Skip to content

Commit

Permalink
Improve IPv6 handling
Browse files Browse the repository at this point in the history 
- When the server does not have a public IPv6 address, add "block-ipv6"
  to the client configuration to help prevent IPv6 leaks. This option
  is supported in OpenVPN client versions 2.5.x and newer.
- Closes #13. Thanks @do02fw for the suggestion.
  • Loading branch information
@hwdsl2
hwdsl2 committed Jul 11, 2023
1 parent c3eb5b8 commit 4856e0d
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion openvpn-install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -656,6 +656,7 @@ topology subnet
server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
# IPv6
if [[ -z "$ip6" ]]; then
echo 'push "block-ipv6"' >> /etc/openvpn/server/server.conf
echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server/server.conf
else
echo 'server-ipv6 fddd:1194:1194:1194::/64' >> /etc/openvpn/server/server.conf
Expand Down Expand Up @@ -808,7 +809,7 @@ persist-tun
remote-cert-tls server
auth SHA256
cipher AES-128-GCM
ignore-unknown-option block-outside-dns
ignore-unknown-option block-outside-dns block-ipv6
verb 3" > /etc/openvpn/server/client-common.txt
# Enable and start the OpenVPN service
(
Expand Down

0 comments on commit 4856e0d

Please sign in to comment.