Possible patch for openvpn dummy V6 gateway creation - "RFC"

  • UPDATE: the original commit wasn't so great. After jimp's comments I created PR#3844 which uses a simpler technique, please give feedback if you can.

    Please take a look at my commit 4f62b7c0bd7e7a1845cded171fbd918c04e73738?

    I like to use assigned interfaces for my openvpn connections (clients + servers) but the current code causes "dummy" V6 gateways to be created even if the connection itself is V4-only. This patch keeps that from happening, which results in a cleaner Routing page (especially if you have lots of ovpn interfaces).  It's working for me in my limited testing. Before I submit a PR, I was hoping to get a few more eyes on it to see if I've missed something stupid.

    After the patch is installed, you can go to System>Routing and remove any unused V6 gateways (the patch doesn't automatically delete them, it just prevents them from getting re-created)

    comments welcome

  • Rebel Alliance Developer Netgate

    If only it were that simple :-)

    An OpenVPN tunnel can carry IPv4 and/or IPv6 inside, no matter what the outer protocol is. And in cases of SSL/TLS clients the client has no way to know if the server will push it an IPv6 address so it can't determine whether or not it needs an IPv6 gateway based on any local configuration, except perhaps if there is a non-fe80 inet6 address live on the interface.

  • Hmm.  Guess I didn't think that through all the way.  I see your point.  Maybe not to over-think it too much, what about adding a small radio button to the openvpn client/server config screens:

    Create gateways for assigned interfaces:  ( ) IPv4   ( ) IPv6   ( ) Both

    Would that be more sensible?

  • I went ahead and created a PR#3844 for this alternate method
    Again, "works for me" but would apprecaite comments
    If you want to give it a try, use System Patches and add commit 4f62b7c0bd7e7a1845cded171fbd918c04e73738

Log in to reply