packages: openvpn/openvpn.spec, openvpn/openvpn-ipv6_payload.patch (NEW) - ...
jajcus
jajcus at pld-linux.org
Tue Apr 19 08:58:54 CEST 2011
Author: jajcus Date: Tue Apr 19 06:58:54 2011 GMT
Module: packages Tag: HEAD
---- Log message:
- IPv6 payload patch from http://www.greenie.net/ipv6/openvpn.html
---- Files affected:
packages/openvpn:
openvpn.spec (1.162 -> 1.163) , openvpn-ipv6_payload.patch (NONE -> 1.1) (NEW)
---- Diffs:
================================================================
Index: packages/openvpn/openvpn.spec
diff -u packages/openvpn/openvpn.spec:1.162 packages/openvpn/openvpn.spec:1.163
--- packages/openvpn/openvpn.spec:1.162 Tue Apr 5 13:49:37 2011
+++ packages/openvpn/openvpn.spec Tue Apr 19 08:58:49 2011
@@ -2,6 +2,8 @@
# Conditional build:
%bcond_without pkcs11 # build without PKCS#11 support
+%bcond_with ipv6_payload # build with ipv6 payload support in server
+ # mode
Summary: VPN Daemon
Summary(pl.UTF-8): Serwer VPN
@@ -21,6 +23,8 @@
Patch0: %{name}-optflags.patch
Patch1: easy-rsa2.patch
Patch2: %{name}-pam.patch
+# http://www.greenie.net/ipv6/openvpn-2.1-ipv6-20100307-1.patch.gz
+Patch3: %{name}-ipv6_payload.patch
URL: http://www.openvpn.net/
BuildRequires: autoconf
BuildRequires: automake
@@ -88,6 +92,7 @@
%patch0 -p1
%patch1 -p1
%patch2 -p1
+%patch3 -p1
mv plugin/auth-pam/README README.auth-pam
mv plugin/down-root/README README.down-root
@@ -191,6 +196,9 @@
All persons listed below can be reached at <cvs_login>@pld-linux.org
$Log$
+Revision 1.163 2011/04/19 06:58:49 jajcus
+- IPv6 payload patch from http://www.greenie.net/ipv6/openvpn.html
+
Revision 1.162 2011/04/05 11:49:37 jajcus
- without_pkcs11 bcond added
================================================================
Index: packages/openvpn/openvpn-ipv6_payload.patch
diff -u /dev/null packages/openvpn/openvpn-ipv6_payload.patch:1.1
--- /dev/null Tue Apr 19 08:58:54 2011
+++ packages/openvpn/openvpn-ipv6_payload.patch Tue Apr 19 08:58:49 2011
@@ -0,0 +1,4221 @@
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/.mailmap openvpn-2.1.4/.mailmap
+--- openvpn-2.1.4.orig/.mailmap 1970-01-01 01:00:00.000000000 +0100
++++ openvpn-2.1.4/.mailmap 2011-04-19 08:39:50.000000000 +0200
+@@ -0,0 +1 @@
++James Yonan <james at openvpn.net> james <james at e7ae566f-a301-0410-adde-c780ea21d3b5>
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/.svncommitters openvpn-2.1.4/.svncommitters
+--- openvpn-2.1.4.orig/.svncommitters 1970-01-01 01:00:00.000000000 +0100
++++ openvpn-2.1.4/.svncommitters 2011-04-19 08:39:50.000000000 +0200
+@@ -0,0 +1 @@
++james = James Yonan <james at openvpn.net>
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/ChangeLog.IPv6 openvpn-2.1.4/ChangeLog.IPv6
+--- openvpn-2.1.4.orig/ChangeLog.IPv6 1970-01-01 01:00:00.000000000 +0100
++++ openvpn-2.1.4/ChangeLog.IPv6 2011-04-19 08:39:50.000000000 +0200
+@@ -0,0 +1,317 @@
++Do 31. Dez 15:32:40 CET 2009 Gert Doering
++
++ * Basic IPv6 p2mp functionality implemented
++
++ * new options:
++ - server-ipv6
++ - ifconfig-ipv6
++ - ifconfig-ipv6-pool
++ - route-ipv6
++ - iroute-ipv6
++
++ * modules touched:
++ - init.c: init & setup IPv6 route list & add/delete IPv6 routes
++ - tun.c: add "ifconfig" and "route" handling for IPv6
++ - multi.c: IPv6 ifconfig-pool assignments
++ put to route-hash table
++ push to client
++ - pool.c: extend pools to handle IPv4+IPv6, and also return IPv6 address
++ IPv6 address saved to file if ifconfig-pool-persist is set
++ (but ignored on read due to the way pools work)
++ - mroute.c: handle reading src/dst addresses from IPv6 packets
++ (so multi.c can check against route-hash table)
++ handle printing of IPv6 mroute_addr structure
++ - helper.c: implement "server-ipv6" macro (->ifconfig-ipv6, pool, ...)
