Which causes users query on non-encrypted IPv6 traffic when a rogue RA server activate IPv6. IPv6 can leak information that IPv4 doesn't, which is not acceptable for many usersĪs I understand the paper you linked (english isn't my native language, and I only read 3.1 at the time), the leakage appears because VPN providers only uses IPv4 but also reply AAAA on DNS query.
#TAP OPENVPN TUNNELBLICK HOW TO#
I know, but a double warning made them panic and they don't know how to check that the config is safe.
#TAP OPENVPN TUNNELBLICK SOFTWARE#
I do not want Tunnelblick installing potentially dangerous software without making it very clear to the user that it is potentially dangerous. Users are warned that your up script may be malware, not that it is malware. RA = Router Advertisement, a part of IPv6 that announces routes. What is the "RA" referred to in the title of this Issue? Or respect user's assumption when they said that they want IPv6 activated on TAP device (or name it "May enable IPv6 on TAP device", because current name is confusing). For example, by activate IPv6 anyway if the server push IPv6 configuration even if route-gateway is not DHCP. I think the correct way to handle this is not making IPv4 configuration block IPv6 configuration. We can create an up script but by doing this, users are warn twice that the configuration file is a malware that try to steal their computer.
We can setup a DHCP server for IPv4, but ifconfig-pool is pretty statisfying.We have two way to bypass this, and both are unsatisfying : This do not happen with Linux clients (we don't have any Windows client to test). WARNING: Will NOT set up IPv6 on TAP device because it does not use DHCP Root cause was Tunnelblick refusing to setup IPv6 because IPv4 was not configured with DHCP, even while the "enable IPv6 on TAP device" is checked :
Logs reported that he was still using is ISP v6 address. One of our clients report that he cannot connect to one of our ressources even while connected to the tunnel. I am running an OpenVPN server with both IPv4 and IPv6 on a TAP interface.
0 kommentar(er)
