problems with routing via tinc
Graeme Tattersall
wildph at wildph.net
Sun Feb 24 05:33:50 CET 2008
Hi,
Hopefully someone can help me. I've been trying to set up a private
vpn, for both internal ipv6 and ipv4 traffic. There are two Hosts
involved with the vpn at the moment.
I've been struggling with this but am now going round in circles - Can
anyone recognise and explain what i'm doing wrong?
The tinc daemons are listening on an ipv4 address, connected to the
standard internet.
-IPV6 Uplink -- Ipv6 Site X
TUNNEL --/
/
--/
HOST A ----- INTERNET (ipv4) ------------ HOST B
\ /
\ /
-- TINC (ipv4/24 & ipv6/64) --
Host A is running linux (debian/ubuntu), and has forwarding enabled by
sysctl for both ipv4 and v6.
My problem is that while Host A and B can talk to each other over the
TINC vpn interface, using both v4 and v6 addressing.
I am unable to access the ipv6 internet from Host B using the TINC link.
The ipv4/24 is assigned to the tinc interface as is the ipv6/64.
Host B has a static route assigned in the tinc-up script. For B to
access the internet, it must send traffic to the Host A side of the
ipv6/64 link.
If I try to ping6 or trace6 to an site X from A, the connection works,
the connection goes via the uplink tunnel and out.
If I try to ping6 or trace6 to site X from B however, the connection
stops at the Host A/Tinc interface.
Tcpdumps taken at both B and A confirm that B is sending pings to A as
expected. A does not forward the traffic, and does not return anything
back to B. A tcpdump on A's uplink tunnel confirms that the B->X ping
is not being forwarded on, but I do see the B-X ping coming in on the
A's TINC interface.
I hope someone can help shed some light onto this puzzle.
Regards,
Graeme
More information about the tinc
mailing list