Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
provider: Toggle IPv6 on the transport of IPv4 VPN connection
[provider] Toggle IPv6 on the transport of IPV4 VPN. JB#48769 Add support to disable/enable IPv6 on the transport of the VPN that uses IPv4. This change eliminates the data and DNS leak to IPv6 when dual-stack transport is used on a IPv4 only VPN. Otherwise with an AAAA record for a requested hostname the traffic can bypass the VPN to transport's IPv6 network if the DNS server of the VPN serves both A and AAAA requests. If multiple connection technologies (SingleConnectedTechnology omitted or false) are in use IPv6 support is changed on system level. The value of SingleConnectedTechnology does not change run-time so there should not be a possibility for inconsistent state. To get the transport utilize the recorded transport from plugins/vpn.c. Disable IPv6 when state changes to READY (also ONLINE but that is never used with VPNs) for IPv4 provider. Record the old IPv6 method for re-enabling the IPv6 on the used transport. When provider state changes to DISCONNECT or FAILURE re-enable IPv6 the transport using the recorded method.
- Loading branch information
1 parent
f839c26
commit d68291d
Showing
2 changed files
with
181 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters