Guus Sliepen [2016-05-24 11:26 +0200] :> On Tue, May 24, 2016 at 08:17:07AM +0200, Niklaas Baudet von Gersdorff wrote:[...]> > A $ cat /usr/local/etc/tinc/klaas/tinc-up > > ifconfig $INTERFACE inet6 fd16:dcc0:f4cc:0:0:1:0:1 prefixlen 80 > > route -6 add -host fd16:dcc0:f4cc:0:0:2:0:1 fd16:dcc0:f4cc:0:0:1:0:1 > > route -6 add -net fd16:dcc0:f4cc:0:0:2::/96 fd16:dcc0:f4cc:0:0:1:0:1 > > #route -6 add -ifp $INTERFACE -host fd16:dcc0:f4cc::2:0:1 fd16:dcc0:f4cc::1:0:1 > > #route -6 add -ifp $INTERFACE -net fd16:dcc0:f4cc::2:0:0/96 fd16:dcc0:f4cc::1:0:1 > > All those route commands are unnecessary. The ifconfig command already > ensures there is a route for fd16:dcc0:f4cc::/80 to tinc's interface.Thanks a lot for pointing that out. I cleaned both `tinc-up` and `tinc-down`; now they only contain `ifconfig $INTERFACE [...]` for both IPv4 and IPv6.> Hm, what if you use Device = /dev/tun0 instead? > > If this still doesn't work, then try to find out what happens with the > packets you are sending. Run tinc in the foreground (use the options > -d5 -D), and then run ping6 fd16:dcc0:f4cc:0:0:2:0:1 in another > terminal. Does tinc see the packets? Does it send them to B? If so, > the problem might be on B. If it doesn't get the packets, try tcpdump > on all the interfaces to see where those packets are going.Although I had checked my configuration by running tinc in the foreground, it seems that I have never done so while setting `-d5` and ping6ing simultaneously. Thanks a lot for mentioning that again -- I made some progress! So, when I try to `ping6 fd16:dcc0:f4cc:0:0:2:1:1` `tinc -D -d5` gives me the following output: Cannot route packet: neighbor solicitation request for unknown address fd16:dcc0:f4cc:0:0:2:1:1 Thus, it seems that my IPv6 setup is broken (somehow). I'll search for FreeBSD related solutions and will keep you updated. Niklaas
Niklaas Baudet von Gersdorff [2016-05-24 12:08 +0200] :> So, when I try to `ping6 fd16:dcc0:f4cc:0:0:2:1:1` `tinc -D -d5` gives > me the following output: > > Cannot route packet: neighbor solicitation request for unknown address fd16:dcc0:f4cc:0:0:2:1:1 > > Thus, it seems that my IPv6 setup is broken (somehow). I'll search for > FreeBSD related solutions and will keep you updated.Setting rtsold (router solicitation daemon) and rtadvd (router advertisement daemon) to their default settings and starting them, turns the error into: Cannot route packet from box_fra_01 (MYSELF): unknown IPv6 destination address fd16:dcc0:f4cc:0:0:2:1:1
On Tue, May 24, 2016 at 12:08:38PM +0200, Niklaas Baudet von Gersdorff wrote:> So, when I try to `ping6 fd16:dcc0:f4cc:0:0:2:1:1` `tinc -D -d5` gives > me the following output: > > Cannot route packet: neighbor solicitation request for unknown address fd16:dcc0:f4cc:0:0:2:1:1This means that either tinc is not connected to B, or that B does not have the right Subnet statement in its host config file. It should be Subnet = fd16:dcc0:f4cc:0:0:2::/96. With those long IPv6 addresses, it's easy to make a typo, so double check it :) -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160524/2e38340e/attachment.sig>
Guus Sliepen [2016-05-24 12:31 +0200] :> On Tue, May 24, 2016 at 12:08:38PM +0200, Niklaas Baudet von Gersdorff wrote: > > > So, when I try to `ping6 fd16:dcc0:f4cc:0:0:2:1:1` `tinc -D -d5` gives > > me the following output: > > > > Cannot route packet: neighbor solicitation request for unknown address fd16:dcc0:f4cc:0:0:2:1:1 > > This means that either tinc is not connected to B,I just realised that I cannot ping4 if I use /dev/tun0. I reverted my configuration back to /dev/tap0. Following this, ping4 works again, so I assume that tinc is connected.> or that B does not have the right Subnet statement in its host config > file. It should be Subnet = fd16:dcc0:f4cc:0:0:2::/96. With those long > IPv6 addresses, it's easy to make a typo, so double check it :)I double checked and it seems fine. Because four eyes see more than two: :) A $ cat /usr/local/etc/tinc/hosts/B Address = B Subnet = fd16:dcc0:f4cc:0:0:2::/96 Subnet = 10.2.0.0/16 -----BEGIN RSA PUBLIC KEY----- <secret> -----END RSA PUBLIC KEY----- The same file is on B. Niklaas