[tribby]

by only looking at the source (haven't installed it) I'm guessing this leaks ipv6 addresses and probably shouldn't be used. this is the second openvpn install script to match that description today.

[jlgaddis]

Your comment would have been a lot more useful if you provided a link to info on how to prevent that.

[tribby]

sorry, I had mentioned it in the other thread -- in your openvpn config set server-ipv6 and use tun-ipv6[0].

depending on your server environment you'll want to use ip6tables with essentially the same commands as iptables, substituting for ipv6 addresses.

0. https://community.openvpn.net/openvpn/wiki/IPv6

[jlgaddis]

(delayed response)

Thanks.

In the past, I've had a habit of passing "ipv6.disable=1" (a.k.a. the "nuclear option") to the kernel on hosts I manage. I'm trying to get away from that, though, and lately, I've simply been dropping "everything IPv6" in my rulesets to avoid things like this.