Ipv6 VPN
Ismael Bouya
ismael.bouya at normalesup.org
Fri Oct 4 11:00:17 CEST 2013
Hi all,
I am trying to configure tinc for my network: I have one server with a
public /64 IP6 address and one IP4 address, and some other computers with
possibly only local addresses (NAT, and router which I don't control)
I configured tinc so that all the clients connect by ipv4 to the server
with the public address.
So I have something like this
Ovh (the provider of the server "immae.eu") says :
IP : 94.23.52.215
IPv6 : 2001:41d0:2:35d7::/64
The links that I see :
[OVH, 2001:41d0:2:35ff:ff:ff:ff:fe ]
|
|
|
eth0 [immae.eu, 2001:41d0:2:35d7::1/64 and 94.23.52.215/24]
vpn6 [2001:41d0:2:35d7:1::1/96]
|
|
|
vpn6 [home, 2001:41d0:2:35d7:1::2/96]
wlan0 [2001:41d0:2:35d7:1:2:0:1/96 and 192.168.0.5 (local network)]
The connexion between immae.eu and home works very good, I can ping
eachother both ways. However, I cannot contact home from outsite, and
neither can I contact outside from home. Each time, I'm locked at
immae.eu not finding home.
my route table on immae.eu :
2001:41d0:2:35d7:1::/96 dev vpn6 proto kernel metric 256
2001:41d0:2:35d7:1:2::/96 via 2001:41d0:2:35d7:1::2 dev vpn6 metric 1024
2001:41d0:2:35d7:1::/80 dev vpn6 metric 1024
2001:41d0:2:35d7::/64 dev eth0 proto kernel metric 256
2001:41d0:2:35d7::/64 dev eth0 metric 1024
2001:41d0:2:35ff:ff:ff:ff:ff dev eth0 metric 1024
fe80::/64 dev eth0 proto kernel metric 256
fe80::/64 dev vpn6 proto kernel metric 256
default via 2001:41d0:2:35ff:ff:ff:ff:ff dev eth0 metric 1024
If I understand well, it should say that all traffic to
2001:41d0:2:35d7:1:: should go to somewhere through vpn6
However, when I try to ping 2001:41d0:2:35d7:1::2 from outsite, I see
immae.eu desperately trying to find it on eth0 (with tcpdump), and not
trying vpn6. I even tried to put eth0 address to 2001:41d0:2:35d7::1/128
and to disable the corresponding routes, but it keeps asking on eth0.
I also put /proc/sys/net/ipv{4,6}/conf/all/forwarding to 1 everywhere,
but without success.
Did I miss anything?
I think the informations I gave here are enought, but I can provide more
information if you need
(NB: the subnets are correctly defined in the configuration, I followed
the guide in
http://www.tinc-vpn.org/examples/ipv6-network/
)
Thanks in advance !
--
Immae
--
Ismaël
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20131004/f74b52fd/attachment.sig>
More information about the tinc
mailing list