aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-03-22 10:59:59 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-03-22 10:59:59 +0000
commit3cc0c95853fcb021a12c63581c971c65718cc685 (patch)
tree0c35ac6c657d2ed747d541f93d3fb75e32f2384c
parentab70e0bf119a65bcc337e60fe874c4695ba2960f (diff)
downloadalpine_aports-3cc0c95853fcb021a12c63581c971c65718cc685.tar.bz2
alpine_aports-3cc0c95853fcb021a12c63581c971c65718cc685.tar.xz
alpine_aports-3cc0c95853fcb021a12c63581c971c65718cc685.zip
main/openvpn: upgrade to 2.2.2
rebase the ipv6 patch
Diffstat
-rw-r--r--main/openvpn/APKBUILD10
-rw-r--r--main/openvpn/openvpn-2.2.2-ipv6.patch (renamed from main/openvpn/openvpn-2.2.0-ipv6-20110522-1.patch)986
2 files changed, 167 insertions, 829 deletions
diff --git a/main/openvpn/APKBUILD b/main/openvpn/APKBUILD
index 7f96559a13..929cd73db5 100644
--- a/main/openvpn/APKBUILD
+++ b/main/openvpn/APKBUILD
@@ -1,7 +1,7 @@
1# Maintainer: Natanael Copa <ncopa@alpinelinux.org> 1# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
2pkgname=openvpn 2pkgname=openvpn
3pkgver=2.2.0 3pkgver=2.2.2
4pkgrel=2 4pkgrel=0
5pkgdesc="A robust, and highly configurable VPN (Virtual Private Network)" 5pkgdesc="A robust, and highly configurable VPN (Virtual Private Network)"
6url="http://openvpn.sourceforge.net/" 6url="http://openvpn.sourceforge.net/"
7arch="all" 7arch="all"
@@ -15,7 +15,7 @@ source="http://swupdate.openvpn.net/community/releases/$pkgname-$pkgver.tar.gz
15 openvpn.confd 15 openvpn.confd
16 openvpn.up 16 openvpn.up
17 openvpn.down 17 openvpn.down
18 openvpn-2.2.0-ipv6-20110522-1.patch 18 openvpn-2.2.2-ipv6.patch
19 " 19 "
20 20
21_builddir="$srcdir"/$pkgname-$pkgver 21_builddir="$srcdir"/$pkgname-$pkgver
@@ -88,9 +88,9 @@ doc() {
88 default_doc 88 default_doc
89} 89}
90 90
91md5sums="4f440603eac45fec7be218b87d570834 openvpn-2.2.0.tar.gz 91md5sums="c5181e27b7945fa6276d21873329c5c7 openvpn-2.2.2.tar.gz
92ec99092827faa7226e9f548c2cd1d20c openvpn.initd 92ec99092827faa7226e9f548c2cd1d20c openvpn.initd
939eca88cac6294027ec1bb7be74185c3a openvpn.confd 939eca88cac6294027ec1bb7be74185c3a openvpn.confd
94dc72fecd1a1bcef937603057cd6574b1 openvpn.up 94dc72fecd1a1bcef937603057cd6574b1 openvpn.up
95dc3ff0bae442b9aedd947b8ffda1687a openvpn.down 95dc3ff0bae442b9aedd947b8ffda1687a openvpn.down
9625172fa251672edc3f7a277b5d7f3f72 openvpn-2.2.0-ipv6-20110522-1.patch" 9651b1ddade743505b84d27db9ebfd6c0a openvpn-2.2.2-ipv6.patch"
diff --git a/main/openvpn/openvpn-2.2.0-ipv6-20110522-1.patch b/main/openvpn/openvpn-2.2.2-ipv6.patch
index 85819de42f..f8b8015ea6 100644
--- a/main/openvpn/openvpn-2.2.0-ipv6-20110522-1.patch
+++ b/main/openvpn/openvpn-2.2.2-ipv6.patch
@@ -1,626 +1,7 @@
1diff --git openvpn-2.2.0/ChangeLog.IPv6 openvpn-2.2-ipv6-20110522-1/ChangeLog.IPv6 1diff --git a/forward.c b/forward.c
2new file mode 100644
3index 0000000..283fe6e
4--- /dev/null
5+++ openvpn-2.2-ipv6-20110522-1/ChangeLog.IPv6
6@@ -0,0 +1,440 @@
7+Do 31. Dez 15:32:40 CET 2009 Gert Doering
8+
9+ * Basic IPv6 p2mp functionality implemented
10+
11+ * new options:
12+ - server-ipv6
13+ - ifconfig-ipv6
14+ - ifconfig-ipv6-pool
15+ - route-ipv6
16+ - iroute-ipv6
17+
18+ * modules touched:
19+ - init.c: init & setup IPv6 route list & add/delete IPv6 routes
20+ - tun.c: add "ifconfig" and "route" handling for IPv6
21+ - multi.c: IPv6 ifconfig-pool assignments
22+ put to route-hash table
23+ push to client
24+ - pool.c: extend pools to handle IPv4+IPv6, and also return IPv6 address
25+ IPv6 address saved to file if ifconfig-pool-persist is set
26+ (but ignored on read due to the way pools work)
27+ - mroute.c: handle reading src/dst addresses from IPv6 packets
28+ (so multi.c can check against route-hash table)
29+ handle printing of IPv6 mroute_addr structure
30+ - helper.c: implement "server-ipv6" macro (->ifconfig-ipv6, pool, ...)
31+ - options.c: implement all the new options
32+ add helper functions for IPv6 address handling
33+ - forward.c: tell do_route() about IPv6 routes
34+ - route.c: handle IPv6 route lists + route option lists
35+ extend add_routes() to do IPv4 + IPv6 route lists
36+ extend delete_routes() to do IPv4 + IPv6 route lists
37+ implement add_route_ipv6(), delete_route_ipv6() to call
38+ system-dependend external program to do the work
39+ - push.c: handle pushing of "ifconfig-ipv6" option
40+ - socket.c: helper function to check & print IPv6 address strings
41+
42+ * known issues:
43+ - operating system support on all but Linux (ifconfig, route)
44+ - route-ipv6 gateway handling
45+ - iroute-ipv6 not implemented
46+ - TAP support: ifconfig, routing (route needs gateway!)
47+
48+ * release as patch 20091231-1
49+
50+Thu Dec 31 17:02:08 CET 2009
51+
52+ * NetBSD port (NetBSD 3.1 on Sparc64)
53+
54+ * mroute.c, socket.c: make byte/word access to in6_addr more portable
55+
56+ * tun.c: fix IPv6 ifconfig arguments on NetBSD
57+
58+ still doesn't work on NetBSD 3.1, "ifconfig tun0 inet6..." errors with
59+
60+ ifconfig: SIOCAIFADDR: Address family not supported by protocol family
61+
62+ (sys/net/if_tun.c, needs to be revision 1.80 or later, NetBSD PR 32944,
63+ included in NetBSD 4.0 and up)
64+
65+
66+Fri Jan 1 14:07:15 CET 2010
67+
68+ * FreeBSD port (FreeBSD 6.3-p12 on i386)
69+
70+ * tun.c: implement IPv6 ifconfig setting for FreeBSD
71+
72+ * route.c: fix %s/%s argument to IPv6 route add/delete command for *BSD
73+
74+ * TEST SUCCESS: FreeBSD 6.3-p12, server-ipv6, route-ipv6, ccd/iroute-ipv6
75+
76+ * multi.c: implement setting and deleting of iroute-ipv6
77+ (multi_add_iroutes(), multi_del_iroutes())
78+ * mroute.c: add mroute_helper_add_iroute6(), mroute_helper_del_iroute6()
79+ * mroute.h: add prototypes, increase MR_HELPER_NET_LEN to 129 (/0.../128)
80+ * multi.c: zeroize host part of IPv6 iroutes in multi_learn_in6_addr()
81+ * mroute.c: implement mroute_addr_mask_host_bits() for IPv6
82+
83+ * TEST SUCCESS: Linux 2.6.30 (Gentoo)/iproute2, server-ipv6, ccd/iroute-ipv6
84+
85+ * TEST SUCCESS: Linux 2.6.30 (Gentoo)/ifconfig, client-ipv6
86+
87+ * TEST FAIL: NetBSD 5.0, IPv6 client
88+ - "ifconfig tun0 .../64" does not create a "connected" route
89+ - adding routes fails
90+
91+ --> more work to do here.
92+
93+ * release as patch 20100101-1
94+
95+ * TEST FAIL:
96+ FreeBSD 6.3-p12 server "--topology subnet"
97+ Linux/ifconfig client
98+ - BSD sends ICMP6 neighbor solicitations, which are ignored by Linux
99+ - server tun interface is not in p2p mode, client tun interface *is*
100+
101+ * TEST SUCCESS: non-ipv6 enabled client -> "--server-ipv6" server
102+ (warnings in the log file, but no malfunctions)
103+
104+
105+Sat Jan 2 19:48:35 CET 2010
106+
107+ * tun.c: change "ipv6_support()", do not turn off tt->ipv6 unconditionally
108+ if we don't know about OS IPv6 support - just log warning
109+
110+ * tun.c: implement "ifconfig inet6" setting for MacOS X / Darwin
111+
112+ * route.c: split *BSD system dependent part of add/delete_route_ipv6()
113+ into FreeBSD/Dragonfly and NetBSD/Darwin/OpenBSD variants
114+ ("2001:db8::/64" vs. "2001:db8:: --prefixlen 64").
115+
116+ * tun.c: on MacOS X, NetBSD and OpenBSD, explicitely set on-link route
117+
118+ * TEST SUCCESS: MacOS X, client-ipv6 with route-ipv6
119+
120+
121+Sun Jan 3 10:55:31 CET 2010
122+
123+ * route.c: NetBSD fails with "-iface tun0", needs gateway address
124+ (assume that the same syntax is needed for OpenBSD)
125+
126+ * route.h: introduce "remote_endpoint_ipv6" into "struct route_ipv6_list"
127+
128+ * init.c: pass "ifconfig_ipv6_remote" as gateway to init_route_ipv6_list()
129+
130+ * route.c:
131+ - init_route_ipv6(): use "remote_endpoint_ipv6" as IPv6 gateway address
132+ if no gateway was specified explicitely
133+
134+ - init_route_ipv6_list(): fill in "remote_endpoint_ipv6", if parseable
135+
136+ - get rid of "GATEWAY-LESS ROUTE6" warning
137+
138+ * route.c, add_route_ipv6()
139+ - explicitely clear host bits of base address, to be able to more
140+ easily set up "connected" /64 routes on NetBSD+Darwin
141+
142+ - split system-dependent part between Darwin and NetBSD/OpenBSD
143+ (Darwin can use "-iface tun0", NetBSD/OpenBSD get gateway address)
144+
145+ - change Solaris comments from "known-broken" to "unknown"
146+
147+ * tun.c: rework NetBSD tunnel initialization and tun_read() / tun_write()
148+ to work the same way OpenBSD and NetBSD do - tunnel is put into
149+ "multi-af" mode, and all packet read/write activity is prepended by
150+ a 32 bit value specifying the address family.
151+
152+ * TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6
153+
154+ * TEST SUCCESS: MacOS X 10.5: client-ipv6 with route-ipv6
155+
156+ * (RE-)TEST SUCCESS: Linux/iproute2: server-ipv6
157+ Linux/ifconfig: client-ipv6
158+ FreeBSD 6.3: server-ipv6
159+
160+ * release as patch 20100103-1
161+
162+ * options.c: document all new options in "--help"
163+
164+ * tun.c: fix typo in Solaris-specific section
165+
166+ * socket.h, socket.c: change u_int32_t to uint32_t
167+ (Solaris - and all the rest of the code uses "uintNN" anyway)
168+
169+Mon Jan 4 17:46:58 CET 2010
170+
171+ * socket.c: rework add_in6_addr() to use 32-bit access to struct in6_addr
172+ (Solaris has no 16-bit values in union, but this is more elegant as well)
173+
174+ * tun.c: fix "ifconfig inet6" command for Solaris
175+
176+ * tun.c: make sure "tun0 inet6" is unplumbed first, cleanup leftovers
177+
178+ * route.c: add routes with "metric 0" on solaris, otherwise they just
179+ don't work (someone who understands Solaris might want to fix this).
