From 4856e0d23a3eebf458bc5525becde2e12cd23def Mon Sep 17 00:00:00 2001
From: hwdsl2 <hwdsl2@users.noreply.github.com>
Date: Mon, 10 Jul 2023 21:40:48 -0500
Subject: [PATCH] Improve IPv6 handling

- When the server does not have a public IPv6 address, add "block-ipv6"
  to the client configuration to help prevent IPv6 leaks. This option
  is supported in OpenVPN client versions 2.5.x and newer.
- Closes #13. Thanks @do02fw for the suggestion.
---
 openvpn-install.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/openvpn-install.sh b/openvpn-install.sh
index 46f429c..4713017 100644
--- a/openvpn-install.sh
+++ b/openvpn-install.sh
@@ -656,6 +656,7 @@ topology subnet
 server 10.8.0.0 255.255.255.0" > /etc/openvpn/server/server.conf
 	# IPv6
 	if [[ -z "$ip6" ]]; then
+		echo 'push "block-ipv6"' >> /etc/openvpn/server/server.conf
 		echo 'push "redirect-gateway def1 bypass-dhcp"' >> /etc/openvpn/server/server.conf
 	else
 		echo 'server-ipv6 fddd:1194:1194:1194::/64' >> /etc/openvpn/server/server.conf
@@ -808,7 +809,7 @@ persist-tun
 remote-cert-tls server
 auth SHA256
 cipher AES-128-GCM
-ignore-unknown-option block-outside-dns
+ignore-unknown-option block-outside-dns block-ipv6
 verb 3" > /etc/openvpn/server/client-common.txt
 	# Enable and start the OpenVPN service
 	(