From 394588538e72f2c62d5df56cf44bbeabe6554c67 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 2 Jan 2020 17:30:33 -0800 Subject: [PATCH] openvpn: Enable IPv6 for server and client outside the tunnel This enables clients to connect to servers on IPv6 networks. After the connection, the tunnel works just like before. - Make sure that after upgrading the server configuration, if the server is running (which means it was enabled), restart the server to reflect the new configuration. - Don't increment the app version number as it has already been incremented in this release cycle. Tests: - Check that the listen address before the change is 0.0.0.0:1194 and after upgrade (temporarily increment app version number again) the listen address automatically changes to *:1194. - Download the new client profile and use it connect to the server on IPv4 network and observe that there is error during connection. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- actions/openvpn | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/actions/openvpn b/actions/openvpn index b61e932a3..726f1e1a9 100755 --- a/actions/openvpn +++ b/actions/openvpn @@ -50,6 +50,7 @@ ATTR_FILE = os.path.join(KEYS_DIRECTORY, 'pki', 'index.txt.attr') SERVER_CONFIGURATION = ''' port 1194 proto udp +proto udp6 dev tun client-to-client ca /etc/openvpn/freedombox-keys/pki/ca.crt @@ -67,6 +68,7 @@ CLIENT_CONFIGURATION = ''' client remote {remote} 1194 proto udp +proto udp6 dev tun nobind remote-cert-tls server @@ -209,6 +211,8 @@ def subcommand_upgrade(_): action_utils.service_disable(OLD_SERVICE_NAME) action_utils.service_enable(SERVICE_NAME) + action_utils.service_try_restart(SERVICE_NAME) + def _write_server_config(): """Write server configuration."""