180+
181+ * Solaris "sort of" works now - ifconfig works, route add does not give
182+ errors, "netstat -rn" looks right, but packets are discarded unless
183+ the routes are installed with "metric 0". So we just use "metric 0"...
184+
185+ * CAVEAT: Solaris "ifconfig ... preferred" interferes with source address
186+ selection. So if there are any active IPv6 interfaces configured with
187+ "preferred", packets leaving out the tunnel will use the wrong source
188+ IPv6 address. Not fixable from within OpenVPN.
189+
190+ * CAVEAT2: Solaris insists on doing DHCPv6 on tun0 interfaces by default,
191+ so DHCPv6 solicitation packets will be seen. Since the server end has
192+ no idea what to do with them, they are a harmless nuisance. Fixable
193+ on the Solaris side via "ndpd.conf" (see ``man ifconfig'').
194+
195+ * release as patch 20100104-1
196+
197+Fri Jan 8 10:00:50 CET 2010
198+
199+ * import into git repository
200+
201+ * options.c: add sanity checks for most typical error cases
202+ (--ifconfig-ipv6-pool configured with no --ifconfig-ipv6, etc)
203+
204+ * options.c: modify get_ipv6_addr() to be more flexible about netbits
205+ (optional now, default to /64) and to return the address-without-netbits
206+ string now (-> for options that want the IPv6 address in printable
207+ form, but without /nn)
208+
209+ * options.c: modify --ifconfig-ipv6 to optionally accept /netbits,
210+ you can do now "ifconfig-ipv6 2001:df8::1/64 2001:df8::2" or just
211+ "ifconfig-ipv6 2001:df8::5 2001:df8::7", defaulting to /64
212+
213+ * options.h: add necessary structure elements for --ifconfig-ipv6-push
214+
215+ * options.c: implement "parse options" side of --ifconfig-ipv6-push
216+
217+Tue Jan 12 22:42:09 CET 2010
218+
219+ * tun.c: in TARGET_NETBSD #ifdef, distinguish between "old" code
220+ (IPv4 only, but unmodified read/write) and "new" code (multi-af,
221+ extra 32 bit AF on read/write of the tun interface) - pre-4.0
222+ NetBSD systems don't have TUNSIFHEAD, no way to have common code.
223+
224+ * TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6 (v4+v6)
225+
226+ * TEST SUCCESS: NetBSD 3.1/Sparc64: client-ipv6 with route-ipv6 (v4-only)
227+
228+Thu Jan 14 15:41:50 CET 2010
229+
230+ * multi.c: if "--ifconfig-push" is used together with "--ifconfig-ipv6-pool"
231+ and no "--ifconfig-ipv6-push" is seen, issue warning - the current
232+ implementation of pools has IPv6 tied to IPv4, so if v4 does not use
233+ the pool, it breaks for IPv6. Not a *big* problem (since there is
234+ enough v6, just give those users a static v6 address as well), but needs
235+ to be pointed out clearly.
236+
237+ * release as patch 20100114-1
238+
239+Tue Feb 16 14:43:28 CET 2010
240+
241+ * options.c: print "IPv6 payload patch" release date in "--version"
242+
243+ * tun.c: undo change to init_tun() (moving "bool tun" and call to
244+ "is_tun_p2p()" further up) - it wasn't needed and breaks "make check"
245+
246+ * git stuff: rebase on David Sommerseth's openvpn-testing git tree
247+
248+ * release as patch 20100216-1
249+
250+Fri Feb 26 19:59:01 CET 2010
251+
252+ * init.c: initialize tuntap->ipv6 in do_init_tun() (to make sure it's
253+ always initialized early-enough, independent of the sequence of
254+ do_ifconfig()/open_tun() [see ifconfig_order() in tun.h])
255+
256+ * tun.c, init.c: remove "bool ipv6" argument to tuncfg(), open_tun()
257+ and open_tun_generic() - obsoleted by previous change
258+
259+ * tun.c: remove ipv6_support() - original purpose was unclear, and all
260+ current platforms (except linux-very-old) fully support IPv6 now :-)
261+
262+ * tun.c: initial implementation of "netsh" IPv6-ifconfig for Win32
263+
264+ * RE-TEST SUCCESS: Linux/i386/ifconfig, client-tun/net30, v4+v6
265+
266+Sun Feb 28 17:05:57 CET 2010
267+
268+ * tun.c: NetBSD dependent part: correct destroying/re-creation of tun dev
269+
270+ * tun.c: move adding of "connected" IPv6 prefix to new helper function,
271+ add_route_connected_v6_net()
272+
273+ * RE-TEST SUCCESS: NetBSD 5.0/Sparc64, client-tun/net30, v4+v6
274+
275+ * RE-TEST SUCCESS: NetBSD 3.1/Sparc64: client-tun/net30, v4-only
276+
277+ * RE-TEST SUCCESS: Linux/i386/iproute2: server-tun/net30, v4+v6
278+
279+ * tun.c: add #ifdef TARGET_DARWIN block for *_tun() functions, to
280+ be able to modify close_tun() for unconfiguring IPv6
281+
282+ * tun.c: on close_tun() on MacOS X, need to de-configure "lo0" route for
283+ configured IPv6 address
284+
285+ * RE-TEST SUCCESS: MacOS X (10.5)/i386: client-tun/net30, v4+v6
286+
287+ * route.c: implement ipv6 route adding / deletion via "netsh" for WIN32
288+
289+ * TEST FAIL: Windows XP fails, because the tun/tap driver does not
290+ forward IPv6 frames kernel->userland if in "tun" mode
291+
292+ * options.c: set IPv6 version to 20100228-1
293+
294+ * release as patch 20100228-1
295+
296+Sun Mar 7 19:17:33 CET 2010
297+
298+ * options.c: set IPv6 version to 20100307-1
299+
300+ * TODO.IPv6: add note about OpenBSD TODO (#16)
301+
302+ * route.c: set (and remove) "magic next hop" fe80::8 for IPv6 routes on
303+ Win32
304+
305+ * install-win32/settings.in: bump TAP driver version from 9.6 to 9.7
306+ and TAP_RELDATE to "07/03/2010"
307+
308+ * tap-win32/proto.h: add data types and definitions needed for IPv6
309+
310+ * tap-win32/types.h: add m_UserToTap_IPv6 ethernet header for IPv6 packets
311+
312+ * tap-win32/tapdrvr.c: implement support for IPv6 in TUN mode:
313+ - IPv6 packets User->OS need correct ether type
314+ - IPv6 packets OS->User get correctly forwarded
315+ - IPv6 neighbour discovery packets for "fe80::8" (magic address
316+ installed as route-nexthop by OpenVPN.exe) get answered locally
317+
318+ * TEST SUCCESS: WindowsXP/32bit: client-tun/net30, v4+v6
319+
320+ * tun.c: if IPv6 requested in TUN mode, and TUN/TAP driver version
321+ is older than 9.7, log warning and disable IPv6 (won't work anyway).
322+
323+ * release as patch 20100307-1
324+
325+Sat Jul 10 14:37:52 CEST 2010
326+
327+ * TEST SUCCESS: point-to-point tun mode with --ifconfig-ipv6 between
328+ Solaris10/sparc and Linux (Michal Ludvig)
329+ (using the whiteboard tun driver on Solaris, otherwise "no IPv6")
330+
331+Sun Aug 8 12:30:44 CEST 2010
332+
333+ * route.c: split NetBSD and OpenBSD parts of add_route_ipv6() and
334+ delete_route_ipv6(), implement OpenBSD variant
335+ (needs "-prefixlen nn" while NetBSD uses "/nn")
336+
337+ * tun.c: implement IPv6 ifconfig for OpenBSD
338+
339+ * tun.c: destroy tunX interface at tun_close() on OpenBSD (cleanup)
340+
341+ * TEST SUCCESS: OpenBSD 4.7: client-tun/net30, v4+v6
342+
343+Thu Sep 2 21:18:32 CEST 2010
344+
345+ * tun.c: the TAP binary in 2.2-beta3 has the IPv6 related changes, but
346+ the version number is 9.8 now -> check for 9.8, not 9.7
347+
348+Wed Sep 22 22:20:37 CEST 2010
349+
350+ * tun.c: bugfix for Linux/iproute2/"topology subnet". Works :-)
351+
352+ * TEST SUCCESS: Linux/ifconfig: client-tun/net30+subnet, v4+v6
353+
354+ * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6
355+
356+ * options.c: tag as 20100922-1 so "allmerged" users can see IPv6 change
357+
358+Fri Sep 24 17:57:41 CEST 2010
359+
360+ * TEST SUCCESS: Linux/<both>: client-tap, v4+v6, ping6 on connected addr
361+
362+ * TEST FAIL: Linux/<both>: client-tap, v6, route6 (gateway missing)
363+
364+Do 21. Okt 19:36:49 CEST 2010
365+
366+ * t_client.sh.in: cherrypick commit f25fe91a40aa3f and 6f1e61b41be52
367+ (proper exit codes to signal "SKIP" if we do not want to run)
368+
369+So 16. Jan 17:25:23 CET 2011
370+
371+ * tun.c, route.c: cherrypick 121755c2cb4891f and f0eac1a5979096c67
372+ (TAP driver and "topology subnet" support for Solaris)
373+
374+ * tun.c: add IPv6 configuration for TAP interfaces (<device>:1 inet6)
375+
376+ * tun.c: on close_tun on Solaris, unplumb IPv6 TUN or TAP interfaces
377+
378+ * TEST SUCCESS: OpenSolaris: client-tun, v4+v6
379+ TEST SUCCESS: OpenSolaris: client-tap, v4+v6, ping6 on connected addr
380+ TEST FAIL: OpenSolaris: client-tap, v6, route6 (gateway missing)
381+
382+So 24. Apr 16:51:45 CEST 2011
383+
384+ * rebase to "beta2.2" branch (at 2.2RC2 tag)
385+
386+ * mroute.c: remove mroute_helper_lock/_unlock() calls for IPv6
387+ * socket.c: remove locking with L_INET_NTOA mutex
388+ (all the threading stuff got removed by David Sommerseth for 2.2)
389+
390+ * mroute.c: remove duplicate mroute_helper_add_iroute6() and
391+ mroute_helper_del_iroute6() - "git rebase" artefact
392+
393+ * ChangeLog.IPv6 and TODO.IPv6: add to commit
394+
395+ * options.c: tag as 20110424-2 (2.2RC2)
396+
397+ * TEST SUCCESS: Linux/ifconfig: client-tun/net30+subnet, v4+v6
398+
399+ * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6
400+
401+Thu Apr 28 19:10:01 CEST 2011
402+
403+ * rebase to "origin/release/2.2" branch (at v2.2.0 tag)
404+
405+Thu May 19 20:51:12 CEST 2011
406+
407+ * include Windows "netsh add" -> "netsh set ... store=active" patch from
408+ Seth Mos, to fix restart problems on Windows due to persistant addresses
409+
410+ * TEST SUCCESS: Windows XP SP3: client-tun/net30, v4+v6
411+
412+Sat May 21 17:03:20 CEST 2011
413+
414+ * tun.c: Solaris cleanup (use CLEAR() to zero-out "ifr")
415+
416+ * tun.c: Windows cleanup: remove route and IPv6 address on disconnect
417+
418+ * route.c, route.h: remove "static" from delete_route_ipv6(), needed
419+ for ipv6-route cleanup on disconnect
420+
421+ * TEST SUCCESS: Windows XP SP3: client-tun/net30, v4+v6
422+
423+ * TEST SUCCESS: Windows 7 Home Premium: client-tun/net30, v4+v6
424+
425+So 22. Mai 14:46:12 CEST 2011
426+
427+ * Tony Lim: removing routes fails on windows if certain bits are set
428+ in the "host part" (others are silently ignored) -->
429+
430+ * route.c: create print_in6_addr_netbits_only() helper, call from
431+ add_route_ipv6() and delete_route_ipv6() to get only network part
432+ of route-to-be-modified
433+
434+ * route.c: set 'store=active' on adding routes on WIN32 as well (Tony Lim)
435+
436+ * options.c: bump IPv6 release to 20110522-1
437+
438+ * TEST SUCCESS: Linux/iproute2: client-tun/net30+subnet, v4+v6
439+
440+ * TEST SUCCESS: Windows XP SP3: client-tun/net30, v4+v6
441+
442+ * TEST SUCCESS: Windows 7 Home Premium: client-tun/net30, v4+v6
443+
444+ * TEST SUCCESS: OpenBSD 4.7: client-tun/net30, v4+v6
445+ TEST FAIL: OpenBSD 4.7: client-tun/subnet, v4
446+ (seems to be due to "topology subnet has just not been implemented yet")
447diff --git openvpn-2.2.0/README.IPv6 openvpn-2.2-ipv6-20110522-1/README.IPv6
448new file mode 100644
449index 0000000..ca578f2
450--- /dev/null
451+++ openvpn-2.2-ipv6-20110522-1/README.IPv6
452@@ -0,0 +1,8 @@
453+This is an experimentally patched version of OpenVPN 2.1 with IPv6
454+payload support.
