Ticket #614: 0001-Add-option-push-suppress-ipv6-to-stop-sending-IPv6-i.patch

File 0001-Add-option-push-suppress-ipv6-to-stop-sending-IPv6-i.patch, 4.8 KB (added by cron2, 2 years ago)

Add option to 2.x git master to selectively suppress sending IPv6 options in push reply

  • doc/openvpn.8

    From 4cd76f8712ee5b10a2047e67d45e6ad2929609a3 Mon Sep 17 00:00:00 2001
    From: Gert Doering <gert@greenie.muc.de>
    Date: Mon, 19 Oct 2015 20:03:38 +0200
    Subject: [PATCH] Add option --push-suppress-ipv6 to stop sending IPv6 info to
     clients.
    
    Workaround option for servers that have IPv6 working just fine, but
    need to turn it off for individual clients - in that case, set this
    option in the --client-config-dir file for a particular user, or
    via --client-connect script/plugin hook for a particular platform
    (like IOS 9.0.2)
    
    Trac #614
    
    Signed-off-by: Gert Doering <gert@greenie.muc.de>
    ---
     doc/openvpn.8         |  8 ++++++++
     src/openvpn/options.c |  6 ++++++
     src/openvpn/options.h |  1 +
     src/openvpn/push.c    | 33 +++++++++++++++++++++++++--------
     4 files changed, 40 insertions(+), 8 deletions(-)
    
    diff --git a/doc/openvpn.8 b/doc/openvpn.8
    index 3a86409..4cfc796 100644
    a b for more details how to setup and use this, and how 
    57045704and
    57055705.B \-\-route
    57065706interact.
     5707.TP
     5708.B \-\-push\-suppress\-ipv6
     5709remove all IPv6 related options from the list of options that the
     5710server will send to a client.  Only needed if the server has IPv6 in
     5711general, but one particular client (or client OS) is known to have
     5712problems with IPv6 - so this can be sent from a \-\-client\-config\-dir
     5713file (for a particular user), or a \-\-client\-connect script (evaluating
     5714peer-info variables, like IV_PLAT=)
    57075715
    57085716.\"*********************************************************
    57095717.SH SCRIPTING AND ENVIRONMENTAL VARIABLES
  • src/openvpn/options.c

    diff --git a/src/openvpn/options.c b/src/openvpn/options.c
    index 5654830..ee2615a 100644
    a b static const char usage_message[] = 
    409409  "                  execution.  Peer must specify --pull in its config file.\n"
    410410  "--push-reset    : Don't inherit global push list for specific\n"
    411411  "                  client instance.\n"
     412  "--push-suppress-ipv6 : do not send IPv6 config to client instance.\n"
    412413  "--ifconfig-pool start-IP end-IP [netmask] : Set aside a pool of subnets\n"
    413414  "                  to be dynamically allocated to connecting clients.\n"
    414415  "--ifconfig-pool-linear : Use individual addresses rather than /30 subnets\n"
    add_option (struct options *options, 
    58815882      options->push_ifconfig_ipv6_netbits = netbits;
    58825883      options->push_ifconfig_ipv6_remote = remote;
    58835884    }
     5885  else if (streq (p[0], "push-suppress-ipv6") && !p[1])
     5886    {
     5887      VERIFY_PERMISSION (OPT_P_INSTANCE);
     5888      options->push_suppress_ipv6 = true;
     5889    }
    58845890  else if (streq (p[0], "disable") && !p[1])
    58855891    {
    58865892      VERIFY_PERMISSION (OPT_P_INSTANCE);
  • src/openvpn/options.h

    diff --git a/src/openvpn/options.h b/src/openvpn/options.h
    index c642aa0..dee5994 100644
    a b struct options 
    434434  struct in6_addr push_ifconfig_ipv6_local;             /* IPv6 */
    435435  int             push_ifconfig_ipv6_netbits;           /* IPv6 */
    436436  struct in6_addr push_ifconfig_ipv6_remote;            /* IPv6 */
     437  bool push_suppress_ipv6;                              /* no-IPv6 */
    437438  bool enable_c2c;
    438439  bool duplicate_cn;
    439440  int cf_max;
  • src/openvpn/push.c

    diff --git a/src/openvpn/push.c b/src/openvpn/push.c
    index a4cb726..cdfafe4 100644
    a b send_push_reply (struct context *c) 
    251251
    252252  if ( c->c2.push_ifconfig_ipv6_defined )
    253253    {
    254       /* IPv6 is put into buffer first, could be lengthy */
    255       buf_printf( &buf, ",ifconfig-ipv6 %s/%d %s",
    256                     print_in6_addr( c->c2.push_ifconfig_ipv6_local, 0, &gc),
    257                     c->c2.push_ifconfig_ipv6_netbits,
    258                     print_in6_addr( c->c2.push_ifconfig_ipv6_remote, 0, &gc) );
    259       if (BLEN (&buf) >= safe_cap)
     254      if ( c->options.push_suppress_ipv6 )
    260255        {
    261           msg (M_WARN, "--push ifconfig-ipv6 option is too long");
    262           goto fail;
     256          msg( M_INFO, "send_push_reply(): suppress sending ifconfig-ipv6" );
     257        }
     258      else
     259        {
     260          /* IPv6 is put into buffer first, could be lengthy */
     261          buf_printf( &buf, ",ifconfig-ipv6 %s/%d %s",
     262                        print_in6_addr( c->c2.push_ifconfig_ipv6_local, 0, &gc),
     263                        c->c2.push_ifconfig_ipv6_netbits,
     264                        print_in6_addr( c->c2.push_ifconfig_ipv6_remote, 0, &gc) );
     265          if (BLEN (&buf) >= safe_cap)
     266            {
     267              msg (M_WARN, "--push ifconfig-ipv6 option is too long");
     268              goto fail;
     269            }
    263270        }
    264271    }
    265272
    send_push_reply (struct context *c) 
    268275      if (e->enable)
    269276        {
    270277          const int l = strlen (e->option);
     278
     279          if ( c->options.push_suppress_ipv6 &&
     280                ( strncmp( e->option, "tun-ipv6", 8 ) == 0 ||
     281                  strncmp( e->option, "route-ipv6", 10 ) == 0 ) )
     282            {
     283              msg( M_INFO, "send_push_reply(): suppress sending '%s'", e->option );
     284              goto next;
     285            }
     286
    271287          if (BLEN (&buf) + l >= safe_cap)
    272288            {
    273289              buf_printf (&buf, ",push-continuation 2");
    send_push_reply (struct context *c) 
    288304            }
    289305          buf_printf (&buf, ",%s", e->option);
    290306        }
     307next:
    291308      e = e->next;
    292309    }
    293310