++ - options.c: implement all the new options
++ add helper functions for IPv6 address handling
++ - forward.c: tell do_route() about IPv6 routes
++ - route.c: handle IPv6 route lists + route option lists
++ extend add_routes() to do IPv4 + IPv6 route lists
++ extend delete_routes() to do IPv4 + IPv6 route lists
++ implement add_route_ipv6(), delete_route_ipv6() to call
++ system-dependend external program to do the work
++ - push.c: handle pushing of "ifconfig-ipv6" option
++ - socket.c: helper function to check & print IPv6 address strings
++
++ * known issues:
++ - operating system support on all but Linux (ifconfig, route)
++ - route-ipv6 gateway handling
++ - iroute-ipv6 not implemented
++ - TAP support: ifconfig, routing (route needs gateway!)
++
++ * release as patch 20091231-1
++
++Thu Dec 31 17:02:08 CET 2009
++
++ * NetBSD port (NetBSD 3.1 on Sparc64)
++
++ * mroute.c, socket.c: make byte/word access to in6_addr more portable
++
++ * tun.c: fix IPv6 ifconfig arguments on NetBSD
++
++ still doesn't work on NetBSD 3.1, "ifconfig tun0 inet6..." errors with
++
++ ifconfig: SIOCAIFADDR: Address family not supported by protocol family
++
++ (sys/net/if_tun.c, needs to be revision 1.80 or later, NetBSD PR 32944,
++ included in NetBSD 4.0 and up)
++
++
++Fri Jan 1 14:07:15 CET 2010
++
++ * FreeBSD port (FreeBSD 6.3-p12 on i386)
++
++ * tun.c: implement IPv6 ifconfig setting for FreeBSD
++
++ * route.c: fix %s/%s argument to IPv6 route add/delete command for *BSD
++
++ * TEST SUCCESS: FreeBSD 6.3-p12, server-ipv6, route-ipv6, ccd/iroute-ipv6
++
++ * multi.c: implement setting and deleting of iroute-ipv6
++ (multi_add_iroutes(), multi_del_iroutes())
++ * mroute.c: add mroute_helper_add_iroute6(), mroute_helper_del_iroute6()
++ * mroute.h: add prototypes, increase MR_HELPER_NET_LEN to 129 (/0.../128)
++ * multi.c: zeroize host part of IPv6 iroutes in multi_learn_in6_addr()
++ * mroute.c: implement mroute_addr_mask_host_bits() for IPv6
++
++ * TEST SUCCESS: Linux 2.6.30 (Gentoo)/iproute2, server-ipv6, ccd/iroute-ipv6
++
++ * TEST SUCCESS: Linux 2.6.30 (Gentoo)/ifconfig, client-ipv6
++
++ * TEST FAIL: NetBSD 5.0, IPv6 client
++ - "ifconfig tun0 .../64" does not create a "connected" route
++ - adding routes fails
++
++ --> more work to do here.