455+
456+Go here for release notes and documentation:
457+
458+ http://www.greenie.net/ipv6/openvpn.html
459+
460+Gert Doering, 31.12.2009
461diff --git openvpn-2.2.0/TODO.IPv6 openvpn-2.2-ipv6-20110522-1/TODO.IPv6
462new file mode 100644
463index 0000000..167ca51
464--- /dev/null
465+++ openvpn-2.2-ipv6-20110522-1/TODO.IPv6
466@@ -0,0 +1,153 @@
467+known issues for IPv6 payload support in OpenVPN
468+-----------------------------------------------
469+
470+1.) "--topology subnet" doesn't work together with IPv6 payload on FreeBSD
471+ (verified for FreeBSD server, Linux/ifconfig client, problems
472+ with ICMP6 neighbor solicitations from BSD not being answered by Linux)
473+
474+2.) NetBSD IPv6 support doesn't work
475+ ("connected" route is not auto-created, "route-ipv6" adding fails)
476+
477+ * fixed, 3.1.10 *
478+
479+3.) route deletion for IPv6 routes is not yet done
480+
481+ * fixed for configured routes, 3.1.10 *
482+ * missing for manual-ifconfig-connected (NetBSD, Darwin, Win32)
483+ * fixed for Win32, 22.5.2011
484+
485+4.) do "ifconfig tun0 inet6 unplumb" or "ifconfig tun0 destroy" for
486+ Solaris, *BSD, ... at program termination time, to clean up leftovers
487+ (unless tunnel persistance is desired).
488+
489+ For Solaris, only the "ipv6 tun0" is affected, for the *BSDs all tun0
490+ stay around.
491+
492+4a.) deconfigure IPv6 on tun interface on session termination, otherwise
493+ one could end up with something like this (on NetBSD):
494+
495+tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
496+ inet 10.9.0.18 -> 10.9.0.17 netmask 0xffffffff
497+ inet6 fe80::a00:20ff:fece:d299%tun0 -> prefixlen 64 scopeid 0x3
498+ inet6 2001:608:4:eff::2000:3 -> prefixlen 64
499+ inet6 2001:608:4:eff::1:3 -> prefixlen 64
500+
501+ (pool was changed, previous address still active on tun0, breakage)
502+
503+ * semi-fixed for NetBSD, 28.2.10, always do tun0 destroy / tun0 create
504+ before actual ifconfig -- tunnel still lingers after OpenVPN quits
505+
506+4b.) verify this - on FreeBSD, tun0 is auto-destroyed if created by
507+ opening /dev/tun (and lingers if created by "ifconfig tun0 create")
508+
509+ -> use for persistant tunnels on not-linux?
510+
511+5.) add new option "ifconfig-ipv6-push"
512+ (per-client static IPv6 assignment, -> radiusplugin, etc)
513+
514+ * implemented, 14.1.10 *
515+
516+6.) add new option "route-ipv6-gateway"
517+
518+7.) add "full" gateway handling for IPv6 in route.c
519+ (right now, the routes are just sent down the tun interface, if the
520+ operating system in questions supports that, without care for the
521+ gateway address - which does not work for gateways that are supposed
522+ to point elsewhere. Also, it doesn't work for TAP interfaces.
523+
524+8.) full IPv6 support for TAP interfaces
525+ (main issue should be routes+gateway - and testing :-) )
526+
527+ test 2010/09/24: TAP itself works on linux/ifconfig+iproute2, but
528+ route-via-tap doesn't work at all (route points to "tap0" which fails)
529+
530+17:51:14.075412 fe:ab:6e:c5:53:71 > 33:33:ff:00:00:01, ethertype IPv6 (0x86dd), length 86: 2001:608:4:a053::1:0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:608:4:a001::1, length 32
531+
532+ how is iroute-via-tap supposed to work??
533+
534+9.) verify that iroute-ipv6 and route-ipv6 interact in the same way as
535+ documented for iroute/route:
536+
537+ A's subnet, OpenVPN must push this route to all clients
538+ EXCEPT for A, since the subnet is already owned by A.
539+ OpenVPN accomplishes this by not
540+ not pushing a route to a client
541+ if it matches one of the client's iroutes.
542+
543+10.) extend "ifconfig-ipv6" to handle specification of /netbits, pushing
544+ of /netbits, and correctly ifconfig'ing this
545+ (default, if not specified: /64)
546+
547+11.) do not add ipv6-routes if tun-ipv6 is not set - complain instead
548+
549+ * done * 12.1.10
550+
551+12.) handle incoming [::] and [fe80:...] packets in tun-p2mp MULTI mode
552+ (most likely those are DAD packets)
553+ silently ignore DAD?
554+ Or accept-and-forward iff (multicast && client2client)?
555+ handle NS/NA
556+
557+13.) from Martin List-Petersen:
558+
559+ One thing, and I guess this requires modifications in
560+ network-manager-openvpn: It also works, BUT ignores "push
561+ route-ipv6-gateway" and "push route-ipv6 ...." (obviously routes pushed
562+ from the server) entirely.
563+
564+14.) from ##openvpn-discussion:
565+
566+ new features should be #ifdef'ed
567+
568+ (check whether this is feasible at all)
569+
570+15.) IPv6 related environment variables
571+
572+ - document all of them in openvpn.8
573+ - make sure that all existing IPv4 stuff has IPv6 counterparts
574+
575+16.) OpenBSD
576+ - implement ifconfig/route for IPv6
577+ - revert ifconfig/open_tun order to "normal" (separate commit!!!)
578+ (openvpn-devel, Subject: OpenBSD)
579+ - test
580+
581+17.) client-option (Elwood)
582+ - ignore-v6-push-options yes/no
583+ - ignore-v6-route-push ("as for IPv4 routes")
584+
585+18.) fail-save? "what if 'ip -6 addr add' fails" -> fail, or fallback to v4?
586+ (-> recomment setting "ignore-v6-push-options yes")
587+
588+19.) safety check: if connecting over IPv6 (v6 transport) and the pushed
589+ route-ipv6 network encompasses the server IPv6 address, make sure
590+ we at least log a warning (until we can fiddle with external routing
591+ to make this work correctly).
592+
593+20.) show "route add" / "route delete" commands for IPv6 in log file
594+ (we show the "ifconfig" commands, so why not the routes?)
595+
596+ 2010-08-07: this is a null-feature - it's already there, but with
597+ different debug level (M_INFO vs. D_ROUTE) so user
598+ didn't notice
599+
600+21.) enable ipv6-only server operations
601+ - decouple ipv6 pool handling from ipv4 pool
602+ - make sure Rest of OpenVPN doesn't assume "there will always be IPv4"
603+
604+22.) implement --learn-address for IPv6
605+
606+23.) FreeBSD 8 seems to require explicit setting of the "ifconfig" IPv6
607+ route, while FreeBSD 6+7 don't --> more testing, and code fix
608+
609+ workaround for the time being: just add
610+
611+ server-ipv6 2001:608:4:a051::/64
612+ route-ipv6 2001:608:4:a051::/64
613+
614+ to the config
615+
616+ (problem + workaround applies both to tun and tap style devices)
617+
618+24.) implement link-local IPv6 addresses
619+ (OSPFv3 over TUN/multipoint does not work right now)
620diff --git openvpn-2.2.0/forward.c openvpn-2.2-ipv6-20110522-1/forward.c
621index 87d05cc..1f3d435 100644 2index 87d05cc..1f3d435 100644
622--- openvpn-2.2.0/forward.c 3--- a/forward.c
623+++ openvpn-2.2-ipv6-20110522-1/forward.c 4+++ b/forward.c
624@@ -262,7 +262,8 @@ send_control_channel_string (struct context *c, const char *str, int msglevel) 5@@ -262,7 +262,8 @@ send_control_channel_string (struct context *c, const char *str, int msglevel)
625 static void 6 static void
626 check_add_routes_action (struct context *c, const bool errors) 7 check_add_routes_action (struct context *c, const bool errors)
@@ -631,10 +12,10 @@ index 87d05cc..1f3d435 100644
631 update_time (); 12 update_time ();
632 event_timeout_clear (&c->c2.route_wakeup); 13 event_timeout_clear (&c->c2.route_wakeup);
633 event_timeout_clear (&c->c2.route_wakeup_expire); 14 event_timeout_clear (&c->c2.route_wakeup_expire);
634diff --git openvpn-2.2.0/helper.c openvpn-2.2-ipv6-20110522-1/helper.c 15diff --git a/helper.c b/helper.c
635index a9d7fd9..266b246 100644 16index a9d7fd9..266b246 100644
636--- openvpn-2.2.0/helper.c 17--- a/helper.c
637+++ openvpn-2.2-ipv6-20110522-1/helper.c 18+++ b/helper.c
638@@ -142,6 +142,55 @@ helper_client_server (struct options *o) 19@@ -142,6 +142,55 @@ helper_client_server (struct options *o)
639 20
640 #if P2MP 21 #if P2MP
@@ -691,10 +72,10 @@ index a9d7fd9..266b246 100644
691 /* 72 /*
692 * 73 *
693 * HELPER DIRECTIVE: 74 * HELPER DIRECTIVE:
694diff --git openvpn-2.2.0/init.c openvpn-2.2-ipv6-20110522-1/init.c 75diff --git a/init.c b/init.c
695index d47a4ef..7fc8eb7 100644 76index d47a4ef..7fc8eb7 100644
696--- openvpn-2.2.0/init.c 77--- a/init.c
697+++ openvpn-2.2-ipv6-20110522-1/init.c 78+++ b/init.c
698@@ -843,7 +843,7 @@ do_persist_tuntap (const struct options *options) 79@@ -843,7 +843,7 @@ do_persist_tuntap (const struct options *options)
699 msg (M_FATAL|M_OPTERR, 80 msg (M_FATAL|M_OPTERR,
700 "options --mktun or --rmtun should only be used together with --dev"); 81 "options --mktun or --rmtun should only be used together with --dev");
@@ -832,10 +213,10 @@ index d47a4ef..7fc8eb7 100644
832 213
833 /* actually close tun/tap device based on --down-pre flag */ 214 /* actually close tun/tap device based on --down-pre flag */
834 if (!c->options.down_pre) 215 if (!c->options.down_pre)
835diff --git openvpn-2.2.0/init.h openvpn-2.2-ipv6-20110522-1/init.h 216diff --git a/init.h b/init.h
