diff options
| author | tobhe <tobhe@cvs.openbsd.org> | 2020-01-14 22:28:30 +0000 |
|---|---|---|
| committer | tobhe <tobhe@cvs.openbsd.org> | 2020-01-14 22:28:30 +0000 |
| commit | cd3dfe8f7a93ae564b41cc555ebfc7ba66b1164c (patch) | |
| tree | d4ed9d9cd478c2e32d3736322582ff0f50d76d88 /sbin/iked/iked.c | |
| parent | 4ccef1205d0d73910dcc167eb8d58bf359d1de26 (diff) | |
Remove IPsec flow blocking unencrypted IPv6 traffic which was
meant to prevent VPN leakage but repeatedly broke people's
setups. The -6 flag which used to disable the blocking flow is
now ignored and prints a deprecation warning.
ok kn@ bluhm@ phessler@
Diffstat (limited to 'sbin/iked/iked.c')
| -rw-r--r-- | sbin/iked/iked.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sbin/iked/iked.c b/sbin/iked/iked.c index 6714e0b2088..33c2adf5a4f 100644 --- a/sbin/iked/iked.c +++ b/sbin/iked/iked.c @@ -1,4 +1,4 @@ -/* $OpenBSD: iked.c,v 1.38 2019/11/30 16:07:12 tobhe Exp $ */ +/* $OpenBSD: iked.c,v 1.39 2020/01/14 22:28:29 tobhe Exp $ */ /* * Copyright (c) 2019 Tobias Heider <tobias.heider@stusta.de> @@ -56,7 +56,7 @@ usage(void) { extern char *__progname; - fprintf(stderr, "usage: %s [-6dnSTtv] [-D macro=value] " + fprintf(stderr, "usage: %s [-dnSTtv] [-D macro=value] " "[-f file]\n", __progname); exit(1); } @@ -76,7 +76,8 @@ main(int argc, char *argv[]) while ((c = getopt(argc, argv, "6dD:nf:vSTt")) != -1) { switch (c) { case '6': - opts |= IKED_OPT_NOIPV6BLOCKING; + log_warnx("the -6 option is deprecated and will be " + "removed in the future."); break; case 'd': debug++; |