Update IPv6 related readme files

Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <1388760580-7548-1-git-send-email-arne@rfc2549.org> URL: http://article.gmane.org/gmane.network.openvpn.devel/8167 Signed-off-by: Gert Doering <gert@greenie.muc.de>
JacqueGM · Jan 3, 2014 · 69e03f4 · 69e03f4
1 parent 813aa55
commit 69e03f4
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 20 deletions.
diff --git a/README.IPv6 b/README.IPv6
@@ -35,31 +35,22 @@ over an IPv6 network ("OpenVPN over IPv6").
 The code in 2.3.0 supersedes the IPv6 transport patches from JuanJo Ciarlante,
 formerly located at http://github.com/jjo/openvpn-ipv6
 
+OpenVPN 2.4.0 includes a big overhaul of the IPv6 transport patches
+originally implemented for the Android client (ics-openvpn)
 
-Use the following options to select IPv6 transport:
+IPv4/IPv6 transport is automatically is selected when resolving addresses.
+Use a 6 or 4 suffix to force IPv6/IPv4:
 
   --proto udp6
+  --proto tcp4
   --proto tcp6-client
-  --proto tcp6-server
+  --proto tcp4-server
   --proto tcp6 --client / --proto tcp6 --server
 
-On systems that permit IPv4 connections on IPv6 sockets (Linux by
-default, FreeBSD and NetBSD if you turn off the "v6only" sysctl by
-running "sysctl -w net.inet6.ip6.v6only=0"), an OpenVPN server can
+On systems that allow IPv4 connections on IPv6 sockets
+(all systems supporting IPV6_V6ONLY setsockopt), an OpenVPN server can
 handle IPv4 connections on the IPv6 socket as well, making it a true
-dual-stacked server.
+dual-stacked server. Use bind ipv6only to disable this behaviour.
 
 On other systems, as of 2.3.0, you need to run separate server instances
 for IPv4 and IPv6.
-
-The client side code is not really "dual-stacked" yet, as it does not
-automatically try both address families when connecting to a dual-stacked
-server.  For now, you can achieve this with <connection> stanzas in your
-openvpn config:
-
-  <connection>
-     remote my.dual.stack.server 1194 udp6
-  </connection>
-  <connection>
-     remote my.dual.stack.server 1194 udp
-  </connection>
diff --git a/TODO.IPv6 b/TODO.IPv6
@@ -183,27 +183,33 @@ tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
 TODO for IPv6 transport support
 -------------------------------
 
-[ Last updated: 10-Jun-2012. ]
+[ Last updated: 2014-01-03. ]
 
 * All platforms:
   o mgmt console: as currently passes straight in_addr_t bits around
 
   o make possible to get AF from getaddrinfo() answer, ie allow openvpn to
     use ipv4/6 if DNS returns A/AAAA without specifying protocol.
     Hard: requires deep changes in initialization/calling logic
+    - Done by dual stack patches
 
   o use AI_PASSIVE
+    - Done by dual stack patches
 
   o the getaddr()/getaddr6() interface is not prepared for handling socktype
     "tagging", currently I abuse the sockflags bits for getting the ai_socktype
     downstream.
+    - Still done by flags, seems clean enough.
 
   o implement comparison for mapped addesses: server in dual stack
     listening IPv6 must permit incoming streams from allowed IPv4 peer,
     currently you need to pass eg:  --remote ffff::1.2.3.4
-
+    - OpenVPN will compare all address of a remote
+      but will still fail on mapped addresses
 
 * win32:
   o find out about mapped addresses, as I can't make it work
     with bound at ::1 and connect to 127.0.0.1
+    - Should be fixed by 8832c6c - "Implement listing on IPv4/IPv6 dual 
+      socket on all platform"