836index cf5ca8a..5a1d1dc 100644 217index cf5ca8a..5a1d1dc 100644
837--- openvpn-2.2.0/init.h 218--- a/init.h
838+++ openvpn-2.2-ipv6-20110522-1/init.h 219+++ b/init.h
839@@ -63,6 +63,7 @@ void init_instance (struct context *c, const struct env_set *env, const unsigned 220@@ -63,6 +63,7 @@ void init_instance (struct context *c, const struct env_set *env, const unsigned
840 221
841 void do_route (const struct options *options, 222 void do_route (const struct options *options,
@@ -844,10 +225,10 @@ index cf5ca8a..5a1d1dc 100644
844 const struct tuntap *tt, 225 const struct tuntap *tt,
845 const struct plugin_list *plugins, 226 const struct plugin_list *plugins,
846 struct env_set *es); 227 struct env_set *es);
847diff --git openvpn-2.2.0/misc.c openvpn-2.2-ipv6-20110522-1/misc.c 228diff --git a/misc.c b/misc.c
848index 4067d85..9d351f4 100644 229index 4067d85..9d351f4 100644
849--- openvpn-2.2.0/misc.c 230--- a/misc.c
850+++ openvpn-2.2-ipv6-20110522-1/misc.c 231+++ b/misc.c
851@@ -1001,7 +1001,9 @@ setenv_str_ex (struct env_set *es, 232@@ -1001,7 +1001,9 @@ setenv_str_ex (struct env_set *es,
852 { 233 {
853 const char *str = construct_name_value (name_tmp, val_tmp, &gc); 234 const char *str = construct_name_value (name_tmp, val_tmp, &gc);
@@ -859,10 +240,10 @@ index 4067d85..9d351f4 100644
859 } 240 }
860 else 241 else
861 env_set_del (es, name_tmp); 242 env_set_del (es, name_tmp);
862diff --git openvpn-2.2.0/mroute.c openvpn-2.2-ipv6-20110522-1/mroute.c 243diff --git a/mroute.c b/mroute.c
863index 3debd80..3182f65 100644 244index 1b3488f..6cfec27 100644
864--- openvpn-2.2.0/mroute.c 245--- a/mroute.c
865+++ openvpn-2.2-ipv6-20110522-1/mroute.c 246+++ b/mroute.c
866@@ -88,12 +88,33 @@ mroute_get_in_addr_t (struct mroute_addr *ma, const in_addr_t src, unsigned int 247@@ -88,12 +88,33 @@ mroute_get_in_addr_t (struct mroute_addr *ma, const in_addr_t src, unsigned int
867 } 248 }
868 } 249 }
@@ -897,41 +278,44 @@ index 3debd80..3182f65 100644
897 #ifdef ENABLE_PF 278 #ifdef ENABLE_PF
898 279
899 static unsigned int 280 static unsigned int
900@@ -155,10 +176,29 @@ mroute_extract_addr_ipv4 (struct mroute_addr *src, 281@@ -157,13 +178,29 @@ mroute_extract_addr_ipv4 (struct mroute_addr *src,
901 } 282 }
902 break; 283 break;
903 case 6: 284 case 6:
904- { 285- {
905- msg (M_WARN, "Need IPv6 code in mroute_extract_addr_from_packet"); 286- if( !ipv6warned ) {
287- msg (M_WARN, "IPv6 in tun mode is not supported in OpenVPN 2.2");
288- ipv6warned = true;
289- }
906- break; 290- break;
907- } 291- }
908+ if (BLEN (buf) >= (int) sizeof (struct openvpn_ipv6hdr)) 292+ if (BLEN (buf) >= (int) sizeof (struct openvpn_ipv6hdr))
909+ { 293+ {
910+ const struct openvpn_ipv6hdr *ipv6 = (const struct openvpn_ipv6hdr *) BPTR (buf); 294+ const struct openvpn_ipv6hdr *ipv6 = (const struct openvpn_ipv6hdr *) BPTR (buf);
911+#if 0 /* very basic debug */ 295+#if 0 /* very basic debug */
912+ struct gc_arena gc = gc_new (); 296+ struct gc_arena gc = gc_new ();
913+ msg( M_INFO, "IPv6 packet! src=%s, dst=%s", 297+ msg( M_INFO, "IPv6 packet! src=%s, dst=%s",
914+ print_in6_addr( ipv6->saddr, 0, &gc ), 298+ print_in6_addr( ipv6->saddr, 0, &gc ),
915+ print_in6_addr( ipv6->daddr, 0, &gc )); 299+ print_in6_addr( ipv6->daddr, 0, &gc ));
916+ gc_free (&gc); 300+ gc_free (&gc);
917+#endif 301+#endif
918+ 302+
919+ mroute_get_in6_addr (src, ipv6->saddr, 0); 303+ mroute_get_in6_addr (src, ipv6->saddr, 0);
920+ mroute_get_in6_addr (dest, ipv6->daddr, 0); 304+ mroute_get_in6_addr (dest, ipv6->daddr, 0);
921+ 305+
922+ if (mroute_is_mcast_ipv6 (ipv6->daddr)) 306+ if (mroute_is_mcast_ipv6 (ipv6->daddr))
923+ ret |= MROUTE_EXTRACT_MCAST; 307+ ret |= MROUTE_EXTRACT_MCAST;
924+ 308+
925+ ret |= MROUTE_EXTRACT_SUCCEEDED; 309+ ret |= MROUTE_EXTRACT_SUCCEEDED;
926+ } 310+ }
927+ break; 311+ break;
928+ default: 312+ default:
929+ msg (M_WARN, "IP packet with unknown IP version=%d seen", 313+ msg (M_WARN, "IP packet with unknown IP version=%d seen",
930+ OPENVPN_IPH_GET_VER (*BPTR(buf))); 314+ OPENVPN_IPH_GET_VER (*BPTR(buf)));
931 } 315 }
932 } 316 }
933 return ret; 317 return ret;
934@@ -252,14 +292,36 @@ bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr, 318@@ -257,14 +294,36 @@ bool mroute_extract_openvpn_sockaddr (struct mroute_addr *addr,
935 * Zero off the host bits in an address, leaving 319 * Zero off the host bits in an address, leaving
936 * only the network bits, using the netbits member of 320 * only the network bits, using the netbits member of
937 * struct mroute_addr as the controlling parameter. 321 * struct mroute_addr as the controlling parameter.
@@ -971,7 +355,7 @@ index 3debd80..3182f65 100644
971 } 355 }
972 356
973 /* 357 /*
974@@ -337,17 +399,24 @@ mroute_addr_print_ex (const struct mroute_addr *ma, 358@@ -342,17 +401,24 @@ mroute_addr_print_ex (const struct mroute_addr *ma,
975 } 359 }
976 break; 360 break;
977 case MR_ADDR_IPV6: 361 case MR_ADDR_IPV6:
@@ -1007,7 +391,7 @@ index 3debd80..3182f65 100644
1007 391
1008 /* 392 /*
1009 * mroute_helper's main job is keeping track of 393 * mroute_helper's main job is keeping track of
1010@@ -418,6 +487,40 @@ mroute_helper_del_iroute (struct mroute_helper *mh, const struct iroute *ir) 394@@ -423,6 +489,40 @@ mroute_helper_del_iroute (struct mroute_helper *mh, const struct iroute *ir)
1011 } 395 }
1012 } 396 }
1013 397
@@ -1048,10 +432,10 @@ index 3debd80..3182f65 100644
1048 void 432 void
1049 mroute_helper_free (struct mroute_helper *mh) 433 mroute_helper_free (struct mroute_helper *mh)
1050 { 434 {
1051diff --git openvpn-2.2.0/mroute.h openvpn-2.2-ipv6-20110522-1/mroute.h 435diff --git a/mroute.h b/mroute.h
1052index 7265001..b72b5ff 100644 436index 7265001..b72b5ff 100644
1053--- openvpn-2.2.0/mroute.h 437--- a/mroute.h
1054+++ openvpn-2.2-ipv6-20110522-1/mroute.h 438+++ b/mroute.h
1055@@ -85,7 +85,7 @@ struct mroute_addr { 439@@ -85,7 +85,7 @@ struct mroute_addr {
1056 /* 440 /*
1057 * Number of bits in an address. Should be raised for IPv6. 441 * Number of bits in an address. Should be raised for IPv6.
@@ -1070,10 +454,10 @@ index 7265001..b72b5ff 100644
1070 454
1071 /* 455 /*
1072 * Given a raw packet in buf, return the src and dest 456 * Given a raw packet in buf, return the src and dest
1073diff --git openvpn-2.2.0/multi.c openvpn-2.2-ipv6-20110522-1/multi.c 457diff --git a/multi.c b/multi.c
1074index 22c0a3f..f703b8d 100644 458index 22c0a3f..f703b8d 100644
1075--- openvpn-2.2.0/multi.c 459--- a/multi.c
1076+++ openvpn-2.2-ipv6-20110522-1/multi.c 460+++ b/multi.c
1077@@ -316,25 +316,18 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa 461@@ -316,25 +316,18 @@ multi_init (struct multi_context *m, struct context *t, bool tcp_mode, int threa
1078 */ 462 */
1079 if (t->options.ifconfig_pool_defined) 463 if (t->options.ifconfig_pool_defined)
@@ -1310,11 +694,11 @@ index 22c0a3f..f703b8d 100644
1310 /* add routes locally, pointing to new client, if 694 /* add routes locally, pointing to new client, if
1311 --iroute options have been specified */ 695 --iroute options have been specified */
1312 multi_add_iroutes (m, mi); 696 multi_add_iroutes (m, mi);
1313diff --git openvpn-2.2.0/openvpn.8 openvpn-2.2-ipv6-20110522-1/openvpn.8 697diff --git a/openvpn.8 b/openvpn.8
1314index 7d213f9..11fd5ad 100644 698index 67a9779..5322618 100644
1315--- openvpn-2.2.0/openvpn.8 699--- a/openvpn.8
1316+++ openvpn-2.2-ipv6-20110522-1/openvpn.8 700+++ b/openvpn.8
1317@@ -789,6 +789,8 @@ or 701@@ -794,6 +794,8 @@ or
1318 .B \-\-dev tunX. 702 .B \-\-dev tunX.
1319 A warning will be displayed 703 A warning will be displayed
1320 if no specific IPv6 TUN support for your OS has been compiled into OpenVPN. 704 if no specific IPv6 TUN support for your OS has been compiled into OpenVPN.
@@ -1323,7 +707,7 @@ index 7d213f9..11fd5ad 100644
1323 .\"********************************************************* 707 .\"*********************************************************
1324 .TP 708 .TP
1325 .B \-\-dev-node node 709 .B \-\-dev-node node
1326@@ -4936,6 +4938,57 @@ if certificates are stored as private objects. 710@@ -4949,6 +4951,57 @@ if certificates are stored as private objects.
1327 .B \-\-verb 711 .B \-\-verb
1328 option can be used BEFORE this option to produce debugging information. 712 option can be used BEFORE this option to produce debugging information.
1329 .\"********************************************************* 713 .\"*********************************************************
@@ -1381,10 +765,10 @@ index 7d213f9..11fd5ad 100644
1381 .SH SCRIPTING AND ENVIRONMENTAL VARIABLES 765 .SH SCRIPTING AND ENVIRONMENTAL VARIABLES
1382 OpenVPN exports a series 766 OpenVPN exports a series
1383 of environmental variables for use by user-defined scripts. 767 of environmental variables for use by user-defined scripts.
