Linux

Debian:IPv6-in-IPv4 over OpenVPN

  • February 9, 2017

遵循(大致)說明https://www.zagbot.com/openvpn_ipv6_tunnel.html在我現在有以下內容:

客戶

martin@theoria:~$ ifconfig 
eth0      Link encap:Ethernet  HWaddr 00:50:8d:b3:fd:f4  
         inet addr:192.168.0.2  Bcast:192.168.0.255  Mask:255.255.255.0
         inet6 addr: fe80::250:8dff:feb3:fdf4/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:31372164 errors:0 dropped:0 overruns:0 frame:0
         TX packets:33131753 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000 
         RX bytes:15453951555 (15.4 GB)  TX bytes:26797262646 (26.7 GB)
         Interrupt:23 Base address:0xa000 

lo        Link encap:Local Loopback  
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:1985259 errors:0 dropped:0 overruns:0 frame:0
         TX packets:1985259 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:347645379 (347.6 MB)  TX bytes:347645379 (347.6 MB)

sit1      Link encap:IPv6-in-IPv4  
         inet6 addr: 2001:41d0:2:b353::10/64 Scope:Global
         inet6 addr: fe80::a08:a/128 Scope:Link
         UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
         inet addr:10.8.0.10  P-t-P:10.8.0.9  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:9 errors:0 dropped:0 overruns:0 frame:0
         TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100 
         RX bytes:1106 (1.1 KB)  TX bytes:1598 (1.5 KB)

virbr0    Link encap:Ethernet  HWaddr 12:86:9c:16:08:fd  
         inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
         UP BROADCAST MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:0e:2e:4e:94:8a  
         UP BROADCAST MULTICAST  MTU:1500  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000 
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

伺服器

root@martineve:~# ifconfig 
eth0      Link encap:Ethernet  HWaddr e0:69:95:72:85:77  
         inet addr:188.165.232.xxx  Bcast:188.165.232.255  Mask:255.255.255.0
         inet6 addr: fe80::e269:95ff:fe72:8577/64 Scope:Link
         inet6 addr: 2001:41d0:2:b353::1/64 Scope:Global
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:49817 errors:0 dropped:6 overruns:0 frame:0
         TX packets:51419 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000 
         RX bytes:21105790 (20.1 MiB)  TX bytes:36400780 (34.7 MiB)
         Interrupt:20 Memory:fe500000-fe520000 

eth0:0    Link encap:Ethernet  HWaddr e0:69:95:72:85:77  
         inet addr:87.98.254.xxx  Bcast:87.255.255.255  Mask:255.255.255.255
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         Interrupt:20 Memory:fe500000-fe520000 

lo        Link encap:Local Loopback  
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:14274 errors:0 dropped:0 overruns:0 frame:0
         TX packets:14274 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:10206299 (9.7 MiB)  TX bytes:10206299 (9.7 MiB)

sit10     Link encap:IPv6-in-IPv4  
         inet6 addr: 2001:41d0:2:b353::3/64 Scope:Global
         inet6 addr: fe80::a08:1/128 Scope:Link
         UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0 
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
         inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
         UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
         RX packets:16000 errors:0 dropped:0 overruns:0 frame:0
         TX packets:13254 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:100 
         RX bytes:9839924 (9.3 MiB)  TX bytes:5791219 (5.5 MiB)

每個設備都可以通過它們之間的 IPv6 網路 ping 對方:

客戶:

PING 2001:41d0:2:b353::3(2001:41d0:2:b353::3) 56 data bytes
64 bytes from 2001:41d0:2:b353::3: icmp_seq=1 ttl=64 time=25.3 ms

伺服器:

PING 2001:41d0:2:b353::10(2001:41d0:2:b353::10) 56 data bytes
64 bytes from 2001:41d0:2:b353::10: icmp_seq=1 ttl=64 time=94.7 ms

但是,從客戶端,我無法訪問外面的任何地方。

客戶:

martin@theoria:~$ ip -6 route show
2001:41d0:2:b353::/64 via :: dev sit1  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 via :: dev sit1  proto kernel  metric 256 
default via 2001:41d0:2:b353::1 dev sit1  metric 1024 
martin@theoria:~$ sudo route -A inet6
[sudo] password for martin: 
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:41d0:2:b353::/64          ::                         Un   256 0     1 sit1
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         Un   256 0     0 sit1
::/0                           2001:41d0:2:b353::1        UG   1024 0     0 sit1
::/0                           ::                         !n   -1  1   520 lo
::1/128                        ::                         Un   0   2    56 lo
2001:41d0:2:b353::10/128       ::                         Un   0   1     3 lo
fe80::a08:a/128                ::                         Un   0   1     0 lo
fe80::250:8dff:feb3:fdf4/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 sit1
::/0                           ::                         !n   -1  1   520 lo

