++++++------------------------ > 5 files changed, 308 insertions(+), 277 deletions(-) > ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Sorry, that should be: server Ubuntu 18.04 client arch linux but the resulting vpn is ipv6 only and works well. On 05/06/18 13:05, tincanteksup wrote: > Hi, > > I have applied these 5 patches to master on ubuntu 18.04LTS > The resulting binary gave server+client ipv6 *only* tunnel > over ipv4 network. 100% success > > Using only: --server-ipv6 12fc:1918::10:186:0:0/112 > > I am sure buildbot runs more extensive tests than my single test > but I would be happy to ACK this if i could work out how to. > > Thanks > > > On 05/06/18 10:04, Antonio Quartulli wrote: >> This patchset allows clients and servers to work with a >> tunnel configured with IPv6 only. >> >> Patches 2 and 3 are mere cosmetic changes and could be merged >> regardless of the rest (note that 3 depends on 2). >> >> With this change a server can be configured by using only the >> '--server-ipv6' directive. >> This will result in clients receiving only 'ifconfig-ipv6' >> setting in their push-reply (and no IPv4 at all). >> >> Given that different components required changes in order >> to achieve this goal, the patchset has been organized as follows: >> - patch 1 alters the tun logic (client & server side) >> - patch 4 alters the ifconfig-pool logic (server side) >> - patch 5 alters the server config logic (server side) >> >> >> Although I have tested the patchset with different configurations >> and with our buildbots, such change would definitely benefit >> from a broader testing campaign (even before being merged). >> >> >> Cheers, >> >> Trac: #208 >> >> Antonio Quartulli (5): >> tun: ensure interface can be configured with IPv6 only >> pool: restyle ipv4/ipv6 members to improve readability >> pool: convert pool 'type' to enum >> pool: allow to configure an IPv6-only ifconfig-pool >> make server capable of starting with an IPv6-only tunnel >> >> src/openvpn/helper.c | 8 +- >> src/openvpn/multi.c | 10 +- >> src/openvpn/pool.c | 179 ++++++++++++++-------- >> src/openvpn/pool.h | 31 ++-- >> src/openvpn/tun.c | 357 +++++++++++++++++++------------------------ >> 5 files changed, 308 insertions(+), 277 deletions(-) >> ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Am Dienstag, 5. Juni 2018, 14:05:10 CET schrieb tincanteksup: > Hi, > > I have applied these 5 patches to master... me too, a little bit late my confirmation: /usr/local/sbin/openvpn --config server-neu.ovpn Sat Jan 26 00:05:09 2019 OpenVPN 2.5_git [git:HEAD/a59fd1475089eda4+] armv7l- unknown-linux-gnueabihf [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Jan 25 2019 Sat Jan 26 00:05:09 2019 library versions: OpenSSL 1.1.0h-fips 27 Mar 2018, LZO 2.10 Sat Jan 26 00:05:09 2019 Diffie-Hellman initialized with 2048 bit key Sat Jan 26 00:05:09 2019 TUN/TAP device tun0 opened Sat Jan 26 00:05:09 2019 TUN/TAP TX queue length set to 100 Sat Jan 26 00:05:09 2019 /sbin/ip link set dev tun0 up mtu 1500 Sat Jan 26 00:05:09 2019 /sbin/ip -6 addr add 2001:a61:5e8:5b01::1:2/112 dev tun0 Sat Jan 26 00:05:09 2019 Socket Buffers: R=[163840->163840] S=[163840->163840] Sat Jan 26 00:05:09 2019 setsockopt(IPV6_V6ONLY=0) Sat Jan 26 00:05:09 2019 UDPv6 link local (bound): [AF_INET6][undef]:1194 Sat Jan 26 00:05:09 2019 UDPv6 link remote: [AF_UNSPEC] Sat Jan 26 00:05:09 2019 MULTI: multi_init called, r=256 v=256 Sat Jan 26 00:05:09 2019 IFCONFIG POOL IPv6: (IPv4) size=0, size_ipv6=65536, netbits=112, base_ipv6=2001:a61:5e8:5b01::1:1001 Sat Jan 26 00:05:09 2019 Initialization Sequence Completed Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 TLS: Initial packet from [AF_INET6]2a01:598:89f0:85e7:f19b:58b8:9005:20f7:39005, sid=1055982b 433815b8 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 VERIFY OK: depth=1, C=KG, ST=NA, L=BISHKEK, O=OpenVPN-TEST, emailAddress=me@myhost.mydomain Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 VERIFY OK: depth=0, C=KG, ST=NA, O=OpenVPN-TEST, CN=Test-Client, emailAddress=me@myhost.mydomain Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_GUI_VER=OC30Android Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_VER=3.2 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_PLAT=android Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_NCP=2 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_TCPNL=1 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_PROTO=2 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_AUTO_SESS=1 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 peer info: IV_BS64DL=1 Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 2048 bit RSA Sat Jan 26 00:05:36 2019 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 [Test-Client] Peer Connection Initiated with [AF_INET6]2a01:598:89f0:85e7:f19b: 58b8:9005:20f7:39005 Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 MULTI_sva: pool returned IPv4=(Not enabled), IPv6=2001:a61:5e8:5b01::1:1001 Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 MULTI: no --ifconfig-pool netmask parameter is available to push to Test- Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 MULTI: no dynamic or static remote --ifconfig address is available for Test- Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 MULTI: Learn: 2001:a61:5e8:5b01::1:1001 -> Test-Client/ 2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 MULTI: primary virtual IPv6 for Test-Client/2a01:598:89f0:85e7:f19b: 58b8:9005:20f7: 2001:a61:5e8:5b01::1:1001 Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 PUSH: Received control message: 'PUSH_REQUEST' Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 SENT CONTROL [Test-Client]: 'PUSH_REPLY,route-ipv6 fd00::/64,route-ipv6 2001:a61:5e8:5b01:0:0:0:0/64,dhcp-option DNS fd00::464e:6dff:fe72:8a08,tun- ipv6,ping 10,ping-restart 120,ifconfig-ipv6 2001:a61:5e8:5b01::1:1001/112 2001:a61:5e8:5b01::1:2,peer-id 0,cipher AES-256-GCM' (status=1) Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Data Channel: using negotiated cipher 'AES-256-GCM' Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Jan 26 00:05:36 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key Sat Jan 26 00:07:58 2019 Test-Client/2a01:598:89f0:85e7:f19b:58b8:9005:20f7 SIGTERM[soft,remote-exit] received, client-instance exiting config at raspberry pi proto udp6 dev tun ca ca.crt cert server.crt key server.key dh dh2048.pem server-ipv6 2001:a61:5e8:5b01:0:0:1:1/112 push "route-ipv6 fd00::/64" push "route-ipv6 2001:a61:5e8:5b01:0:0:0:0/64" push "dhcp-option DNS fd00::464e:6dff:fe72:8a08" keepalive 10 120 verb 3 Client was Openvpn connect 3.05 for android. Thomas
Hi, On 26/01/2019 09:17, Thomas Schäfer wrote: > Am Dienstag, 5. Juni 2018, 14:05:10 CET schrieb tincanteksup: >> Hi, >> >> I have applied these 5 patches to master... > > > me too, a little bit late my confirmation: Thanks for testing the patches! We still need to setup some more automated testing for the server side to make sure we don't introduce regressions and similar...hopefully we'll put this together soon :-) Cheers,