1384diff --git openvpn-2.2.0/openvpn.h openvpn-2.2-ipv6-20110522-1/openvpn.h 768diff --git a/openvpn.h b/openvpn.h
1385index 641bf93..e5e6e58 100644 769index 641bf93..e5e6e58 100644
1386--- openvpn-2.2.0/openvpn.h 770--- a/openvpn.h
1387+++ openvpn-2.2-ipv6-20110522-1/openvpn.h 771+++ b/openvpn.h
1388@@ -165,6 +165,9 @@ struct context_1 772@@ -165,6 +165,9 @@ struct context_1
1389 /* list of --route directives */ 773 /* list of --route directives */
1390 struct route_list *route_list; 774 struct route_list *route_list;
@@ -1407,10 +791,10 @@ index 641bf93..e5e6e58 100644
1407 /* client authentication state, CAS_SUCCEEDED must be 0 */ 791 /* client authentication state, CAS_SUCCEEDED must be 0 */
1408 # define CAS_SUCCEEDED 0 792 # define CAS_SUCCEEDED 0
1409 # define CAS_PENDING 1 793 # define CAS_PENDING 1
1410diff --git openvpn-2.2.0/options.c openvpn-2.2-ipv6-20110522-1/options.c 794diff --git a/options.c b/options.c
1411index 7708995..bf59e00 100644 795index 7a5e35d..8fdd8a5 100644
1412--- openvpn-2.2.0/options.c 796--- a/options.c
1413+++ openvpn-2.2-ipv6-20110522-1/options.c 797+++ b/options.c
1414@@ -79,6 +79,7 @@ const char title_string[] = 798@@ -79,6 +79,7 @@ const char title_string[] =
1415 #ifdef ENABLE_EUREPHIA 799 #ifdef ENABLE_EUREPHIA
1416 " [eurephia]" 800 " [eurephia]"
@@ -1419,7 +803,7 @@ index 7708995..bf59e00 100644
1419 " built on " __DATE__ 803 " built on " __DATE__
1420 ; 804 ;
1421 805
1422@@ -171,6 +172,8 @@ static const char usage_message[] = 806@@ -172,6 +173,8 @@ static const char usage_message[] =
1423 " addresses outside of the subnets used by either peer.\n" 807 " addresses outside of the subnets used by either peer.\n"
1424 " TAP: configure device to use IP address l as a local\n" 808 " TAP: configure device to use IP address l as a local\n"
1425 " endpoint and rn as a subnet mask.\n" 809 " endpoint and rn as a subnet mask.\n"
@@ -1428,7 +812,7 @@ index 7708995..bf59e00 100644
1428 "--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead\n" 812 "--ifconfig-noexec : Don't actually execute ifconfig/netsh command, instead\n"
1429 " pass --ifconfig parms by environment to scripts.\n" 813 " pass --ifconfig parms by environment to scripts.\n"
1430 "--ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the\n" 814 "--ifconfig-nowarn : Don't warn if the --ifconfig option on this side of the\n"
1431@@ -181,6 +184,10 @@ static const char usage_message[] = 815@@ -182,6 +185,10 @@ static const char usage_message[] =
1432 " netmask default: 255.255.255.255\n" 816 " netmask default: 255.255.255.255\n"
1433 " gateway default: taken from --route-gateway or --ifconfig\n" 817 " gateway default: taken from --route-gateway or --ifconfig\n"
1434 " Specify default by leaving blank or setting to \"nil\".\n" 818 " Specify default by leaving blank or setting to \"nil\".\n"
@@ -1439,7 +823,7 @@ index 7708995..bf59e00 100644
1439 "--max-routes n : Specify the maximum number of routes that may be defined\n" 823 "--max-routes n : Specify the maximum number of routes that may be defined\n"
1440 " or pulled from a server.\n" 824 " or pulled from a server.\n"
1441 "--route-gateway gw|'dhcp' : Specify a default gateway for use with --route.\n" 825 "--route-gateway gw|'dhcp' : Specify a default gateway for use with --route.\n"
1442@@ -369,6 +376,7 @@ static const char usage_message[] = 826@@ -370,6 +377,7 @@ static const char usage_message[] =
1443 "\n" 827 "\n"
1444 "Multi-Client Server options (when --mode server is used):\n" 828 "Multi-Client Server options (when --mode server is used):\n"
1445 "--server network netmask : Helper option to easily configure server mode.\n" 829 "--server network netmask : Helper option to easily configure server mode.\n"
@@ -1447,7 +831,7 @@ index 7708995..bf59e00 100644
1447 "--server-bridge [IP netmask pool-start-IP pool-end-IP] : Helper option to\n" 831 "--server-bridge [IP netmask pool-start-IP pool-end-IP] : Helper option to\n"
1448 " easily configure ethernet bridging server mode.\n" 832 " easily configure ethernet bridging server mode.\n"
1449 "--push \"option\" : Push a config file option back to the peer for remote\n" 833 "--push \"option\" : Push a config file option back to the peer for remote\n"
1450@@ -382,10 +390,16 @@ static const char usage_message[] = 834@@ -383,10 +391,16 @@ static const char usage_message[] =
1451 "--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool\n" 835 "--ifconfig-pool-persist file [seconds] : Persist/unpersist ifconfig-pool\n"
1452 " data to file, at seconds intervals (default=600).\n" 836 " data to file, at seconds intervals (default=600).\n"
1453 " If seconds=0, file will be treated as read-only.\n" 837 " If seconds=0, file will be treated as read-only.\n"
@@ -1464,7 +848,7 @@ index 7708995..bf59e00 100644
1464 " Sets up internal routes only.\n" 848 " Sets up internal routes only.\n"
1465 " Only valid in a client-specific config file.\n" 849 " Only valid in a client-specific config file.\n"
1466 "--disable : Client is disabled.\n" 850 "--disable : Client is disabled.\n"
1467@@ -870,6 +884,78 @@ get_ip_addr (const char *ip_string, int msglevel, bool *error) 851@@ -871,6 +885,78 @@ get_ip_addr (const char *ip_string, int msglevel, bool *error)
1468 return ret; 852 return ret;
1469 } 853 }
1470 854
@@ -1543,7 +927,7 @@ index 7708995..bf59e00 100644
1543 static char * 927 static char *
1544 string_substitute (const char *src, int from, int to, struct gc_arena *gc) 928 string_substitute (const char *src, int from, int to, struct gc_arena *gc)
1545 { 929 {
1546@@ -988,6 +1074,8 @@ show_p2mp_parms (const struct options *o) 930@@ -989,6 +1075,8 @@ show_p2mp_parms (const struct options *o)
1547 #if P2MP_SERVER 931 #if P2MP_SERVER
1548 msg (D_SHOW_PARMS, " server_network = %s", print_in_addr_t (o->server_network, 0, &gc)); 932 msg (D_SHOW_PARMS, " server_network = %s", print_in_addr_t (o->server_network, 0, &gc));
1549 msg (D_SHOW_PARMS, " server_netmask = %s", print_in_addr_t (o->server_netmask, 0, &gc)); 933 msg (D_SHOW_PARMS, " server_netmask = %s", print_in_addr_t (o->server_netmask, 0, &gc));
@@ -1552,7 +936,7 @@ index 7708995..bf59e00 100644
1552 msg (D_SHOW_PARMS, " server_bridge_ip = %s", print_in_addr_t (o->server_bridge_ip, 0, &gc)); 936 msg (D_SHOW_PARMS, " server_bridge_ip = %s", print_in_addr_t (o->server_bridge_ip, 0, &gc));
1553 msg (D_SHOW_PARMS, " server_bridge_netmask = %s", print_in_addr_t (o->server_bridge_netmask, 0, &gc)); 937 msg (D_SHOW_PARMS, " server_bridge_netmask = %s", print_in_addr_t (o->server_bridge_netmask, 0, &gc));
1554 msg (D_SHOW_PARMS, " server_bridge_pool_start = %s", print_in_addr_t (o->server_bridge_pool_start, 0, &gc)); 938 msg (D_SHOW_PARMS, " server_bridge_pool_start = %s", print_in_addr_t (o->server_bridge_pool_start, 0, &gc));
1555@@ -1008,6 +1096,9 @@ show_p2mp_parms (const struct options *o) 939@@ -1009,6 +1097,9 @@ show_p2mp_parms (const struct options *o)
1556 msg (D_SHOW_PARMS, " ifconfig_pool_netmask = %s", print_in_addr_t (o->ifconfig_pool_netmask, 0, &gc)); 940 msg (D_SHOW_PARMS, " ifconfig_pool_netmask = %s", print_in_addr_t (o->ifconfig_pool_netmask, 0, &gc));
1557 SHOW_STR (ifconfig_pool_persist_filename); 941 SHOW_STR (ifconfig_pool_persist_filename);
1558 SHOW_INT (ifconfig_pool_persist_refresh_freq); 942 SHOW_INT (ifconfig_pool_persist_refresh_freq);
@@ -1562,7 +946,7 @@ index 7708995..bf59e00 100644
1562 SHOW_INT (n_bcast_buf); 946 SHOW_INT (n_bcast_buf);
1563 SHOW_INT (tcp_queue_limit); 947 SHOW_INT (tcp_queue_limit);
1564 SHOW_INT (real_hash_size); 948 SHOW_INT (real_hash_size);
1565@@ -1021,6 +1112,9 @@ show_p2mp_parms (const struct options *o) 949@@ -1022,6 +1113,9 @@ show_p2mp_parms (const struct options *o)
1566 SHOW_BOOL (push_ifconfig_defined); 950 SHOW_BOOL (push_ifconfig_defined);
1567 msg (D_SHOW_PARMS, " push_ifconfig_local = %s", print_in_addr_t (o->push_ifconfig_local, 0, &gc)); 951 msg (D_SHOW_PARMS, " push_ifconfig_local = %s", print_in_addr_t (o->push_ifconfig_local, 0, &gc));
1568 msg (D_SHOW_PARMS, " push_ifconfig_remote_netmask = %s", print_in_addr_t (o->push_ifconfig_remote_netmask, 0, &gc)); 952 msg (D_SHOW_PARMS, " push_ifconfig_remote_netmask = %s", print_in_addr_t (o->push_ifconfig_remote_netmask, 0, &gc));
@@ -1572,7 +956,7 @@ index 7708995..bf59e00 100644
1572 SHOW_BOOL (enable_c2c); 956 SHOW_BOOL (enable_c2c);
1573 SHOW_BOOL (duplicate_cn); 957 SHOW_BOOL (duplicate_cn);
1574 SHOW_INT (cf_max); 958 SHOW_INT (cf_max);
1575@@ -1075,6 +1169,25 @@ option_iroute (struct options *o, 959@@ -1076,6 +1170,25 @@ option_iroute (struct options *o,
1576 o->iroutes = ir; 960 o->iroutes = ir;
1577 } 961 }
1578 962
@@ -1598,7 +982,7 @@ index 7708995..bf59e00 100644
1598 #endif /* P2MP_SERVER */ 982 #endif /* P2MP_SERVER */
1599 #endif /* P2MP */ 983 #endif /* P2MP */
1600 984
1601@@ -1112,6 +1225,13 @@ rol_check_alloc (struct options *options) 985@@ -1113,6 +1226,13 @@ rol_check_alloc (struct options *options)
1602 options->routes = new_route_option_list (options->max_routes, &options->gc); 986 options->routes = new_route_option_list (options->max_routes, &options->gc);
1603 } 987 }
1604 988
