problems with routing via tinc

[Graeme Tattersall]

Hi,

Hopefully someone can help me.  I've been trying to set up a private 
vpn, for both internal ipv6 and ipv4 traffic.  There are two Hosts 
involved with the vpn at the moment.

I've been struggling with this but am now going round in circles - Can 
anyone recognise and explain what i'm doing wrong?

The tinc daemons are listening on an ipv4 address, connected to the 
standard internet.


                                    -IPV6 Uplink -- Ipv6 Site X
                          TUNNEL --/
                          /
                       --/
               HOST A  -----  INTERNET (ipv4)   ------------ HOST B
                         \                                /
                          \                              /
                           -- TINC (ipv4/24 & ipv6/64) --

Host A is running linux (debian/ubuntu), and has forwarding enabled by 
sysctl for both ipv4 and v6.

My problem is that while Host A and B can talk to each other over the 
TINC vpn interface, using both v4 and v6 addressing.

I am unable to access the ipv6 internet from Host B using the TINC link.

The ipv4/24 is assigned to the tinc interface as is the ipv6/64.

Host B has a static route assigned in the tinc-up script.  For B to 
access the internet, it must send traffic to the Host A side of the 
ipv6/64 link.

If I try to ping6 or trace6 to an site X from A, the connection works, 
the connection goes via the uplink tunnel and out.

If I try to ping6 or trace6 to site X from B however, the connection 
stops at the Host A/Tinc interface.

Tcpdumps taken at both B and A confirm that B is sending pings to A as 
expected.  A does not forward the traffic, and does not return anything 
back to B.   A tcpdump on A's uplink tunnel confirms that the B->X ping 
is not being forwarded on, but I do see the B-X ping coming in on the 
A's TINC interface.

I hope someone can help shed some light onto this puzzle.

Regards,


Graeme