[Pkg-utopia-maintainers] Bug#672249: IPv6 should be deactivated

Philipp Kern pkern at debian.org
Wed May 9 13:14:31 UTC 2012 

Package: network-manager-openvpn
Version: 0.9.4.0-1
Severity: normal
Tags: ipv6

I see the following in the log:

May  9 14:52:12 spike NetworkManager[1927]: <info> Policy set 'SCC rz-netze-s1' (tap0) as default for IPv4 routing and DNS.
May  9 14:52:12 spike NetworkManager[1927]: <info> Policy set 'Pigeon_A' (wlan0) as default for IPv6 routing and DNS.

Sadly that's pretty much wrong.  The OpenVPN plugin does not support IPv6
configuration at all.  As long as "Use this connection only for routes on its
network" is unchecked (i.e. the default), IPv6 connectivity should be
suppressed if not obtained through the VPN.

In principle it's possible to get v6 connectivity through the TAP device
without explicit OpenVPN support.  If v6 connectivity is still preserved on the
other interfaces, then longest prefix match will take effect, which might be
right for most addresses, but is wrong for some (like if the organization uses
multiple different prefixes).  So to allow proper v6 tunneling, the other
interfaces should have their IPv6 deactivated.  If the tunnel does not provide
IPv6 (or when we simply don't know) then the other interfaces should also have
their IPv6 deactivated.  I think it's fair to leave it on iff one ticks the
split tunneling option as mentioned above.

Sadly central firewalls are still common and this mismatch causes hosts
reachable from the internal network to be reachable via IPv4, but not IPv6.

Kind regards
Philipp Kern

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing'), (300, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager-openvpn depends on:
ii  libc6             2.13-32
ii  libdbus-1-3       1.5.12-1
ii  libdbus-glib-1-2  0.98-1
ii  libglib2.0-0      2.32.0-4
ii  libnm-glib-vpn1   0.9.4.0-3
ii  libnm-glib4       0.9.4.0-3
ii  libnm-util2       0.9.4.0-3
ii  openvpn           2.2.1-8

network-manager-openvpn recommends no packages.

network-manager-openvpn suggests no packages.

-- no debconf information

More information about the Pkg-utopia-maintainers mailing list