++
++ * release as patch 20100101-1
++
++ * TEST FAIL:
++ FreeBSD 6.3-p12 server "--topology subnet"
++ Linux/ifconfig client
++ - BSD sends ICMP6 neighbor solicitations, which are ignored by Linux
++ - server tun interface is not in p2p mode, client tun interface *is*
++
++ * TEST SUCCESS: non-ipv6 enabled client -> "--server-ipv6" server
++ (warnings in the log file, but no malfunctions)
++
++
++Sat Jan 2 19:48:35 CET 2010
++
++ * tun.c: change "ipv6_support()", do not turn off tt->ipv6 unconditionally
++ if we don't know about OS IPv6 support - just log warning
++
++ * tun.c: implement "ifconfig inet6" setting for MacOS X / Darwin
++
++ * route.c: split *BSD system dependent part of add/delete_route_ipv6()
++ into FreeBSD/Dragonfly and NetBSD/Darwin/OpenBSD variants
++ ("2001:db8::/64" vs. "2001:db8:: --prefixlen 64").
++
++ * tun.c: on MacOS X, NetBSD and OpenBSD, explicitely set on-link route
++
++ * TEST SUCCESS: MacOS X, client-ipv6 with route-ipv6
++
++
++Sun Jan 3 10:55:31 CET 2010
++
++ * route.c: NetBSD fails with "-iface tun0", needs gateway address
++ (assume that the same syntax is needed for OpenBSD)
++
++ * route.h: introduce "remote_endpoint_ipv6" into "struct route_ipv6_list"
++
++ * init.c: pass "ifconfig_ipv6_remote" as gateway to init_route_ipv6_list()
++
++ * route.c:
++ - init_route_ipv6(): use "remote_endpoint_ipv6" as IPv6 gateway address
++ if no gateway was specified explicitely
++
++ - init_route_ipv6_list(): fill in "remote_endpoint_ipv6", if parseable
++
++ - get rid of "GATEWAY-LESS ROUTE6" warning
++
++ * route.c, add_route_ipv6()
++ - explicitely clear host bits of base address, to be able to more
++ easily set up "connected" /64 routes on NetBSD+Darwin
++
++ - split system-dependent part between Darwin and NetBSD/OpenBSD
++ (Darwin can use "-iface tun0", NetBSD/OpenBSD get gateway address)
++
++ - change Solaris comments from "known-broken" to "unknown"
++
++ * tun.c: rework NetBSD tunnel initialization and tun_read() / tun_write()
++ to work the same way OpenBSD and NetBSD do - tunnel is put into
++ "multi-af" mode, and all packet read/write activity is prepended by
++ a 32 bit value specifying the address family.
++
++ * TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6
++
++ * TEST SUCCESS: MacOS X 10.5: client-ipv6 with route-ipv6
++
++ * (RE-)TEST SUCCESS: Linux/iproute2: server-ipv6
++ Linux/ifconfig: client-ipv6
++ FreeBSD 6.3: server-ipv6
++
++ * release as patch 20100103-1
++
++ * options.c: document all new options in "--help"
++
++ * tun.c: fix typo in Solaris-specific section
++
++ * socket.h, socket.c: change u_int32_t to uint32_t
++ (Solaris - and all the rest of the code uses "uintNN" anyway)
++
++Mon Jan 4 17:46:58 CET 2010
++
++ * socket.c: rework add_in6_addr() to use 32-bit access to struct in6_addr
++ (Solaris has no 16-bit values in union, but this is more elegant as well)
++
++ * tun.c: fix "ifconfig inet6" command for Solaris
++
++ * tun.c: make sure "tun0 inet6" is unplumbed first, cleanup leftovers
++
++ * route.c: add routes with "metric 0" on solaris, otherwise they just
++ don't work (someone who understands Solaris might want to fix this).
++
++ * Solaris "sort of" works now - ifconfig works, route add does not give
++ errors, "netstat -rn" looks right, but packets are discarded unless
++ the routes are installed with "metric 0". So we just use "metric 0"...
++
++ * CAVEAT: Solaris "ifconfig ... preferred" interferes with source address
++ selection. So if there are any active IPv6 interfaces configured with
++ "preferred", packets leaving out the tunnel will use the wrong source
++ IPv6 address. Not fixable from within OpenVPN.
