Project

General

Profile

Actions

Todo #1373

closed

Upgrade OpenVPN

Added by Seth Mos over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
03/21/2011
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

OpenVPN needs to be upgraded to current code, upgrading to openVPN mainline breaks various OpenVPN servers.

IPv6 support needs to be built into the current openvpn code, what is currently there does not allow for dual stack access.

This post on the HE.net tunnelbroker forum point to a alternate code branch that adds the server-ipv6 config items to allow for dual stack access.
http://www.tunnelbroker.net/forums/index.php?topic=1542.0
http://www.greenie.net/ipv6/openvpn.html

Actions #2

Updated by Seth Mos over 10 years ago

Added the IPv6 payload patch from Gert Doering for full IPv6 support.

Actions #3

Updated by Seth Mos over 10 years ago

The current openvpn-ipv6 port has both the endpoint and payload patch for IPv6. The current installer we include in the .tgz of the website is 2.1.3 and they just released 2.2.0.

This means we need to import openvpn 2.2.0 and the windows 2.2.0 installer anyhow. Please make sure that the IPv6 patches are included. This makes us the first publicly available IPv6 OpenVPN capable firewall.

The openvpn installer from Gert Doering includes the required IPv6 support. http://www.greenie.net/ipv6/openvpn-2.x-testing-93dc9179e978-install.exe
We also need to fix the client exporter in the sense that it needs to be able to support tun-ipv6 for the clients. 2.2.0 release will ignore that option, the client with support will pick it up.

Actions #4

Updated by Seth Mos over 10 years ago

Change for the netsh interface on windows 7, use set address, instead of add address. Otherwise the command will exit with code 1 if it already exists. (e.g. reconnect).

http://iserv.nl/files/pfsense/patch-tun.c

Actions #5

Updated by Seth Mos over 10 years ago

  • Status changed from New to Resolved

This code is already checked in and the client exporter supports the new options as well. Furthermore the client exporter has a testing 2.3 client that supports IPv6 as well. Should just work.

Actions

Also available in: Atom PDF