Hi,
Hopefully someone can help me. I've been trying to set up a private
vpn, for both internal ipv6 and ipv4 traffic. There are two Hosts
involved with the vpn at the moment.
I've been struggling with this but am now going round in circles - Can
anyone recognise and explain what i'm doing wrong?
The tinc daemons are listening on an ipv4 address, connected to the
standard internet.
-IPV6 Uplink -- Ipv6 Site X
TUNNEL --/
/
--/
HOST A ----- INTERNET (ipv4) ------------ HOST B
\ /
\ /
-- TINC (ipv4/24 & ipv6/64) --
Host A is running linux (debian/ubuntu), and has forwarding enabled by
sysctl for both ipv4 and v6.
My problem is that while Host A and B can talk to each other over the
TINC vpn interface, using both v4 and v6 addressing.
I am unable to access the ipv6 internet from Host B using the TINC link.
The ipv4/24 is assigned to the tinc interface as is the ipv6/64.
Host B has a static route assigned in the tinc-up script. For B to
access the internet, it must send traffic to the Host A side of the
ipv6/64 link.
If I try to ping6 or trace6 to an site X from A, the connection works,
the connection goes via the uplink tunnel and out.
If I try to ping6 or trace6 to site X from B however, the connection
stops at the Host A/Tinc interface.
Tcpdumps taken at both B and A confirm that B is sending pings to A as
expected. A does not forward the traffic, and does not return anything
back to B. A tcpdump on A's uplink tunnel confirms that the B->X ping
is not being forwarded on, but I do see the B-X ping coming in on the
A's TINC interface.
I hope someone can help shed some light onto this puzzle.
Regards,
Graeme
On Sun, Feb 24, 2008 at 04:33:50AM +0000, Graeme Tattersall wrote:> -IPV6 Uplink -- Ipv6 Site X > TUNNEL --/ > / > --/ > HOST A ----- INTERNET (ipv4) ------------ HOST B > \ / > \ / > -- TINC (ipv4/24 & ipv6/64) -- > > My problem is that while Host A and B can talk to each other over the > TINC vpn interface, using both v4 and v6 addressing. > > I am unable to access the ipv6 internet from Host B using the TINC link.You should have added the following to the host config file of host A: Subnet = 2000:0:0:0:0:0:0:0/3 If you already did, I need more information. Send your tinc.conf, tinc-up and hosts/*. Also try to run tinc with the options -d5 -D, and then try to ping a global IPv6 site from host B, and look at what tinc is logging. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://www.tinc-vpn.org/pipermail/tinc/attachments/20080224/8b16be7e/attachment.pgp
Guus Sliepen wrote:> > You should have added the following to the host config file of host A: > > Subnet = 2000:0:0:0:0:0:0:0/3 >Hi, Thanks for replying. I have added the /3 subnet as suggested. I can now able to browse the ipv6 internet from my host B. Cheers Graeme