git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Gert Doering <gert@greenie.muc.de>
	Tue, 15 Sep 2020 09:41:01 +0000 (11:41 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 15 Sep 2020 14:26:24 +0000 (16:26 +0200)
commit	81b6a7e75b343e324a44b4476c89c596d7b6c74b
tree	8e7d4ec53410773bfc1b85ffa1535b7beb98bb0e	tree
parent	b8625abbd5be21a810b648058e6e411a7ff19702	commit \| diff

Fix netbits setting (in TAP mode) for IPv6 on Windows.

For TUN interfaces, the IPv6 address needs to be configured with
"address/128" and a local subnet route is needed, pointing to our
fake gateway fe80::8.  There is no ethernet headers or ND outside
the tun/tap interface, so anything but fe80::8 is not resolvable.

For TAP interfaces, the proper subnet mask (netbits) must be configured,
and no connected route to "our local host address" must be configured,
to make make IPv6 ND work inside the local subnet.

Our code was nicely consistent in doing the same thing in tun.c
("gui/openvpn running with admin privileges") and in the requests
to the interactive service ("gui running with user privs").  Fix in
both places.

On tun close, symmetric to addition, remove the on-link subnet route only
for "tun" interfaces.  Address removal works without specifying netbits.

While at it, extend do_address_service() to actually log both IPv4
and IPv6 addresses requested via it.

Tested on Win10/64.

v2:
  - change logging to use D_IFCONFIG
  - fix whitespace on "?" operator

Reported-By: Laurent Fasnacht <l@libres.ch>
Reported-By: Klara Mall <klara.mall@kit.edu>
Trac: #1054

Signed-off-by: Gert Doering <gert@greenie.muc.de>
Acked-by: Lev Stipakov <lstipakov@gmail.com>
Message-Id: <20200915094101.86470-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg21008.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

src/openvpn/errlevel.h		diff \| blob \| blame \| history
src/openvpn/tun.c		diff \| blob \| blame \| history