Ipv6 VPN

Ismael Bouya ismael.bouya at normalesup.org
Fri Oct 4 11:00:17 CEST 2013


Hi all,
I am trying to configure tinc for my network: I have one server with a
public /64 IP6 address and one IP4 address, and some other computers with
possibly only local addresses (NAT, and router which I don't control)

I configured tinc so that all the clients connect by ipv4 to the server
with the public address.

So I have something like this

Ovh (the provider of the server "immae.eu") says :
IP :   	94.23.52.215
IPv6 :   	2001:41d0:2:35d7::/64

The links that I see :

[OVH, 2001:41d0:2:35ff:ff:ff:ff:fe ]
  |
  |
  |
eth0 [immae.eu, 2001:41d0:2:35d7::1/64 and 94.23.52.215/24]
vpn6 [2001:41d0:2:35d7:1::1/96]
  |
  |
  |
vpn6 [home, 2001:41d0:2:35d7:1::2/96]
wlan0 [2001:41d0:2:35d7:1:2:0:1/96 and 192.168.0.5 (local network)]


The connexion between immae.eu and home works very good, I can ping
eachother both ways. However, I cannot contact home from outsite, and
neither can I contact outside from home. Each time, I'm locked at
immae.eu not finding home.


my route table on immae.eu :
2001:41d0:2:35d7:1::/96 dev vpn6  proto kernel  metric 256 
2001:41d0:2:35d7:1:2::/96 via 2001:41d0:2:35d7:1::2 dev vpn6  metric 1024 
2001:41d0:2:35d7:1::/80 dev vpn6  metric 1024 
2001:41d0:2:35d7::/64 dev eth0  proto kernel  metric 256 
2001:41d0:2:35d7::/64 dev eth0  metric 1024 
2001:41d0:2:35ff:ff:ff:ff:ff dev eth0  metric 1024 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev vpn6  proto kernel  metric 256 
default via 2001:41d0:2:35ff:ff:ff:ff:ff dev eth0  metric 1024 

If I understand well, it should say that all traffic to
2001:41d0:2:35d7:1:: should go to somewhere through vpn6

However, when I try to ping 2001:41d0:2:35d7:1::2 from outsite, I see
immae.eu desperately trying to find it on eth0 (with tcpdump), and not
trying vpn6. I even tried to put eth0 address to 2001:41d0:2:35d7::1/128
and to disable the corresponding routes, but it keeps asking on eth0.

I also put /proc/sys/net/ipv{4,6}/conf/all/forwarding to 1 everywhere,
but without success.

Did I miss anything?

I think the informations I gave here are enought, but I can provide more
information if you need

(NB: the subnets are correctly defined in the configuration, I followed
the guide in 
http://www.tinc-vpn.org/examples/ipv6-network/
)

Thanks in advance !
-- 
Immae
-- 
Ismaël
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20131004/f74b52fd/attachment.sig>


More information about the tinc mailing list