伺服器:

root@martineve:~# ip -6 route show
2001:41d0:2:b353::10 dev sit10  metric 1024 
2001:41d0:2:b353::/64 dev eth0  proto kernel  metric 256 
2001:41d0:2:b353::/64 via :: dev sit10  proto kernel  metric 256 
2001:41d0:2:b300::/56 dev eth0  proto kernel  metric 256  expires 2590467sec
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 via :: dev sit10  proto kernel  metric 256 
ff00::/8 dev eth0  metric 256 
ff00::/8 dev sit10  metric 256 
default via fe80::5:73ff:fea0:0 dev eth0  metric 1024 
root@martineve:~# route -A inet6 
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::1/128                        ::                         Un   0   1   196 lo
2001:41d0:2:b353::/128         ::                         Un   0   1     0 lo
2001:41d0:2:b353::/128         ::                         Un   0   1     0 lo
2001:41d0:2:b353::1/128        ::                         Un   0   1   101 lo
2001:41d0:2:b353::3/128        ::                         Un   0   1     3 lo
2001:41d0:2:b353::10/128       ::                         U    1024 0     0 sit10
2001:41d0:2:b353::/64          ::                         U    256 0     0 eth0
2001:41d0:2:b353::/64          ::                         Un   256 0     0 sit10
2001:41d0:2:b300::/56          ::                         UAe  256 0     2 eth0
fe80::/128                     ::                         Un   0   1     0 lo
fe80::a08:1/128                ::                         Un   0   1     0 lo
fe80::e269:95ff:fe72:8577/128  ::                         Un   0   1    49 lo
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         Un   256 0     0 sit10
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 sit10
::/0                           fe80::5:73ff:fea0:0        UG   1024 0     0 eth0
::/0                           ::                         !n   -1  1   113 lo

伺服器具有 IPv6 通用連接:

PING aaaa.test-ipv6.com(jason-fesler.f0-8.switch2a.fmt.he.net) 56 data bytes
64 bytes from jason-fesler.f0-8.switch2a.fmt.he.net: icmp_seq=1 ttl=53 time=164 ms

客戶不會:

PING aaaa.test-ipv6.com(jason-fesler.f0-8.switch2a.fmt.he.net) 56 data bytes
^C
--- aaaa.test-ipv6.com ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms

我試過這個無濟於事:

root@martineve:~# cat /proc/sys/net/ipv6/conf/all/forwarding 
1

我需要做什麼才能讓客戶端訪問 IPv6 的外部世界?

好的,最終答案在我的原始連結中!

當你做這種路由時,你必須指定“ip add neigh proxy

$$ ip $$eth0”位。

您有許多具有相同優先級和不同設備的路線。您正在將 /64 路由到 eth0 之外,這可能會導致您出現問題。對於不同的子網,通常更容易使用不同的 /64。

在嘗試聯繫之前驗證網路中的 IPv6 連接。客戶端和主機能否通過 IPv6 相互 ping 通。這必須在你可以路由之前工作。

一些提供商將 /64 專用於您的伺服器和他們的網路之間的路由。這些連接可能只支持一個應該分配給您的外部介面的地址。他們還應該為您的內部網路需求提供 /48、/56 或 /60。

編輯:我再次查看了您的路由並將其與我的進行了比較。我建議檢查你的ip -6 neigh輸出。在我的情況下,我有一個隧道上的 IPv6 點對點連結,它沒有顯示我的外部路由器。看來您有一個外部地址 2001:41d0:2:b353::/64 用於外部路由,2001:41d0:2:b300::/56 用於內部網路。嘗試將 2001:41d0:2:b300::/64 用於路由器內部網路塊,將 2001:41d0:2:b301::/64 用於遠端伺服器塊。嘗試更像這樣的配置。

伺服器:(sit0 - 2001:41d0:2:b300::2)

default dev eth0   metric 1024  mtu 1480 advmss 1420 hoplimit 0
2000::/3  dev eth0  metric 1024  mtu 1480 advmss 1420 hoplimit 0
2001:41d0:2:b301::/64  via 2001:41d0:2:b301::3 dev sit0  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0

客戶:(sit1 - 2001:41d0:2:b301::3)

default dev sit1   metric 1024  mtu 1480 advmss 1420 hoplimit 0
2000::/3  dev via 2001:41d0:2:b3010::2sit1 metric 1024  mtu 1480 advmss 1420 hoplimit 0

引用自:https://serverfault.com/questions/351657