From patchwork Fri May 29 14:05:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antonio Quartulli X-Patchwork-Id: 1134 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director11.mail.ord1d.rsapps.net ([172.28.255.1]) by backend30.mail.ord1d.rsapps.net with LMTP id iBZrN96j0V6QLQAAIUCqbw for ; Fri, 29 May 2020 20:07:58 -0400 Received: from proxy6.mail.ord1c.rsapps.net ([172.28.255.1]) by director11.mail.ord1d.rsapps.net with LMTP id OHJQN96j0V7qGgAAvGGmqA ; Fri, 29 May 2020 20:07:58 -0400 Received: from smtp15.gate.ord1c ([172.28.255.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy6.mail.ord1c.rsapps.net with LMTP id 4JHeNt6j0V7BXgAA9sKXow ; Fri, 29 May 2020 20:07:58 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp15.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=unstable.cc X-Suspicious-Flag: YES X-Classification-ID: 9e413f30-a209-11ea-922a-bc305bf03694-1-1 Received: from [216.105.38.7] ([216.105.38.7:43070] helo=lists.sourceforge.net) by smtp15.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0D/AC-05001-ED3A1DE5; Fri, 29 May 2020 20:07:58 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1jep1h-0003YA-F4; Sat, 30 May 2020 00:07:01 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jep1h-0003Xr-1B for openvpn-devel@lists.sourceforge.net; Sat, 30 May 2020 00:07:01 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=CH/fAF4ipqTcLLRdS8DkQZrUNFrzRhRxBbko7VWmHOI=; b=bQ5M5JLDX4eyJ3ySH2Yozefml5 tWSZaR9vfb7rA8E4AMEGJDvDk++/olGEOM5qH7Eb+wR7RCzEb7OdecNLIx9KYzZ75skmRDX4lAMpK 5/EsH+tgG9quO0JoNXTnbrPfkOKy/PRhuMY/gNuiCNRbbEgUklD7IOe7l65MGcFnZ4Yg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=CH/fAF4ipqTcLLRdS8DkQZrUNFrzRhRxBbko7VWmHOI=; b=Q cJHSzgivVPP51x92HHh3NsT6FNYJ9LQUpUkcMqIe2ORA7Q7+rudWb0pxAR8Ofnifi99D8vkHD41EZ LEhUTX3kza0oeBB7bSEMaYyG3jv473HiSqupzabWPE9sIPmRAwEqbn80Ba4Gb3mb/MG67EEtGy4S1 2VR5PVblgGXkmdAM=; Received: from s2.neomailbox.net ([5.148.176.60]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1jep1d-00D3dr-IM for openvpn-devel@lists.sourceforge.net; Sat, 30 May 2020 00:07:00 +0000 From: Antonio Quartulli To: openvpn-devel@lists.sourceforge.net Date: Sat, 30 May 2020 02:05:53 +0200 Message-Id: <20200530000600.1680-1-a@unstable.cc> MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: gitlab.com] 0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1jep1d-00D3dr-IM Subject: [Openvpn-devel] [PATCH v4 0/7] Allow IPv6-only tunnels X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Antonio Quartulli Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox This patchset allows servers to work with a tunnel configured with IPv6 only (client code has already been merged). This new v4 is the result of some more reviews, including an hardcore reviewing session that me and Gert had yesterday afternoon. We found some interesting bugs and agreed on some previously-not-well-defined behaviours. The patchset is now ready for broader testing and potential final vetting. In a nutshell, after applying this patchset, it will be possible to configure a server with just --server-ipv6 and no IPv4 at all (in the tunnel). Happy hacking! (Note: this code is also available at [1] in the ipv6-only branch) Cheers, Trac: #208 [1] https://gitlab.com/ordex986/openvpn Antonio Quartulli (7): pool: prevent IPv6 pools to be larger than 2^16 addresses pool: allow to configure an IPv6-only ifconfig-pool allow usage of --server-ipv6 even when no --server is specified pool: add support for ifconfig-pool-persist with IPv6 only route: warn on IPv4 routes installation when no IPv4 is configured options: enable IPv4 redirection logic only if really required ipv6-pool: get rid of size constraint src/openvpn/helper.c | 15 +- src/openvpn/multi.c | 10 +- src/openvpn/options.c | 29 +++- src/openvpn/pool.c | 317 ++++++++++++++++++++++++++++++++---------- src/openvpn/pool.h | 8 +- src/openvpn/route.c | 16 ++- 6 files changed, 302 insertions(+), 93 deletions(-)