Refuse to try configuring IPv6 if MTU is <1280

IPv6 requires a minimum MTU of 1280. If MTU is <1280, it appears that any-and-all IPv6-related configuration, including setting addresses and routes, will immediately fail on Linux, where iproute(8) gives very cryptic errors like: RTNETLINK answers: Invalid argument error This will prevent vpn-slice from completing a working setup even for IPv4. Rather than overlooking this problem or silently ignoring IPv6 configuration issues, we should *fail* when IPv6 configuration is requested but the MTU is too small, and request that the user add `--disable-ipv6` to the OpenConnect command line, which should prevent OpenConnect from requesting or providing any IPv6 configuration to vpn-slice. Ping #148.
dlenski · Apr 12, 2024 · c77905f · c77905f
1 parent b0140e9
commit c77905f
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/vpn_slice/__main__.py b/vpn_slice/__main__.py
@@ -455,6 +455,14 @@ def parse_env(environ=os.environ):
             print("WARNING: IPv6 split network (CISCO_IPV6_SPLIT_%s_%d_{ADDR,MASKLEN}) %s/%d has host bits set, replacing with %s" % (pfx, n, ad, nml, net), file=stderr)
         env['split' + pfx.lower()].append(net)
 
+    # If MTU is <1280, then IPv6 is not possible.
+    # Furthermore, it appears that any-and-all IPv6-related configuration will fail (at
+    # least on Linux, where iproute(8) gives very cryptic errors like
+    # "RTNETLINK answers: Invalid argument error"), preventing vpn-slice from completing
+    # a working setup even for IPv4.
+    if env.mtu < 1280 and (env.myaddr6 or any(r.version == 6 for r in env.splitinc)):
+        raise RuntimeError("MTU of %d is too small for IPv6 (minimum 1280). Invoke OpenConnect with --disable-ipv6 to configure for IPv4 only" % env.mtu, file=stderr)
+
     return env
 
 # Parse command-line arguments and environment