@@ -1,8 +1,97 @@

-This is an experimentally patched version of OpenVPN 2.1 with IPv6

-payload support.

+IPv6 payload support

+--------------------

-Go here for release notes and documentation:

+Latest IPv6 payload support code and documentation can be found from here:

   http://www.greenie.net/ipv6/openvpn.html

+For TODO list, see TODO.IPv6.

+

 Gert Doering, 31.12.2009

+

+

+

+IPv6 transport support

+----------------------

+

+[ Last updated: 25-Mar-2011. ]

+

+OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:

+( --udp6 and --tcp6-{client,server} )

+

+* Availability

+  Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6

+

+  Distro ready repos/packages:

+  o Debian sid official repo, by Alberto Gonzalez Iniesta,

+    starting from openvpn_2.1~rc20-2

+  o Gentoo official portage tree, by Marcel Pennewiss:

+    - https://bugs.gentoo.org/show_bug.cgi?id=287896

+  o Ubuntu package, by Bernhard Schmidt:

+    - https://launchpad.net/~berni/+archive/ipv6/+packages

+  o Freetz.org, milestone freetz-1.2

+    - http://trac.freetz.org/milestone/freetz-1.2

+

+* Status:

+  o OK:

+    - upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1

+    - udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux

+      (gives a warning on local!=remote proto matching)

+  o NOT:

+    - win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused

+  o NOT tested:

+    - mgmt console

+

+* Build setup:

+  ./configure --enable-ipv6        (by default)

+

+* Usage:

+  For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example

+  from man page ...

+

+  On may:

+    openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \

+      --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key

+

+  On june:

+    openvpn --proto udp6 --remote <may_IPv6_addr>  --dev tun1 \

+      --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key

+

+  Same for --proto tcp6-client, tcp6-server.

+

+* Main code changes summary:

+  - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,

+    (here I omitted #ifdef USE_PF_xxxx, see socket.h )

+

+    struct openvpn_sockaddr {

+	union {

+		struct sockaddr sa;

+		struct sockaddr_in in;

+		struct sockaddr_in6 in6;

+	} addr;

+    };

+

+    struct link_socket_addr

+    {

+            struct openvpn_sockaddr local;

+            struct openvpn_sockaddr remote;

+            struct openvpn_sockaddr actual;

+    };

+

+    PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc

+    (also local.pi.in and local.pi.in6)

+

+  - several function prototypes moved from sockaddr_in to openvpn_sockaddr

+  - several new sockaddr functions needed to "generalize" AF_xxxx operations:

+    addr_copy(), addr_zero(), ...etc

+    proto_is_udp(), proto_is_dgram(), proto_is_net()

+

+* For TODO list, see TODO.IPv6

+

+--

+JuanJo Ciarlante   jjo () google () com ............................

+:                                                                  :

+.                                         Linux IP Aliasing author .

+.   Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .

+.                                        OpenVPN over IPv6 support .

+:......     plus other scattered free software bits in the wild ...:

deleted file mode 100644

@@ -1,81 +0,0 @@

-[ Last updated: 25-Mar-2011. ]

-

-OpenVPN-2.1 over UDP6/TCP6 README for ipv6-0.4.x patch releases:

-( --udp6 and --tcp6-{client,server} )

-

-* Availability

-  Source code under GPLv2 from http://github.com/jjo/openvpn-ipv6

-

-  Distro ready repos/packages:

-  o Debian sid official repo, by Alberto Gonzalez Iniesta,

-    starting from openvpn_2.1~rc20-2

-  o Gentoo official portage tree, by Marcel Pennewiss:

-    - https://bugs.gentoo.org/show_bug.cgi?id=287896

-  o Ubuntu package, by Bernhard Schmidt:

-    - https://launchpad.net/~berni/+archive/ipv6/+packages

-  o Freetz.org, milestone freetz-1.2

-    - http://trac.freetz.org/milestone/freetz-1.2

-

-* Status:

-  o OK:

-    - upd6,tcp6: GNU/Linux, win32, openbsd-4.7, freebsd-8.1

-    - udp4->upd6,tcp4->tcp6 (ipv4/6 mapped): GNU/Linux

-      (gives a warning on local!=remote proto matching)

-  o NOT:

-    - win32: tcp4->tcp6 (ipv4/6 mapped) fails w/connection refused

-  o NOT tested:

-    - mgmt console

-

-* Build setup:

-  ./configure --enable-ipv6        (by default)

-

-* Usage:

-  For IPv6 just specify "-p upd6" an proper IPv6 hostnames, adapting the example

-  from man page ...