++
++ * CAVEAT2: Solaris insists on doing DHCPv6 on tun0 interfaces by default,
++ so DHCPv6 solicitation packets will be seen. Since the server end has
++ no idea what to do with them, they are a harmless nuisance. Fixable
++ on the Solaris side via "ndpd.conf" (see ``man ifconfig'').
++
++ * release as patch 20100104-1
++
++Fri Jan 8 10:00:50 CET 2010
++
++ * import into git repository
++
++ * options.c: add sanity checks for most typical error cases
++ (--ifconfig-ipv6-pool configured with no --ifconfig-ipv6, etc)
++
++ * options.c: modify get_ipv6_addr() to be more flexible about netbits
++ (optional now, default to /64) and to return the address-without-netbits
++ string now (-> for options that want the IPv6 address in printable
++ form, but without /nn)
++
++ * options.c: modify --ifconfig-ipv6 to optionally accept /netbits,
++ you can do now "ifconfig-ipv6 2001:df8::1/64 2001:df8::2" or just
++ "ifconfig-ipv6 2001:df8::5 2001:df8::7", defaulting to /64
++
++ * options.h: add necessary structure elements for --ifconfig-ipv6-push
++
++ * options.c: implement "parse options" side of --ifconfig-ipv6-push
++
++Tue Jan 12 22:42:09 CET 2010
++
++ * tun.c: in TARGET_NETBSD #ifdef, distinguish between "old" code
++ (IPv4 only, but unmodified read/write) and "new" code (multi-af,
++ extra 32 bit AF on read/write of the tun interface) - pre-4.0
++ NetBSD systems don't have TUNSIFHEAD, no way to have common code.
++
++ * TEST SUCCESS: NetBSD 5.0/Sparc64: client-ipv6 with route-ipv6 (v4+v6)
++
++ * TEST SUCCESS: NetBSD 3.1/Sparc64: client-ipv6 with route-ipv6 (v4-only)
++
++Thu Jan 14 15:41:50 CET 2010
++
++ * multi.c: if "--ifconfig-push" is used together with "--ifconfig-ipv6-pool"
++ and no "--ifconfig-ipv6-push" is seen, issue warning - the current
++ implementation of pools has IPv6 tied to IPv4, so if v4 does not use
++ the pool, it breaks for IPv6. Not a *big* problem (since there is
++ enough v6, just give those users a static v6 address as well), but needs
++ to be pointed out clearly.
++
++ * release as patch 20100114-1
++
++Tue Feb 16 14:43:28 CET 2010
++
++ * options.c: print "IPv6 payload patch" release date in "--version"
++
++ * tun.c: undo change to init_tun() (moving "bool tun" and call to
++ "is_tun_p2p()" further up) - it wasn't needed and breaks "make check"
++
++ * git stuff: rebase on David Sommerseth's openvpn-testing git tree
++
++ * release as patch 20100216-1
++
++Fri Feb 26 19:59:01 CET 2010
++
++ * init.c: initialize tuntap->ipv6 in do_init_tun() (to make sure it's
++ always initialized early-enough, independent of the sequence of
++ do_ifconfig()/open_tun() [see ifconfig_order() in tun.h])
++
++ * tun.c, init.c: remove "bool ipv6" argument to tuncfg(), open_tun()
++ and open_tun_generic() - obsoleted by previous change
++
++ * tun.c: remove ipv6_support() - original purpose was unclear, and all
++ current platforms (except linux-very-old) fully support IPv6 now :-)
++
++ * tun.c: initial implementation of "netsh" IPv6-ifconfig for Win32
++
++ * RE-TEST SUCCESS: Linux/i386/ifconfig, client-tun/net30, v4+v6
++
++Sun Feb 28 17:05:57 CET 2010
++
++ * tun.c: NetBSD dependent part: correct destroying/re-creation of tun dev
++
++ * tun.c: move adding of "connected" IPv6 prefix to new helper function,
++ add_route_connected_v6_net()
++
