Up and down scripts need to be informed of tun-ipv6 setting

[zackw]

If the client config file doesn't have 'tun-ipv6' in it, but the server sends IPv6 addressing options anyway, the automatic network configuration will ignore them:

Wed Jul 29 16:22:46 2015 PUSH: Received control message: 'PUSH_REPLY,topology subnet,route-gateway REDACTED,dhcp-option DNS REDACTED,ping 10,ping-restart 90,redirect-gateway def1,ifconfig-ipv6 2001:REDACTED::2/64 2001:REDACTED::1,route-ipv6 2000::/3 2001:REDACTED::1,explicit-exit-notify 2,ifconfig REDACTED 255.255.255.0'
Wed Jul 29 16:22:46 2015 OPTIONS IMPORT: timers and/or timeouts modified
Wed Jul 29 16:22:46 2015 OPTIONS IMPORT: explicit notify parm(s) modified
Wed Jul 29 16:22:46 2015 OPTIONS IMPORT: --ifconfig/up options modified
Wed Jul 29 16:22:46 2015 OPTIONS IMPORT: route options modified
Wed Jul 29 16:22:46 2015 OPTIONS IMPORT: route-related options modified
Wed Jul 29 16:22:46 2015 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Wed Jul 29 16:22:46 2015 ROUTE_GATEWAY REDACTED/255.255.255.0 IFACE=eth1 HWADDR=REDACTED
Wed Jul 29 16:22:46 2015 ROUTE6: default_gateway=UNDEF
Wed Jul 29 16:22:46 2015 TUN/TAP device tun0 opened
Wed Jul 29 16:22:46 2015 TUN/TAP TX queue length set to 100
Wed Jul 29 16:22:46 2015 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=1
Wed Jul 29 16:22:46 2015 /sbin/ip link set dev tun0 up mtu 1500
Wed Jul 29 16:22:46 2015 /sbin/ip addr add dev tun0 REDACTED/24 broadcast REDACTED
Wed Jul 29 16:22:46 2015 /sbin/ip route add REDACTED/32 via REDACTED
Wed Jul 29 16:22:46 2015 /sbin/ip route add 0.0.0.0/1 via REDACTED
Wed Jul 29 16:22:46 2015 /sbin/ip route add 128.0.0.0/1 via REDACTED
Wed Jul 29 16:22:46 2015 add_route_ipv6(): not adding 2000::/3, no IPv6 on if tun0
Wed Jul 29 16:22:46 2015 Initialization Sequence Completed

This is the Right Thing -- in my case, anyway, the server is advertising IPv6 but it doesn't actually work, and the proxy service's customer support is all 'yeah, when it works we'll set the config file to say so'. However, for unrelated reasons I have to use an --up script and --ifconfig-noexec, and the environment passed to the script includes all the IPv6 addressing information but does not report whether tun-ipv6 has been set: either way I get something like

X509_...=REDACTED
common_name=server
config=REDACTED
daemon=0
daemon_log_redirect=0
daemon_pid=29128
daemon_start_time=1438202090
dev=tun0
dev_type=tun
foreign_option_1=dhcp-option DNS REDACTED
ifconfig_broadcast=REDACTED
ifconfig_ipv6_local=REDACTED::2
ifconfig_ipv6_netbits=64
ifconfig_ipv6_remote=REDACTED::1
ifconfig_local=REDACTED
ifconfig_netmask=255.255.255.0
link_mtu=1541
local_port_1=0
proto_1=udp
remote_1=REDACTED
remote_port_1=53
route_ipv6_gateway_1=REDACTED::1
route_ipv6_network_1=2000::/3
route_net_gateway=10.0.0.1
route_vpn_gateway=10.200.4.1
script_context=init
script_type=up
tls_...=REDACTED
trusted_ip=REDACTED
trusted_port=53
tun_mtu=1500
untrusted_ip=REDACTED
untrusted_port=53
verb=3

Please add an environment variable that indicates whether {{{tun-ipv6}} is set.

[JJK]

We've discussed this ticket at the OpenVPN Hackathon and would like to use a different solution:

if the client does not have "tun-ipv6" set then none of the *_ipv6_* env vars will be set.

Please let us know if this solution also solves your problem :)

[tct]

I'm guessing a lot has change regarding ipv6 since 2016(ish)

Can this be closed ?

[Gert Döring]

This can be closed, as tun-ipv6 is a no-op these days. There is nothing it will do.

IPv6 will be configured when there is IPv6 config in the client config or pushed from the server, and the tun/tap interface will always be in "multiprotocol" mode.

This was changed in 2016...

commit 86e2fa5597fd1ad8e0102f134c63d6bc8cb7c291
Author: Arne Schwabe <arne@…>
Date: Thu Oct 13 18:54:16 2016 +0200

Remove tun-ipv6 Option. Instead assume that IPv6 is always supported.

and went into 2.4.0