-

-  On may:

-    openvpn --proto udp6 --remote <june_IPv6_addr> --dev tun1 \

-      --ifconfig 10.4.0.1 10.4.0.2 --verb 5 --secret key

-

-  On june:

-    openvpn --proto udp6 --remote <may_IPv6_addr>  --dev tun1 \

-      --ifconfig 10.4.0.2 10.4.0.1 --verb 5 --secret key

-

-  Same for --proto tcp6-client, tcp6-server.

-

-* Main code changes summary:

-  - socket.h: New struct openvpn_sockaddr type that holds sockaddrs and pktinfo,

-    (here I omitted #ifdef USE_PF_xxxx, see socket.h )

-

-    struct openvpn_sockaddr {

-    	union {

-    		struct sockaddr sa;

-    		struct sockaddr_in in;

-    		struct sockaddr_in6 in6;

-    	} addr;

-    };

-

-    struct link_socket_addr

-    {

-            struct openvpn_sockaddr local;

-            struct openvpn_sockaddr remote;

-            struct openvpn_sockaddr actual;

-    };

-

-    PRO: allows simple type overloading: local.addr.sa, local.addr.in, local.addr.in6 ... etc

-    (also local.pi.in and local.pi.in6)

-

-  - several function prototypes moved from sockaddr_in to openvpn_sockaddr

-  - several new sockaddr functions needed to "generalize" AF_xxxx operations:

-    addr_copy(), addr_zero(), ...etc

-    proto_is_udp(), proto_is_dgram(), proto_is_net()

-

-* TODO: See TODO.ipv6

-

-JuanJo Ciarlante   jjo () google () com ............................

-:                                                                  :

-.                                         Linux IP Aliasing author .

-.   Modular algo (AES et all) support for FreeSWAN/OpenSWAN author .

-.                                        OpenVPN over IPv6 support .

-:......     plus other scattered free software bits in the wild ...:

@@ -1,5 +1,5 @@

-known issues for IPv6 payload support in OpenVPN

+TODO for IPv6 payload support

+-----------------------------

 1.) "--topology subnet" doesn't work together with IPv6 payload on FreeBSD

     (verified for FreeBSD server, Linux/ifconfig client, problems 

@@ -147,3 +147,40 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500

     to the config

     (problem + workaround applies both to tun and tap style devices)

+

+

+

+

+TODO for IPv6 transport support

+-------------------------------

+

+[ Last updated: 11-Nov-2009. ]

+

+* All platforms:

+  o mgmt console: as currently passes straight in_addr_t bits around

+

+  o make possible to get AF from getaddrinfo() answer, ie allow openvpn to

+    use ipv4/6 if DNS returns A/AAAA without specifying protocol.

+    Hard: requires deep changes in initialization/calling logic

+

+  o use AI_PASSIVE

+

+  o the getaddr()/getaddr6() interface is not prepared for handling socktype

+    "tagging", currently I abuse the sockflags bits for getting the ai_socktype

+    downstream.

+

+  o implement comparison for mapped addesses: server in dual stack

+    listening IPv6 must permit incoming streams from allowed IPv4 peer,

+    currently you need to pass eg:  --remote ffff::1.2.3.4

+

+  o do something with multi mode learn routes, for now just ignoring

+    ipv6 addresses seems the most sensible thing to do, because there's

+    no support for intra-tunnel ipv6 stuff.

+

+* win32:

+  o find out about mapped addresses, as I can't make it work

+    with bound at ::1 and connect to 127.0.0.1

+

+* N/A:

+  o this is ipv6 *endpoint* support, so don't expect "ifconfig6"-like

+    support in this patch

deleted file mode 100644

@@ -1,30 +0,0 @@

-[ Last updated: 11-Nov-2009. ]

-

-* All platforms:

-  o mgmt console: as currently passes straight in_addr_t bits around

-

-  o make possible to get AF from getaddrinfo() answer, ie allow openvpn to

-    use ipv4/6 if DNS returns A/AAAA without specifying protocol.

-    Hard: requires deep changes in initialization/calling logic

-

-  o use AI_PASSIVE

-

-  o the getaddr()/getaddr6() interface is not prepared for handling socktype

-    "tagging", currently I abuse the sockflags bits for getting the ai_socktype

-    downstream.

-

-  o implement comparison for mapped addesses: server in dual stack

-    listening IPv6 must permit incoming streams from allowed IPv4 peer,

-    currently you need to pass eg:  --remote ffff::1.2.3.4

-

-  o do something with multi mode learn routes, for now just ignoring

-    ipv6 addresses seems the most sensible thing to do, because there's

-    no support for intra-tunnel ipv6 stuff.

-

-* win32:

-  o find out about mapped addresses, as I can't make it work

-    with bound at ::1 and connect to 127.0.0.1

-

-* N/A:

-  o this is ipv6 *endpoint* support, so don't expect "ifconfig6"-like

-    support in this patch