++ * RE-TEST SUCCESS: NetBSD 5.0/Sparc64, client-tun/net30, v4+v6
++
++ * RE-TEST SUCCESS: NetBSD 3.1/Sparc64: client-tun/net30, v4-only
++
++ * RE-TEST SUCCESS: Linux/i386/iproute2: server-tun/net30, v4+v6
++
++ * tun.c: add #ifdef TARGET_DARWIN block for *_tun() functions, to
++ be able to modify close_tun() for unconfiguring IPv6
++
++ * tun.c: on close_tun() on MacOS X, need to de-configure "lo0" route for
++ configured IPv6 address
++
++ * RE-TEST SUCCESS: MacOS X (10.5)/i386: client-tun/net30, v4+v6
++
++ * route.c: implement ipv6 route adding / deletion via "netsh" for WIN32
++
++ * TEST FAIL: Windows XP fails, because the tun/tap driver does not
++ forward IPv6 frames kernel->userland if in "tun" mode
++
++ * options.c: set IPv6 version to 20100228-1
++
++ * release as patch 20100228-1
++
++Sun Mar 7 19:17:33 CET 2010
++
++ * options.c: set IPv6 version to 20100307-1
++
++ * TODO.IPv6: add note about OpenBSD TODO (#16)
++
++ * route.c: set (and remove) "magic next hop" fe80::8 for IPv6 routes on
++ Win32
++
++ * install-win32/settings.in: bump TAP driver version from 9.6 to 9.7
++ and TAP_RELDATE to "07/03/2010"
++
++ * tap-win32/proto.h: add data types and definitions needed for IPv6
++
++ * tap-win32/types.h: add m_UserToTap_IPv6 ethernet header for IPv6 packets
++
++ * tap-win32/tapdrvr.c: implement support for IPv6 in TUN mode:
++ - IPv6 packets User->OS need correct ether type
++ - IPv6 packets OS->User get correctly forwarded
++ - IPv6 neighbour discovery packets for "fe80::8" (magic address
++ installed as route-nexthop by OpenVPN.exe) get answered locally
++
++ * TEST SUCCESS: WindowsXP/32bit: client-tun/net30, v4+v6
++
++ * tun.c: if IPv6 requested in TUN mode, and TUN/TAP driver version
++ is older than 9.7, log warning and disable IPv6 (won't work anyway).
++
++ * release as patch 20100307-1
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/README.IPv6 openvpn-2.1.4/README.IPv6
+--- openvpn-2.1.4.orig/README.IPv6 1970-01-01 01:00:00.000000000 +0100
++++ openvpn-2.1.4/README.IPv6 2011-04-19 08:39:50.000000000 +0200
+@@ -0,0 +1,8 @@
++This is an experimentally patched version of OpenVPN 2.1 with IPv6
++payload support.
++
++Go here for release notes and documentation:
++
++ http://www.greenie.net/ipv6/openvpn.html
++
++Gert Doering, 31.12.2009
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/TODO.IPv6 openvpn-2.1.4/TODO.IPv6
+--- openvpn-2.1.4.orig/TODO.IPv6 1970-01-01 01:00:00.000000000 +0100
++++ openvpn-2.1.4/TODO.IPv6 2011-04-19 08:39:50.000000000 +0200
+@@ -0,0 +1,100 @@
++known issues for IPv6 payload support in OpenVPN
++-----------------------------------------------
++
++1.) "--topology subnet" doesn't work together with IPv6 payload
++ (verified for FreeBSD server, Linux/ifconfig client, problems
++ with ICMP6 neighbor solicitations from BSD not being answered by Linux)
++
++2.) NetBSD IPv6 support doesn't work
++ ("connected" route is not auto-created, "route-ipv6" adding fails)
++
++ * fixed, 3.1.10 *
++
++3.) route deletion for IPv6 routes is not yet done
++
++ * fixed for configured routes, 3.1.10 *
++ * missing for manual-ifconfig-connected (NetBSD, Darwin, Win32)
++
++4.) do "ifconfig tun0 inet6 unplumb" or "ifconfig tun0 destroy" for
++ Solaris, *BSD, ... at program termination time, to clean up leftovers
++ (unless tunnel persistance is desired).
