Date: Tue, 27 Nov 2012 15:29:36 +0100 From: Seth Mos <seth.mos@dds.nl> To: freebsd-net@freebsd.org Subject: Re: VPN traffic leaks in IPv6/IPv4 dual-stack networks/hosts Message-ID: <50B4CE50.4060508@dds.nl> In-Reply-To: <50B4C714.6080206@gont.com.ar> References: <50B4C714.6080206@gont.com.ar>
next in thread | previous in thread | raw e-mail | index | archive | help
Op 27-11-2012 14:58, Fernando Gont schreef: > Folks, > > FYI. This is might affect FreeBSD users employing e.g. OpenVPN: > <http://tools.ietf.org/html/draft-gont-opsec-vpn-leakages>. > > For a project such as OpenVPN, a (portable) fix might be non-trivial. > However, I guess FreeBSD might hook some PF rules when establishing the > VPN tunnel, such that e.g. all v6 traffic is filtered (yes, this is > certainly not the most desirable fix, but still probably better than > having your supposedly-secured traffic being sent in the clear). No need for filtering. Just forward the traffic over the tunnel. The newer OpenVPN already supports IPv6 and both servers and clients are actively out in the wild. Even the Android OpenVPN client supports both stacks. Our OpenVPN server for road warriors sends a IPv6 prefix to be used on OpenVPN as well as a IPv4 address. It works well. Regards, Seth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50B4CE50.4060508>