@@ -1612,7 +996,7 @@ index 7708995..bf59e00 100644
1612 #ifdef ENABLE_DEBUG 996 #ifdef ENABLE_DEBUG
1613 static void 997 static void
1614 show_connection_entry (const struct connection_entry *o) 998 show_connection_entry (const struct connection_entry *o)
1615@@ -1202,6 +1322,9 @@ show_settings (const struct options *o) 999@@ -1203,6 +1323,9 @@ show_settings (const struct options *o)
1616 SHOW_STR (ifconfig_remote_netmask); 1000 SHOW_STR (ifconfig_remote_netmask);
1617 SHOW_BOOL (ifconfig_noexec); 1001 SHOW_BOOL (ifconfig_noexec);
1618 SHOW_BOOL (ifconfig_nowarn); 1002 SHOW_BOOL (ifconfig_nowarn);
@@ -1622,7 +1006,7 @@ index 7708995..bf59e00 100644
1622 1006
1623 #ifdef HAVE_GETTIMEOFDAY 1007 #ifdef HAVE_GETTIMEOFDAY
1624 SHOW_INT (shaper); 1008 SHOW_INT (shaper);
1625@@ -1862,8 +1985,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne 1009@@ -1863,8 +1986,10 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
1626 if (options->connection_list) 1010 if (options->connection_list)
1627 msg (M_USAGE, "<connection> cannot be used with --mode server"); 1011 msg (M_USAGE, "<connection> cannot be used with --mode server");
1628 #endif 1012 #endif
@@ -1633,7 +1017,7 @@ index 7708995..bf59e00 100644
1633 if (options->shaper) 1017 if (options->shaper)
1634 msg (M_USAGE, "--shaper cannot be used with --mode server"); 1018 msg (M_USAGE, "--shaper cannot be used with --mode server");
1635 if (options->inetd) 1019 if (options->inetd)
1636@@ -1888,6 +2013,11 @@ options_postprocess_verify_ce (const struct options *options, const struct conne 1020@@ -1889,6 +2014,11 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
1637 msg (M_USAGE, "--up-delay cannot be used with --mode server"); 1021 msg (M_USAGE, "--up-delay cannot be used with --mode server");
1638 if (!options->ifconfig_pool_defined && options->ifconfig_pool_persist_filename) 1022 if (!options->ifconfig_pool_defined && options->ifconfig_pool_persist_filename)
1639 msg (M_USAGE, "--ifconfig-pool-persist must be used with --ifconfig-pool"); 1023 msg (M_USAGE, "--ifconfig-pool-persist must be used with --ifconfig-pool");
@@ -1645,7 +1029,7 @@ index 7708995..bf59e00 100644
1645 if (options->auth_user_pass_file) 1029 if (options->auth_user_pass_file)
1646 msg (M_USAGE, "--auth-user-pass cannot be used with --mode server (it should be used on the client side only)"); 1030 msg (M_USAGE, "--auth-user-pass cannot be used with --mode server (it should be used on the client side only)");
1647 if (options->ccd_exclusive && !options->client_config_dir) 1031 if (options->ccd_exclusive && !options->client_config_dir)
1648@@ -1919,6 +2049,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne 1032@@ -1920,6 +2050,8 @@ options_postprocess_verify_ce (const struct options *options, const struct conne
1649 */ 1033 */
1650 if (options->ifconfig_pool_defined || options->ifconfig_pool_persist_filename) 1034 if (options->ifconfig_pool_defined || options->ifconfig_pool_persist_filename)
1651 msg (M_USAGE, "--ifconfig-pool/--ifconfig-pool-persist requires --mode server"); 1035 msg (M_USAGE, "--ifconfig-pool/--ifconfig-pool-persist requires --mode server");
@@ -1654,7 +1038,7 @@ index 7708995..bf59e00 100644
1654 if (options->real_hash_size != defaults.real_hash_size 1038 if (options->real_hash_size != defaults.real_hash_size
1655 || options->virtual_hash_size != defaults.virtual_hash_size) 1039 || options->virtual_hash_size != defaults.virtual_hash_size)
1656 msg (M_USAGE, "--hash-size requires --mode server"); 1040 msg (M_USAGE, "--hash-size requires --mode server");
1657@@ -2460,6 +2592,8 @@ options_string (const struct options *o, 1041@@ -2461,6 +2593,8 @@ options_string (const struct options *o,
1658 o->topology, 1042 o->topology,
1659 o->ifconfig_local, 1043 o->ifconfig_local,
1660 o->ifconfig_remote_netmask, 1044 o->ifconfig_remote_netmask,
@@ -1663,7 +1047,7 @@ index 7708995..bf59e00 100644
1663 (in_addr_t)0, 1047 (in_addr_t)0,
1664 (in_addr_t)0, 1048 (in_addr_t)0,
1665 false, 1049 false,
1666@@ -3785,6 +3919,30 @@ add_option (struct options *options, 1050@@ -3786,6 +3920,30 @@ add_option (struct options *options,
1667 goto err; 1051 goto err;
1668 } 1052 }
1669 } 1053 }
@@ -1694,7 +1078,7 @@ index 7708995..bf59e00 100644
1694 else if (streq (p[0], "ifconfig-noexec")) 1078 else if (streq (p[0], "ifconfig-noexec"))
1695 { 1079 {
1696 VERIFY_PERMISSION (OPT_P_UP); 1080 VERIFY_PERMISSION (OPT_P_UP);
1697@@ -4585,6 +4743,26 @@ add_option (struct options *options, 1081@@ -4586,6 +4744,26 @@ add_option (struct options *options,
1698 } 1082 }
1699 add_route_to_option_list (options->routes, p[1], p[2], p[3], p[4]); 1083 add_route_to_option_list (options->routes, p[1], p[2], p[3], p[4]);
1700 } 1084 }
@@ -1721,7 +1105,7 @@ index 7708995..bf59e00 100644
1721 else if (streq (p[0], "max-routes") && p[1]) 1105 else if (streq (p[0], "max-routes") && p[1])
1722 { 1106 {
1723 int max_routes; 1107 int max_routes;
1724@@ -4796,6 +4974,33 @@ add_option (struct options *options, 1108@@ -4797,6 +4975,33 @@ add_option (struct options *options,
1725 } 1109 }
1726 } 1110 }
1727 } 1111 }
@@ -1755,7 +1139,7 @@ index 7708995..bf59e00 100644
1755 else if (streq (p[0], "server-bridge") && p[1] && p[2] && p[3] && p[4]) 1139 else if (streq (p[0], "server-bridge") && p[1] && p[2] && p[3] && p[4])
1756 { 1140 {
1757 const int lev = M_WARN; 1141 const int lev = M_WARN;
1758@@ -4880,6 +5085,28 @@ add_option (struct options *options, 1142@@ -4881,6 +5086,28 @@ add_option (struct options *options,
1759 VERIFY_PERMISSION (OPT_P_GENERAL); 1143 VERIFY_PERMISSION (OPT_P_GENERAL);
1760 options->topology = TOP_P2P; 1144 options->topology = TOP_P2P;
1761 } 1145 }
@@ -1784,7 +1168,7 @@ index 7708995..bf59e00 100644
1784 else if (streq (p[0], "hash-size") && p[1] && p[2]) 1168 else if (streq (p[0], "hash-size") && p[1] && p[2])
1785 { 1169 {
1786 int real, virtual; 1170 int real, virtual;
1787@@ -5075,6 +5302,11 @@ add_option (struct options *options, 1171@@ -5076,6 +5303,11 @@ add_option (struct options *options,
1788 } 1172 }
1789 option_iroute (options, p[1], netmask, msglevel); 1173 option_iroute (options, p[1], netmask, msglevel);
1790 } 1174 }
@@ -1796,7 +1180,7 @@ index 7708995..bf59e00 100644
1796 else if (streq (p[0], "ifconfig-push") && p[1] && p[2]) 1180 else if (streq (p[0], "ifconfig-push") && p[1] && p[2])
1797 { 1181 {
1798 in_addr_t local, remote_netmask; 1182 in_addr_t local, remote_netmask;
1799@@ -5113,6 +5345,43 @@ add_option (struct options *options, 1183@@ -5114,6 +5346,43 @@ add_option (struct options *options,
1800 goto err; 1184 goto err;
1801 } 1185 }
1802 } 1186 }
@@ -1840,10 +1224,10 @@ index 7708995..bf59e00 100644
1840 else if (streq (p[0], "disable")) 1224 else if (streq (p[0], "disable"))
1841 { 1225 {
1842 VERIFY_PERMISSION (OPT_P_INSTANCE); 1226 VERIFY_PERMISSION (OPT_P_INSTANCE);
1843diff --git openvpn-2.2.0/options.h openvpn-2.2-ipv6-20110522-1/options.h 1227diff --git a/options.h b/options.h
1844index 7f4c0cd..dd04ee8 100644 1228index dd49355..3b01597 100644
1845--- openvpn-2.2.0/options.h 1229--- a/options.h
1846+++ openvpn-2.2-ipv6-20110522-1/options.h 1230+++ b/options.h
1847@@ -205,6 +205,9 @@ struct options 1231@@ -205,6 +205,9 @@ struct options
1848 int topology; /* one of the TOP_x values from proto.h */ 1232 int topology; /* one of the TOP_x values from proto.h */
1849 const char *ifconfig_local; 1233 const char *ifconfig_local;
@@ -1862,15 +1246,7 @@ index 7f4c0cd..dd04ee8 100644
1862 bool route_nopull; 1246 bool route_nopull;
1863 bool route_gateway_via_dhcp; 1247 bool route_gateway_via_dhcp;
1864 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */ 1248 bool allow_pull_fqdn; /* as a client, allow server to push a FQDN for certain parameters */
1865@@ -355,12 +359,17 @@ struct options 1249@@ -363,6 +367,9 @@ struct options
1866 struct plugin_option_list *plugin_list;
1867 #endif
1868
1869+ const char *tmp_dir;
1870+
1871 #if P2MP
1872
1873 #if P2MP_SERVER
1874 bool server_defined; 1250 bool server_defined;
1875 in_addr_t server_network; 1251 in_addr_t server_network;
1876 in_addr_t server_netmask; 1252 in_addr_t server_netmask;
@@ -1880,42 +1256,37 @@ index 7f4c0cd..dd04ee8 100644
1880 1256
1881 # define SF_NOPOOL (1<<0) 1257 # define SF_NOPOOL (1<<0)
1882 # define SF_TCP_NODELAY_HELPER (1<<1) 1258 # define SF_TCP_NODELAY_HELPER (1<<1)
1883@@ -382,24 +391,33 @@ struct options 1259@@ -384,6 +391,11 @@ struct options
1884 in_addr_t ifconfig_pool_netmask; 1260 in_addr_t ifconfig_pool_netmask;
1885 const char *ifconfig_pool_persist_filename; 1261 const char *ifconfig_pool_persist_filename;
1886 int ifconfig_pool_persist_refresh_freq; 1262 int ifconfig_pool_persist_refresh_freq;
1887+ 1263+
1888+ bool ifconfig_ipv6_pool_defined; /* IPv6 */ 1264+ bool ifconfig_ipv6_pool_defined; /* IPv6 */
1889+ struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */ 1265+ struct in6_addr ifconfig_ipv6_pool_base; /* IPv6 */
1890+ int ifconfig_ipv6_pool_netbits; /* IPv6 */ 1266+ int ifconfig_ipv6_pool_netbits; /* IPv6 */
1891+ 1267+
1892 int real_hash_size; 1268 int real_hash_size;
1893 int virtual_hash_size; 1269 int virtual_hash_size;