++
++ For Solaris, only the "ipv6 tun0" is affected, for the *BSDs all tun0
++ stay around.
++
++4a.) deconfigure IPv6 on tun interface on session termination, otherwise
++ one could end up with something like this (on NetBSD):
++
++tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
++ inet 10.9.0.18 -> 10.9.0.17 netmask 0xffffffff
++ inet6 fe80::a00:20ff:fece:d299%tun0 -> prefixlen 64 scopeid 0x3
++ inet6 2001:608:4:eff::2000:3 -> prefixlen 64
++ inet6 2001:608:4:eff::1:3 -> prefixlen 64
++
++ (pool was changed, previous address still active on tun0, breakage)
++
++ * semi-fixed for NetBSD, 28.2.10, always do tun0 destroy / tun0 create
++ before actual ifconfig -- tunnel still lingers after OpenVPN quits
++
++5.) add new option "ifconfig-ipv6-push"
++ (per-client static IPv6 assignment, -> radiusplugin, etc)
++
++ * implemented, 14.1.10 *
++
++6.) add new option "route-ipv6-gateway"
++
++7.) add "full" gateway handling for IPv6 in route.c
++ (right now, the routes are just sent down the tun interface, if the
++ operating system in questions supports that, without care for the
++ gateway address - which does not work for gateways that are supposed
++ to point elsewhere. Also, it doesn't work for TAP interfaces.
++
++8.) full IPv6 support for TAP interfaces
++ (main issue should be routes+gateway - and testing :-) )
++
++9.) verify that iroute-ipv6 and route-ipv6 interact in the same way as
++ documented for iroute/route:
++
++ A's subnet, OpenVPN must push this route to all clients
++ EXCEPT for A, since the subnet is already owned by A.
++ OpenVPN accomplishes this by not
++ not pushing a route to a client
++ if it matches one of the client's iroutes.
++
++10.) extend "ifconfig-ipv6" to handle specification of /netbits, pushing
++ of /netbits, and correctly ifconfig'ing this
++ (default, if not specified: /64)
++
++11.) do not add ipv6-routes if tun-ipv6 is not set - complain instead
++
++ * done * 12.1.10
++
++12.) handle incoming [::] and [fe80:...] packets in tun-p2mp MULTI mode
++ (most likely those are DAD packets)
++ silently ignore DAD?
++ Or accept-and-forward iff (multicast && client2client)?
++ handle NS/NA
++
++13.) from Martin List-Petersen:
++
++ One thing, and I guess this requires modifications in
++ network-manager-openvpn: It also works, BUT ignores "push
++ route-ipv6-gateway" and "push route-ipv6 ...." (obviously routes pushed
++ from the server) entirely.
++
++14.) from ##openvpn-discussion:
++
++ new features should be #ifdef'ed
++
++ (check whether this is feasible at all)
++
++15.) IPv6 related environment variables
++
++ - document all of them in openvpn.8
++ - make sure that all existing IPv4 stuff has IPv6 counterparts
++
++16.) OpenBSD
++ - implement ifconfig/route for IPv6
++ - revert ifconfig/open_tun order to "normal" (separate commit!!!)
