[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
> Yes, this is VERY confusing. however, they are different, and here we
> are talking about the former, not the latter.
In that case the following from kame source tree's IMPLEMENTATION file:
Connection of IPv6 Domains via IPv4 Clouds without Explicit Tunnels
* "stf" interface implements it. Be sure to read the next item before
configuring it, there are security issues.
Possible abuse against IPv6 transition technologies
* KAME does not implement RFC1933/2893 automatic tunnel.
* "stf" interface implements some address filters. Refer to stf(4)
for details. Since there's no way to make 6to4 interface 100% secure,
we do not include "stf" interface into GENERIC.v6 compilation.
* kame/openbsd completely disables IPv4 mapped address support.
* kame/netbsd makes IPv4 mapped address support off by default.
* See section 1.12.6 and 1.14 for more details.
Security issues will obviously make OpenBSD suspicious about implementing
them and hence they have disabled this stf interface.