1894 const char *client_connect_script; 1270 const char *client_connect_script;
1895 const char *client_disconnect_script; 1271@@ -395,12 +407,17 @@ struct options
1896 const char *learn_address_script;
1897- const char *tmp_dir;
1898 const char *client_config_dir;
1899 bool ccd_exclusive;
1900 bool disable;
1901 int n_bcast_buf; 1272 int n_bcast_buf;
1902 int tcp_queue_limit; 1273 int tcp_queue_limit;
1903 struct iroute *iroutes; 1274 struct iroute *iroutes;
1904+ struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */ 1275+ struct iroute_ipv6 *iroutes_ipv6; /* IPv6 */
1905 bool push_ifconfig_defined; 1276 bool push_ifconfig_defined;
1906 in_addr_t push_ifconfig_local; 1277 in_addr_t push_ifconfig_local;
1907 in_addr_t push_ifconfig_remote_netmask; 1278 in_addr_t push_ifconfig_remote_netmask;
1908 bool push_ifconfig_constraint_defined; 1279 bool push_ifconfig_constraint_defined;
1909 in_addr_t push_ifconfig_constraint_network; 1280 in_addr_t push_ifconfig_constraint_network;
1910 in_addr_t push_ifconfig_constraint_netmask; 1281 in_addr_t push_ifconfig_constraint_netmask;
1911+ bool push_ifconfig_ipv6_defined; /* IPv6 */ 1282+ bool push_ifconfig_ipv6_defined; /* IPv6 */
1912+ struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */ 1283+ struct in6_addr push_ifconfig_ipv6_local; /* IPv6 */
1913+ int push_ifconfig_ipv6_netbits; /* IPv6 */ 1284+ int push_ifconfig_ipv6_netbits; /* IPv6 */
1914+ struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */ 1285+ struct in6_addr push_ifconfig_ipv6_remote; /* IPv6 */
1915 bool enable_c2c; 1286 bool enable_c2c;
1916 bool duplicate_cn; 1287 bool duplicate_cn;
1917 int cf_max; 1288 int cf_max;
1918@@ -722,6 +740,10 @@ void options_string_import (struct options *options, 1289@@ -723,6 +740,10 @@ void options_string_import (struct options *options,
1919 unsigned int *option_types_found, 1290 unsigned int *option_types_found,
1920 struct env_set *es); 1291 struct env_set *es);
1921 1292
@@ -1926,10 +1297,10 @@ index 7f4c0cd..dd04ee8 100644
1926 /* 1297 /*
1927 * inline functions 1298 * inline functions
1928 */ 1299 */
1929diff --git openvpn-2.2.0/pool.c openvpn-2.2-ipv6-20110522-1/pool.c 1300diff --git a/pool.c b/pool.c
1930index 84333df..60dc520 100644 1301index 84333df..60dc520 100644
1931--- openvpn-2.2.0/pool.c 1302--- a/pool.c
1932+++ openvpn-2.2-ipv6-20110522-1/pool.c 1303+++ b/pool.c
1933@@ -132,7 +132,10 @@ ifconfig_pool_verify_range (const int msglevel, const in_addr_t start, const in_ 1304@@ -132,7 +132,10 @@ ifconfig_pool_verify_range (const int msglevel, const in_addr_t start, const in_
1934 } 1305 }
1935 1306
@@ -2078,10 +1449,10 @@ index 84333df..60dc520 100644
2078 if (h < 0) 1449 if (h < 0)
2079 break; 1450 break;
2080 msg (M_INFO | M_NOPREFIX, "IFCONFIG_POOL TEST pass 3: l=%s r=%s cn=%s", 1451 msg (M_INFO | M_NOPREFIX, "IFCONFIG_POOL TEST pass 3: l=%s r=%s cn=%s",
2081diff --git openvpn-2.2.0/pool.h openvpn-2.2-ipv6-20110522-1/pool.h 1452diff --git a/pool.h b/pool.h
2082index 81264a9..fc9d6ab 100644 1453index 81264a9..fc9d6ab 100644
2083--- openvpn-2.2.0/pool.h 1454--- a/pool.h
2084+++ openvpn-2.2-ipv6-20110522-1/pool.h 1455+++ b/pool.h
2085@@ -52,6 +52,9 @@ struct ifconfig_pool 1456@@ -52,6 +52,9 @@ struct ifconfig_pool
2086 int size; 1457 int size;
2087 int type; 1458 int type;
@@ -2108,10 +1479,10 @@ index 81264a9..fc9d6ab 100644
2108 1479
2109 bool ifconfig_pool_release (struct ifconfig_pool* pool, ifconfig_pool_handle hand, const bool hard); 1480 bool ifconfig_pool_release (struct ifconfig_pool* pool, ifconfig_pool_handle hand, const bool hard);
2110 1481
2111diff --git openvpn-2.2.0/proto.h openvpn-2.2-ipv6-20110522-1/proto.h 1482diff --git a/proto.h b/proto.h
2112index 55f0832..b8e8997 100644 1483index 55f0832..b8e8997 100644
2113--- openvpn-2.2.0/proto.h 1484--- a/proto.h
2114+++ openvpn-2.2-ipv6-20110522-1/proto.h 1485+++ b/proto.h
2115@@ -108,6 +108,21 @@ struct openvpn_iphdr { 1486@@ -108,6 +108,21 @@ struct openvpn_iphdr {
2116 }; 1487 };
2117 1488
@@ -2134,10 +1505,10 @@ index 55f0832..b8e8997 100644
2134 * UDP header 1505 * UDP header
2135 */ 1506 */
2136 struct openvpn_udphdr { 1507 struct openvpn_udphdr {
2137diff --git openvpn-2.2.0/push.c openvpn-2.2-ipv6-20110522-1/push.c 1508diff --git a/push.c b/push.c
2138index 08c7f99..1fd8bea 100644 1509index 08c7f99..1fd8bea 100644
2139--- openvpn-2.2.0/push.c 1510--- a/push.c
2140+++ openvpn-2.2-ipv6-20110522-1/push.c 1511+++ b/push.c
2141@@ -189,8 +189,26 @@ send_push_reply (struct context *c) 1512@@ -189,8 +189,26 @@ send_push_reply (struct context *c)
2142 const int safe_cap = BCAP (&buf) - extra; 1513 const int safe_cap = BCAP (&buf) - extra;
2143 bool push_sent = false; 1514 bool push_sent = false;
@@ -2165,10 +1536,10 @@ index 08c7f99..1fd8bea 100644
2165 while (e) 1536 while (e)
2166 { 1537 {
2167 if (e->enable) 1538 if (e->enable)
2168diff --git openvpn-2.2.0/route.c openvpn-2.2-ipv6-20110522-1/route.c 1539diff --git a/route.c b/route.c
2169index b5092fe..7c81f75 100644 1540index b5092fe..7c81f75 100644
2170--- openvpn-2.2.0/route.c 1541--- a/route.c
2171+++ openvpn-2.2-ipv6-20110522-1/route.c 1542+++ b/route.c
2172@@ -35,6 +35,7 @@ 1543@@ -35,6 +35,7 @@
2173 #include "socket.h" 1544 #include "socket.h"
2174 #include "manage.h" 1545 #include "manage.h"
@@ -2835,10 +2206,10 @@ index b5092fe..7c81f75 100644
2835 /* 2206 /*
2836 * The --redirect-gateway option requires OS-specific code below 2207 * The --redirect-gateway option requires OS-specific code below
2837 * to get the current default gateway. 2208 * to get the current default gateway.
2838diff --git openvpn-2.2.0/route.h openvpn-2.2-ipv6-20110522-1/route.h 2209diff --git a/route.h b/route.h
2839index c5cbb7c..6a7704f 100644 2210index c5cbb7c..6a7704f 100644
2840--- openvpn-2.2.0/route.h 2211--- a/route.h
2841+++ openvpn-2.2-ipv6-20110522-1/route.h 2212+++ b/route.h
2842@@ -92,6 +92,19 @@ struct route_option_list { 2213@@ -92,6 +92,19 @@ struct route_option_list {
2843 struct route_option routes[EMPTY_ARRAY_SIZE]; 2214 struct route_option routes[EMPTY_ARRAY_SIZE];
2844 }; 2215 };
@@ -2960,10 +2331,10 @@ index c5cbb7c..6a7704f 100644
2960 2331
2961 bool is_special_addr (const char *addr_str); 2332 bool is_special_addr (const char *addr_str);
2962 2333
2963diff --git openvpn-2.2.0/socket.c openvpn-2.2-ipv6-20110522-1/socket.c 2334diff --git a/socket.c b/socket.c
2964index 4720398..c04edc9 100644 2335index 4720398..c04edc9 100644
2965--- openvpn-2.2.0/socket.c 2336--- a/socket.c
2966+++ openvpn-2.2-ipv6-20110522-1/socket.c 2337+++ b/socket.c
2967@@ -342,6 +342,24 @@ ip_addr_dotted_quad_safe (const char *dotted_quad) 2338@@ -342,6 +342,24 @@ ip_addr_dotted_quad_safe (const char *dotted_quad)
2968 } 2339 }
2969 } 2340 }
@@ -3104,10 +2475,10 @@ index 4720398..c04edc9 100644
3104 int 2475 int
3105 socket_recv_queue (struct link_socket *sock, int maxsize) 2476 socket_recv_queue (struct link_socket *sock, int maxsize)
3106 { 2477 {
3107diff --git openvpn-2.2.0/socket.h openvpn-2.2-ipv6-20110522-1/socket.h 2478diff --git a/socket.h b/socket.h
3108index eef98d1..17943e7 100644 2479index eef98d1..17943e7 100644
3109--- openvpn-2.2.0/socket.h 2480--- a/socket.h
3110+++ openvpn-2.2-ipv6-20110522-1/socket.h 2481+++ b/socket.h
3111@@ -351,6 +351,8 @@ const char *print_link_socket_actual (const struct link_socket_actual *act, 2482@@ -351,6 +351,8 @@ const char *print_link_socket_actual (const struct link_socket_actual *act,
3112 #define IA_EMPTY_IF_UNDEF (1<<0) 2483 #define IA_EMPTY_IF_UNDEF (1<<0)
3113 #define IA_NET_ORDER (1<<1) 2484 #define IA_NET_ORDER (1<<1)
@@ -3125,10 +2496,10 @@ index eef98d1..17943e7 100644
3125 2496
3126 socket_descriptor_t create_socket_tcp (void); 2497 socket_descriptor_t create_socket_tcp (void);
3127 2498
3128diff --git openvpn-2.2.0/syshead.h openvpn-2.2-ipv6-20110522-1/syshead.h 2499diff --git a/syshead.h b/syshead.h
3129index 63b82ba..a01c2c4 100644 2500index b81ce59..fe4af3f 100644
3130--- openvpn-2.2.0/syshead.h 2501--- a/syshead.h
3131+++ openvpn-2.2-ipv6-20110522-1/syshead.h 2502+++ b/syshead.h
3132@@ -28,6 +28,10 @@ 2503@@ -28,6 +28,10 @@
3133 /* 2504 /*
3134 * Only include if not during configure 2505 * Only include if not during configure
@@ -3150,10 +2521,10 @@ index 63b82ba..a01c2c4 100644
3150 #endif 2521 #endif
3151 2522
3152 #ifdef HAVE_SYS_MMAN_H 2523 #ifdef HAVE_SYS_MMAN_H
3153diff --git openvpn-2.2.0/tun.c openvpn-2.2-ipv6-20110522-1/tun.c 2524diff --git a/tun.c b/tun.c
3154index 59e87dc..cea1784 100644 2525index d03e8c7..4be71de 100644
3155--- openvpn-2.2.0/tun.c 2526--- a/tun.c
3156+++ openvpn-2.2-ipv6-20110522-1/tun.c 2527+++ b/tun.c
3157@@ -56,13 +56,14 @@ static void netsh_ifconfig (const struct tuntap_options *to, 2528@@ -56,13 +56,14 @@ static void netsh_ifconfig (const struct tuntap_options *to,
3158 const in_addr_t ip, 2529 const in_addr_t ip,
3159 const in_addr_t netmask, 2530 const in_addr_t netmask,
@@ -3618,23 +2989,7 @@ index 59e87dc..cea1784 100644
3618 2989
3619 /* 2990 /*
3620 * We handle --dev null specially, we do not open /dev/null for this. 2991 * We handle --dev null specially, we do not open /dev/null for this.