++ (openvpn-devel, Subject: OpenBSD)
++ - test
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/forward.c openvpn-2.1.4/forward.c
+--- openvpn-2.1.4.orig/forward.c 2010-11-04 20:29:02.000000000 +0100
++++ openvpn-2.1.4/forward.c 2011-04-19 08:39:50.000000000 +0200
+@@ -262,7 +262,8 @@
+ static void
+ check_add_routes_action (struct context *c, const bool errors)
+ {
+- do_route (&c->options, c->c1.route_list, c->c1.tuntap, c->plugins, c->c2.es);
++ do_route (&c->options, c->c1.route_list, c->c1.route_ipv6_list,
++ c->c1.tuntap, c->plugins, c->c2.es);
+ update_time ();
+ event_timeout_clear (&c->c2.route_wakeup);
+ event_timeout_clear (&c->c2.route_wakeup_expire);
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/helper.c openvpn-2.1.4/helper.c
+--- openvpn-2.1.4.orig/helper.c 2010-11-04 20:29:02.000000000 +0100
++++ openvpn-2.1.4/helper.c 2011-04-19 08:39:50.000000000 +0200
+@@ -142,6 +142,55 @@
+
+ #if P2MP
+ #if P2MP_SERVER
++
++ /*
++ *
++ * HELPER DIRECTIVE for IPv6
++ *
++ * server-ipv6 2001:db8::/64
++ *
++ * EXPANDS TO:
++ *
++ * tun-ipv6
++ * push "tun-ipv6"
++ * ifconfig-ipv6 2001:db8::1 2001:db8::2
++ * if !nopool:
++ * ifconfig-ipv6-pool 2001:db8::1:0/64
++ *
++ */
++ if ( o->server_ipv6_defined )
++ {
++ if ( ! o->server_defined )
++ {
++ msg (M_USAGE, "--server-ipv6 must be used together with --server");
++ }
++ if ( o->server_flags & SF_NOPOOL )
++ {
++ msg( M_USAGE, "--server-ipv6 is incompatible with 'nopool' option" );
++ }
++ if ( o->ifconfig_ipv6_pool_defined )
++ {
++ msg( M_USAGE, "--server-ipv6 already defines an ifconfig-ipv6-pool, so you can't also specify --ifconfig-pool explicitly");
++ }
++
++ /* local ifconfig is "base address + 1" and "+2" */
++ o->ifconfig_ipv6_local =
++ print_in6_addr( add_in6_addr( o->server_network_ipv6, 1), 0, &o->gc );
++ o->ifconfig_ipv6_remote =
++ print_in6_addr( add_in6_addr( o->server_network_ipv6, 2), 0, &o->gc );
++
++ /* pool starts at "base address + 0x10000" */
++ ASSERT( o->server_netbits_ipv6 < 96 ); /* want 32 bits */
++ o->ifconfig_ipv6_pool_defined = true;
++ o->ifconfig_ipv6_pool_base =
++ add_in6_addr( o->server_network_ipv6, 0x10000 );
++ o->ifconfig_ipv6_pool_netbits = o->server_netbits_ipv6;
++
++ o->tun_ipv6 = true;
++
++ push_option( o, "tun-ipv6", M_USAGE );
++ }
++
+ /*
+ *
+ * HELPER DIRECTIVE:
+diff -durN -x '*~' -x '*.orig' -x '*.rej' openvpn-2.1.4.orig/init.c openvpn-2.1.4/init.c
+--- openvpn-2.1.4.orig/init.c 2010-11-04 20:29:02.000000000 +0100
++++ openvpn-2.1.4/init.c 2011-04-19 08:39:50.000000000 +0200
+@@ -844,7 +844,7 @@
+ msg (M_FATAL|M_OPTERR,
+ "options --mktun or --rmtun should only be used together with --dev");
+ tuncfg (options->dev, options->dev_type, options->dev_node,
+- options->tun_ipv6, options->persist_mode,
++ options->persist_mode,
+ options->username, options->groupname, &options->tuntap_options);
+ if (options->persist_mode && options->lladdr)
+ set_lladdr(options->dev, options->lladdr, NULL);
+@@ -1067,6 +1067,8 @@
+ {
+ if (c->options.routes && !c->c1.route_list)
+ c->c1.route_list = new_route_list (c->options.max_routes, &c->gc);
++ if (c->options.routes_ipv6 && !c->c1.route_ipv6_list)
++ c->c1.route_ipv6_list = new_route_ipv6_list (c->options.max_routes, &c->gc);
+ }
+
+
+@@ -1109,6 +1111,45 @@
+ }
+ }
+
++static void
++do_init_route_ipv6_list (const struct options *options,
++ struct route_ipv6_list *route_ipv6_list,
++ bool fatal,
++ struct env_set *es)
++{
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openvpn/openvpn.spec?r1=1.162&r2=1.163&f=u
More information about the pld-cvs-commit
mailing list