mirror of
https://github.com/hwdsl2/openvpn-install.git
synced 2024-05-28 17:03:30 +02:00
Improve IPv6 handling
- When the server does not have a public IPv6 address, push the "block-ipv6" option to the client to help prevent IPv6 leaks on dual-stacked clients. This option is supported in OpenVPN client versions 2.5.x and newer. Ref: https://build.openvpn.net/man/openvpn-2.6/openvpn.8.html - Closes #13. Thanks @do02fw for the suggestion.
This commit is contained in:
parent
c3eb5b8344
commit
2537d32d96
|
@ -656,11 +656,12 @@ topology subnet
|
|||
server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
|
||||
# IPv6
|
||||
if [[ -z "$ip6" ]]; then
|
||||
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server/server.conf
|
||||
echo 'push "block-ipv6"' >> /etc/openvpn/server/server.conf
|
||||
echo 'push "ifconfig-ipv6 fddd:1194:1194:1194::2/64 fddd:1194:1194:1194::1"' >> /etc/openvpn/server/server.conf
|
||||
else
|
||||
echo 'server-ipv6 fddd:1194:1194:1194::/64' >> /etc/openvpn/server/server.conf
|
||||
echo 'push "redirect-gateway def1 ipv6 bypass-dhcp"' >> /etc/openvpn/server/server.conf
|
||||
fi
|
||||
echo 'push "redirect-gateway def1 ipv6 bypass-dhcp"' >> /etc/openvpn/server/server.conf
|
||||
echo 'ifconfig-pool-persist ipp.txt' >> /etc/openvpn/server/server.conf
|
||||
# DNS
|
||||
case "$dns" in
|
||||
|
@ -808,7 +809,7 @@ persist-tun
|
|||
remote-cert-tls server
|
||||
auth SHA256
|
||||
cipher AES-128-GCM
|
||||
ignore-unknown-option block-outside-dns
|
||||
ignore-unknown-option block-outside-dns block-ipv6
|
||||
verb 3" > /etc/openvpn/server/client-common.txt
|
||||
# Enable and start the OpenVPN service
|
||||
(
|
||||
|
|
Loading…
Reference in New Issue
Block a user