3621@@ -1215,13 +1457,13 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 2992@@ -1222,9 +1464,9 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6
3622 close (tt->fd);
3623 tt->fd = -1;
3624 }
3625- open_tun_generic (dev, dev_type, dev_node, ipv6, false, true, tt);
3626+ open_tun_generic (dev, dev_type, dev_node, false, true, tt);
3627 }
3628
3629 #else
3630
3631 void
3632-open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, struct tuntap *tt)
3633+open_tun (const char *dev, const char *dev_type, const char *dev_node, struct tuntap *tt)
3634 {
3635 ASSERT (0);
3636 }
3637@@ -1231,9 +1473,9 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6
3638 #else 2993 #else
3639 2994
3640 void 2995 void
@@ -3646,7 +3001,7 @@ index 59e87dc..cea1784 100644
3646 } 3001 }
3647 3002
3648 #endif /* HAVE_LINUX_IF_TUN_H */ 3003 #endif /* HAVE_LINUX_IF_TUN_H */
3649@@ -1253,7 +1495,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 3004@@ -1244,7 +1486,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6
3650 #endif 3005 #endif
3651 3006
3652 void 3007 void
@@ -3655,7 +3010,7 @@ index 59e87dc..cea1784 100644
3655 { 3010 {
3656 struct tuntap *tt; 3011 struct tuntap *tt;
3657 3012
3658@@ -1261,7 +1503,7 @@ tuncfg (const char *dev, const char *dev_type, const char *dev_node, bool ipv6, 3013@@ -1252,7 +1494,7 @@ tuncfg (const char *dev, const char *dev_type, const char *dev_node, bool ipv6,
3659 clear_tuntap (tt); 3014 clear_tuntap (tt);
3660 tt->type = dev_type_enum (dev, dev_type); 3015 tt->type = dev_type_enum (dev, dev_type);
3661 tt->options = *options; 3016 tt->options = *options;
@@ -3664,7 +3019,7 @@ index 59e87dc..cea1784 100644
3664 if (ioctl (tt->fd, TUNSETPERSIST, persist_mode) < 0) 3019 if (ioctl (tt->fd, TUNSETPERSIST, persist_mode) < 0)
3665 msg (M_ERR, "Cannot ioctl TUNSETPERSIST(%d) %s", persist_mode, dev); 3020 msg (M_ERR, "Cannot ioctl TUNSETPERSIST(%d) %s", persist_mode, dev);
3666 if (username != NULL) 3021 if (username != NULL)
3667@@ -1404,7 +1646,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) 3022@@ -1395,7 +1637,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
3668 #endif 3023 #endif
3669 3024
3670 void 3025 void
@@ -3673,7 +3028,7 @@ index 59e87dc..cea1784 100644
3673 { 3028 {
3674 int if_fd, ip_muxid, arp_muxid, arp_fd, ppa = -1; 3029 int if_fd, ip_muxid, arp_muxid, arp_fd, ppa = -1;
3675 struct lifreq ifr; 3030 struct lifreq ifr;
3676@@ -1415,8 +1657,11 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 3031@@ -1406,8 +1648,11 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6
3677 bool is_tun; 3032 bool is_tun;
3678 struct strioctl strioc_if, strioc_ppa; 3033 struct strioctl strioc_if, strioc_ppa;
3679 3034
@@ -3687,7 +3042,7 @@ index 59e87dc..cea1784 100644
3687 3042
3688 if (tt->type == DEV_TYPE_NULL) 3043 if (tt->type == DEV_TYPE_NULL)
3689 { 3044 {
3690@@ -1570,6 +1815,18 @@ solaris_close_tun (struct tuntap *tt) 3045@@ -1561,6 +1806,18 @@ solaris_close_tun (struct tuntap *tt)
3691 { 3046 {
3692 if (tt) 3047 if (tt)
3693 { 3048 {
@@ -3706,7 +3061,7 @@ index 59e87dc..cea1784 100644
3706 if (tt->ip_fd >= 0) 3061 if (tt->ip_fd >= 0)
3707 { 3062 {
3708 struct lifreq ifr; 3063 struct lifreq ifr;
3709@@ -1622,11 +1879,20 @@ close_tun (struct tuntap *tt) 3064@@ -1613,11 +1870,20 @@ close_tun (struct tuntap *tt)
3710 } 3065 }
3711 3066
3712 static void 3067 static void
@@ -3728,7 +3083,7 @@ index 59e87dc..cea1784 100644
3728 argv_printf (&argv, 3083 argv_printf (&argv,
3729 "%s %s unplumb", 3084 "%s %s unplumb",
3730 IFCONFIG_PATH, 3085 IFCONFIG_PATH,
3731@@ -1683,9 +1949,9 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) 3086@@ -1674,9 +1940,9 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
3732 */ 3087 */
3733 3088
3734 void 3089 void
@@ -3740,7 +3095,7 @@ index 59e87dc..cea1784 100644
3740 3095
3741 /* Enable multicast on the interface */ 3096 /* Enable multicast on the interface */
3742 if (tt->fd >= 0) 3097 if (tt->fd >= 0)
3743@@ -1706,12 +1972,31 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 3098@@ -1697,12 +1963,31 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6
3744 } 3099 }
3745 } 3100 }
3746 3101
@@ -3772,7 +3127,7 @@ index 59e87dc..cea1784 100644
3772 free (tt); 3127 free (tt);
3773 } 3128 }
3774 } 3129 }
3775@@ -1774,33 +2059,51 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) 3130@@ -1765,33 +2050,51 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
3776 #elif defined(TARGET_NETBSD) 3131 #elif defined(TARGET_NETBSD)
3777 3132
3778 /* 3133 /*
@@ -3835,7 +3190,7 @@ index 59e87dc..cea1784 100644
3835 if (tt) 3190 if (tt)
3836 { 3191 {
3837 close_tun_generic (tt); 3192 close_tun_generic (tt);
3838@@ -1808,6 +2111,65 @@ close_tun (struct tuntap *tt) 3193@@ -1799,6 +2102,65 @@ close_tun (struct tuntap *tt)
3839 } 3194 }
3840 } 3195 }
3841 3196
@@ -3901,7 +3256,7 @@ index 59e87dc..cea1784 100644
3901 int 3256 int
3902 write_tun (struct tuntap* tt, uint8_t *buf, int len) 3257 write_tun (struct tuntap* tt, uint8_t *buf, int len)
3903 { 3258 {
3904@@ -1819,6 +2181,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) 3259@@ -1810,6 +2172,7 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
3905 { 3260 {
3906 return read (tt->fd, buf, len); 3261 return read (tt->fd, buf, len);
3907 } 3262 }
@@ -3909,7 +3264,7 @@ index 59e87dc..cea1784 100644
3909 3264
3910 #elif defined(TARGET_FREEBSD) 3265 #elif defined(TARGET_FREEBSD)
3911 3266
3912@@ -1832,9 +2195,9 @@ freebsd_modify_read_write_return (int len) 3267@@ -1823,9 +2186,9 @@ freebsd_modify_read_write_return (int len)
3913 } 3268 }
3914 3269
3915 void 3270 void
@@ -3921,7 +3276,7 @@ index 59e87dc..cea1784 100644
3921 3276
3922 if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN) 3277 if (tt->fd >= 0 && tt->type == DEV_TYPE_TUN)
3923 { 3278 {
3924@@ -1920,9 +2283,9 @@ dragonfly_modify_read_write_return (int len) 3279@@ -1911,9 +2274,9 @@ dragonfly_modify_read_write_return (int len)
3925 } 3280 }
3926 3281
3927 void 3282 void
@@ -3933,7 +3288,7 @@ index 59e87dc..cea1784 100644
3933 3288
3934 if (tt->fd >= 0) 3289 if (tt->fd >= 0)
3935 { 3290 {
3936@@ -1991,6 +2354,61 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len) 3291@@ -1982,6 +2345,61 @@ read_tun (struct tuntap* tt, uint8_t *buf, int len)
3937 return read (tt->fd, buf, len); 3292 return read (tt->fd, buf, len);
3938 } 3293 }
3939 3294
@@ -3995,7 +3350,7 @@ index 59e87dc..cea1784 100644
3995 #elif defined(WIN32) 3350 #elif defined(WIN32)
3996 3351
3997 int 3352 int
3998@@ -3976,7 +4394,7 @@ fork_register_dns_action (struct tuntap *tt) 3353@@ -3967,7 +4385,7 @@ fork_register_dns_action (struct tuntap *tt)
3999 } 3354 }
4000 3355
4001 void 3356 void
@@ -4004,7 +3359,7 @@ index 59e87dc..cea1784 100644
4004 { 3359 {
4005 struct gc_arena gc = gc_new (); 3360 struct gc_arena gc = gc_new ();
4006 char device_path[256]; 3361 char device_path[256];
4007@@ -3987,7 +4405,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 3362@@ -3978,7 +4396,7 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6
4008 3363
4009 /*netcmd_semaphore_lock ();*/ 3364 /*netcmd_semaphore_lock ();*/
4010 3365
@@ -4013,24 +3368,7 @@ index 59e87dc..cea1784 100644
4013 3368
4014 if (tt->type == DEV_TYPE_NULL) 3369 if (tt->type == DEV_TYPE_NULL)
4015 { 3370 {
4016@@ -4109,6 +4527,16 @@ open_tun (const char *dev, const char *dev_type, const char *dev_node, bool ipv6 3371@@ -4432,6 +4850,26 @@ close_tun (struct tuntap *tt)
4017 msg (M_FATAL, "ERROR: This version of " PACKAGE_NAME " requires a TAP-Win32 driver that is at least version %d.%d -- If you recently upgraded your " PACKAGE_NAME " distribution, a reboot is probably required at this point to get Windows to see the new driver.",
4018 TAP_WIN32_MIN_MAJOR,
4019 TAP_WIN32_MIN_MINOR);
4020+
4021+ /* usage of numeric constants is ugly, but this is really tied to
4022+ * *this* version of the driver
4023+ */
4024+ if ( tt->ipv6 && tt->type == DEV_TYPE_TUN &&
4025+ info[0] == 9 && info[1] < 8)
4026+ {
4027+ msg( M_INFO, "WARNING: Tap-Win32 driver version %d.%d does not support IPv6 in TUN mode. IPv6 will be disabled. Upgrade to Tap-Win32 9.8 (2.2-beta3 release or later) or use TAP mode to get IPv6", (int) info[0], (int) info[1] );
4028+ tt->ipv6 = false;
4029+ }
4030 }
4031
4032 /* get driver MTU */
4033@@ -4433,6 +4861,26 @@ close_tun (struct tuntap *tt)
4034 3372
4035 if (tt) 3373 if (tt)
4036 { 3374 {
@@ -4057,7 +3395,7 @@ index 59e87dc..cea1784 100644
4057 #if 1 3395 #if 1
4058 if (tt->ipapi_context_defined) 3396 if (tt->ipapi_context_defined)
4059 { 3397 {
4060@@ -4536,9 +4984,9 @@ ipset2ascii_all (struct gc_arena *gc) 3398@@ -4535,9 +4973,9 @@ ipset2ascii_all (struct gc_arena *gc)
4061 #else /* generic */ 3399 #else /* generic */
4062 3400
4063 void 3401 void
@@ -4069,10 +3407,10 @@ index 59e87dc..cea1784 100644
4069 } 3407 }
4070 3408
4071 void 3409 void
4072diff --git openvpn-2.2.0/tun.h openvpn-2.2-ipv6-20110522-1/tun.h 3410diff --git a/tun.h b/tun.h
4073index 011ab54..f28b8d8 100644 3411index 011ab54..f28b8d8 100644
4074--- openvpn-2.2.0/tun.h 3412--- a/tun.h
4075+++ openvpn-2.2-ipv6-20110522-1/tun.h 3413+++ b/tun.h
4076@@ -130,6 +130,7 @@ struct tuntap 3414@@ -130,6 +130,7 @@ struct tuntap
4077 int topology; /* one of the TOP_x values */ 3415 int topology; /* one of the TOP_x values */
4078 3416
@@ -4119,10 +3457,10 @@ index 011ab54..f28b8d8 100644
4119 in_addr_t local_public, 3457 in_addr_t local_public,
4120 in_addr_t remote_public, 3458 in_addr_t remote_public,
4121 const bool strict_warn, 3459 const bool strict_warn,
4122diff --git openvpn-2.2.0/win32.c openvpn-2.2-ipv6-20110522-1/win32.c 3460diff --git a/win32.c b/win32.c
4123index 2b7bf7b..cf6cc2d 100644 3461index 2b7bf7b..cf6cc2d 100644
4124--- openvpn-2.2.0/win32.c 3462--- a/win32.c
4125+++ openvpn-2.2-ipv6-20110522-1/win32.c 3463+++ b/win32.c
4126@@ -874,16 +874,21 @@ win_safe_filename (const char *fn) 3464@@ -874,16 +874,21 @@ win_safe_filename (const char *fn)
4127 static char * 3465 static char *
4128 env_block (const struct env_set *es) 3466 env_block (const struct env_set *es)
@@ -4164,10 +3502,10 @@ index 2b7bf7b..cf6cc2d 100644
4164 *p = '\0'; 3502 *p = '\0';
4165 return ret; 3503 return ret;
4166 } 3504 }
4167diff --git openvpn-2.2.0/win32.h openvpn-2.2-ipv6-20110522-1/win32.h 3505diff --git a/win32.h b/win32.h
4168index b6a162e..829933f 100644 3506index b6a162e..829933f 100644
4169--- openvpn-2.2.0/win32.h 3507--- a/win32.h
4170+++ openvpn-2.2-ipv6-20110522-1/win32.h 3508+++ b/win32.h
4171@@ -269,6 +269,8 @@ char *get_win_sys_path (void); 3509@@ -269,6 +269,8 @@ char *get_win_sys_path (void);
4172 3510
4173 /* call self in a subprocess */ 3511 /* call self in a subprocess */
© 2015 Mike Crute