Ipv6 VPN
Ismael Bouya
ismael.bouya at normalesup.org
Sun Oct 6 15:49:57 CEST 2013
Hi,
I finally solved my problem (I planned to send an email "later", but since
you answered to me I'll make an effort :D ) :
The server (who "owns" the /64 addr) needs more than just "forwarding" set
to 1, I also need to specify proxy_ndp to 1 (in
/proc/sys/net/ipv6/conf/***/proxy_ndp) and to do
ip neigh add proxy ***ipv6*** dev eth0
for each address that will go through the router (including the one on the
vpn6 interface of the server)
Note that if you follow strictly the doc at
http://www.tinc-vpn.org/examples/ipv6-network/
you only need to run the above command for 2001:db8:beef::{2,3,4} on
routera
and then on each router{b,c} you'll have to worry about their own subnet
only
Maybe it should be tried somewhere else. I think it's a problem due to the
fact that I have "only" a /64, and thus all the ip addresses I can address
are in the "interface" scope of the ip6 address. Since I don't have access
to a /48 I cannot run more tests about this asumption, but I'd be quite
interested in knowing whether it is true or not (maybe someone there has
this kind of network and can check both the value of
/proc/sys/net/ipv6/conf/***/proxy_ndp on "routera" and
run ip -6 neigh show proxy
to check the necessity of this in larger network?)
> Hm, that's indeed strange. However, the example on the website is a bit
> complicated, maybe you could simplify your setup. Does home need its own /64 or
> does it need only a /128? Do you plan to add more nodes or not?
Each "node" only needed a /128, the /96 was a "bonus", but none of the
methods I tried worked
> > I also put /proc/sys/net/ipv{4,6}/conf/all/forwarding to 1 everywhere,
> > but without success.
> >
> > Did I miss anything?
>
> Make sure you don't have firewall rules blocking the forwarding of IPv6
> packets. Also, what does the routing table look like on home?
I also checked that, and the routing table at home was correct. The example
documentation is perfect but for the proxy_ndp problem.
Maybe you should put a note about it in the example?
Anyway, thanks for all (and especially for this wonderfull program :D )
Best regards,
--
Ismaël
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20131006/ff7f7368/attachment.sig>
More information about the tinc
mailing list