Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Problem with OpenVPN + Sixxs IPv6 + Routing, AICCU and radvd
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Pegasus87
Guru
Guru


Joined: 09 Sep 2004
Posts: 369

PostPosted: Tue Nov 19, 2013 9:28 pm    Post subject: Problem with OpenVPN + Sixxs IPv6 + Routing, AICCU and radvd Reply with quote

Hello,

I have some issues on my local server and network with IPv6 routing. My IPv6 tunnel is provided by sixxs and worked great for a long time. The configuration was as simple as it could be: The server has 2 interfaces, eth0 and eth1. eth0 is used for the local LAN with subnet 192.168.4.X. eth1 is used with ppp0 to connect to the internet. Additionaly the sixxs interface was created by AICCU. The radvd ran on eth0 with this config:
Code:

interface eth0 {
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix <my_subnet>::/64 {
                AdvOnLink on;
                AdvAutonomous on;
        };                       
};

Everything worked fine, each client in 192.168.4.X got an IPv6 global link address and was able to connect through the server to the internet.

Now:
Last week I tried to set up an OpenVPN server to make a remote network (connected via wifi) available in my local network. Therefore I added a bridge to /etc/conf.d/net to connect my eth0 and the tap0 of the VPN tunnel.
Code:

config_eth0="null"
rc_net_br0_need="net.eth0 openvpn.bridge"
bridge_br0="eth0 tap0"
# or dynamically add them when the interface comes up
#bridge_add_eth0="br0"
config_br0="192.168.4.1/24
        <my_subnet>::1/64"

As you can see eth0 now has no IP address, br0 gets the IP eth0 had before and the ::1 of my IPv6 subnet. br0 is waiting for the openvpn until it provides the tap0 and then combine eth0 and tap0.
So far so good...
After replacing eth0 by br0 in my shorewall configuration everything worked as before (for IPv4 !!). To get IPv6 working again I replaced eth0 with br0 in radvd.conf too:
Code:

interface br0 {
        AdvSendAdvert on;
        MinRtrAdvInterval 30;
        MaxRtrAdvInterval 100;
        prefix <my_subnet>::/64 {
                AdvOnLink on;
                AdvAutonomous on;
        };                       
};

After that my ip addr show on the server looks like that:
Code:

5: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000
    link/ether 00:01:2e:23:bc:9a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::201:2eff:fe23:bc9a/64 scope link
       valid_lft forever preferred_lft forever
37: sixxs: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN
    link/sit 92.226.70.22 peer 78.35.24.135
    inet6 <tunnel>::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a8:401/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::5ce2:4619/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a8:2cbc/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::c0a8:501/64 scope link
       valid_lft forever preferred_lft forever
72: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100
    link/ether 5e:d7:61:ee:ec:36 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::5cd7:61ff:feee:ec36/64 scope link
       valid_lft forever preferred_lft forever
73: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 00:01:2e:23:bc:9a brd ff:ff:ff:ff:ff:ff
    inet 192.168.4.1/24 brd 192.168.4.255 scope global br0
    inet6 <my_sub>::1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::201:2eff:fe23:bc9a/64 scope link
       valid_lft forever preferred_lft forever

And here is the ip -6 route on the server:
Code:

<tunnel>::/64 via :: dev sixxs  proto kernel  metric 256
<my_subnet>::/64 dev eth1  proto kernel  metric 256  expires 69563sec
<my_subnet>::/64 dev br0  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 via :: dev sixxs  proto kernel  metric 256
fe80::/64 dev tap0  proto kernel  metric 256
fe80::/64 dev br0  proto kernel  metric 256
default via <my_subnet>::1 dev sixxs  metric 1024

Pinging an external IPv6 ip from the server is no problem, but pinging from a machine in my local network IT IS! Here you see:
Code:

# ping6 ipv6.google.com
PING ipv6.google.com(ber01s09-in-x12.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
15 packets transmitted, 0 received, 100% packet loss, time 13999ms

A client in the 192.168.4.X network gets a correct IPv6 address from the radvd, for example:
Code:

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 <my_subnet>:52e5:49ff:fe5f:26d4/64 scope global dynamic
       valid_lft 86375sec preferred_lft 14375sec
    inet6 fe80::52e5:49ff:fe5f:26d4/64 scope link
       valid_lft forever preferred_lft forever

It's a scope global dynamic so it should be possible to communicate with the internet.
The routing table on this client looks like that:
Code:

<my_subnet>::/64 dev eth0  proto kernel  metric 256  expires 86370sec
fe80::/64 dev eth0  proto kernel  metric 256
ff00::/8 dev eth0  metric 256
default via fe80::201:2eff:fe23:bc9a dev eth0  proto ra  metric 1024  expires 270sec

You can see that it goes per default via the link local address of the br0 (fe80::201:2eff:fe23:bc9a) of the server machine. But there seems to be the problem... The server is not able to get the package through the sixxs interface.

I didn't do anything more or less than in my old configuration without the VPN tap0 and the br0 interface. What's the matter here? I just plugged 2 interfaces together... Why it's not working anymore?

Thanks for help!
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum