Debian:IPv6-in-IPv4 over OpenVPN
遵循(大致)說明https://www.zagbot.com/openvpn_ipv6_tunnel.html在我現在有以下內容:
客戶
martin@theoria:~$ ifconfig eth0 Link encap:Ethernet HWaddr 00:50:8d:b3:fd:f4 inet addr:192.168.0.2 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::250:8dff:feb3:fdf4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:31372164 errors:0 dropped:0 overruns:0 frame:0 TX packets:33131753 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:15453951555 (15.4 GB) TX bytes:26797262646 (26.7 GB) Interrupt:23 Base address:0xa000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1985259 errors:0 dropped:0 overruns:0 frame:0 TX packets:1985259 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:347645379 (347.6 MB) TX bytes:347645379 (347.6 MB) sit1 Link encap:IPv6-in-IPv4 inet6 addr: 2001:41d0:2:b353::10/64 Scope:Global inet6 addr: fe80::a08:a/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.10 P-t-P:10.8.0.9 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:9 errors:0 dropped:0 overruns:0 frame:0 TX packets:14 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1106 (1.1 KB) TX bytes:1598 (1.5 KB) virbr0 Link encap:Ethernet HWaddr 12:86:9c:16:08:fd inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) wlan0 Link encap:Ethernet HWaddr 00:0e:2e:4e:94:8a UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
伺服器
root@martineve:~# ifconfig eth0 Link encap:Ethernet HWaddr e0:69:95:72:85:77 inet addr:188.165.232.xxx Bcast:188.165.232.255 Mask:255.255.255.0 inet6 addr: fe80::e269:95ff:fe72:8577/64 Scope:Link inet6 addr: 2001:41d0:2:b353::1/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:49817 errors:0 dropped:6 overruns:0 frame:0 TX packets:51419 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:21105790 (20.1 MiB) TX bytes:36400780 (34.7 MiB) Interrupt:20 Memory:fe500000-fe520000 eth0:0 Link encap:Ethernet HWaddr e0:69:95:72:85:77 inet addr:87.98.254.xxx Bcast:87.255.255.255 Mask:255.255.255.255 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:20 Memory:fe500000-fe520000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:14274 errors:0 dropped:0 overruns:0 frame:0 TX packets:14274 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10206299 (9.7 MiB) TX bytes:10206299 (9.7 MiB) sit10 Link encap:IPv6-in-IPv4 inet6 addr: 2001:41d0:2:b353::3/64 Scope:Global inet6 addr: fe80::a08:1/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.8.0.1 P-t-P:10.8.0.2 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:16000 errors:0 dropped:0 overruns:0 frame:0 TX packets:13254 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:9839924 (9.3 MiB) TX bytes:5791219 (5.5 MiB)
每個設備都可以通過它們之間的 IPv6 網路 ping 對方:
客戶:
PING 2001:41d0:2:b353::3(2001:41d0:2:b353::3) 56 data bytes 64 bytes from 2001:41d0:2:b353::3: icmp_seq=1 ttl=64 time=25.3 ms
伺服器:
PING 2001:41d0:2:b353::10(2001:41d0:2:b353::10) 56 data bytes 64 bytes from 2001:41d0:2:b353::10: icmp_seq=1 ttl=64 time=94.7 ms
但是,從客戶端,我無法訪問外面的任何地方。
客戶:
martin@theoria:~$ ip -6 route show 2001:41d0:2:b353::/64 via :: dev sit1 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 via :: dev sit1 proto kernel metric 256 default via 2001:41d0:2:b353::1 dev sit1 metric 1024 martin@theoria:~$ sudo route -A inet6 [sudo] password for martin: Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If 2001:41d0:2:b353::/64 :: Un 256 0 1 sit1 fe80::/64 :: U 256 0 0 eth0 fe80::/64 :: Un 256 0 0 sit1 ::/0 2001:41d0:2:b353::1 UG 1024 0 0 sit1 ::/0 :: !n -1 1 520 lo ::1/128 :: Un 0 2 56 lo 2001:41d0:2:b353::10/128 :: Un 0 1 3 lo fe80::a08:a/128 :: Un 0 1 0 lo fe80::250:8dff:feb3:fdf4/128 :: Un 0 1 0 lo ff00::/8 :: U 256 0 0 eth0 ff00::/8 :: U 256 0 0 sit1 ::/0 :: !n -1 1 520 lo
伺服器:
root@martineve:~# ip -6 route show 2001:41d0:2:b353::10 dev sit10 metric 1024 2001:41d0:2:b353::/64 dev eth0 proto kernel metric 256 2001:41d0:2:b353::/64 via :: dev sit10 proto kernel metric 256 2001:41d0:2:b300::/56 dev eth0 proto kernel metric 256 expires 2590467sec fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 via :: dev sit10 proto kernel metric 256 ff00::/8 dev eth0 metric 256 ff00::/8 dev sit10 metric 256 default via fe80::5:73ff:fea0:0 dev eth0 metric 1024 root@martineve:~# route -A inet6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If ::1/128 :: Un 0 1 196 lo 2001:41d0:2:b353::/128 :: Un 0 1 0 lo 2001:41d0:2:b353::/128 :: Un 0 1 0 lo 2001:41d0:2:b353::1/128 :: Un 0 1 101 lo 2001:41d0:2:b353::3/128 :: Un 0 1 3 lo 2001:41d0:2:b353::10/128 :: U 1024 0 0 sit10 2001:41d0:2:b353::/64 :: U 256 0 0 eth0 2001:41d0:2:b353::/64 :: Un 256 0 0 sit10 2001:41d0:2:b300::/56 :: UAe 256 0 2 eth0 fe80::/128 :: Un 0 1 0 lo fe80::a08:1/128 :: Un 0 1 0 lo fe80::e269:95ff:fe72:8577/128 :: Un 0 1 49 lo fe80::/64 :: U 256 0 0 eth0 fe80::/64 :: Un 256 0 0 sit10 ff00::/8 :: U 256 0 0 eth0 ff00::/8 :: U 256 0 0 sit10 ::/0 fe80::5:73ff:fea0:0 UG 1024 0 0 eth0 ::/0 :: !n -1 1 113 lo
伺服器具有 IPv6 通用連接:
PING aaaa.test-ipv6.com(jason-fesler.f0-8.switch2a.fmt.he.net) 56 data bytes 64 bytes from jason-fesler.f0-8.switch2a.fmt.he.net: icmp_seq=1 ttl=53 time=164 ms
客戶不會:
PING aaaa.test-ipv6.com(jason-fesler.f0-8.switch2a.fmt.he.net) 56 data bytes ^C --- aaaa.test-ipv6.com ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2015ms
我試過這個無濟於事:
root@martineve:~# cat /proc/sys/net/ipv6/conf/all/forwarding 1
我需要做什麼才能讓客戶端訪問 IPv6 的外部世界?
好的,最終答案在我的原始連結中!
當你做這種路由時,你必須指定“ip add neigh proxy
$$ ip $$eth0”位。
您有許多具有相同優先級和不同設備的路線。您正在將 /64 路由到 eth0 之外,這可能會導致您出現問題。對於不同的子網,通常更容易使用不同的 /64。
在嘗試聯繫之前驗證網路中的 IPv6 連接。客戶端和主機能否通過 IPv6 相互 ping 通。這必須在你可以路由之前工作。
一些提供商將 /64 專用於您的伺服器和他們的網路之間的路由。這些連接可能只支持一個應該分配給您的外部介面的地址。他們還應該為您的內部網路需求提供 /48、/56 或 /60。
編輯:我再次查看了您的路由並將其與我的進行了比較。我建議檢查你的
ip -6 neigh
輸出。在我的情況下,我有一個隧道上的 IPv6 點對點連結,它沒有顯示我的外部路由器。看來您有一個外部地址 2001:41d0:2:b353::/64 用於外部路由,2001:41d0:2:b300::/56 用於內部網路。嘗試將 2001:41d0:2:b300::/64 用於路由器內部網路塊,將 2001:41d0:2:b301::/64 用於遠端伺服器塊。嘗試更像這樣的配置。伺服器:(sit0 - 2001:41d0:2:b300::2)
default dev eth0 metric 1024 mtu 1480 advmss 1420 hoplimit 0 2000::/3 dev eth0 metric 1024 mtu 1480 advmss 1420 hoplimit 0 2001:41d0:2:b301::/64 via 2001:41d0:2:b301::3 dev sit0 proto kernel metric 256 mtu 1480 advmss 1420 hoplimit 0
客戶:(sit1 - 2001:41d0:2:b301::3)
default dev sit1 metric 1024 mtu 1480 advmss 1420 hoplimit 0 2000::/3 dev via 2001:41d0:2:b3010::2sit1 metric 1024 mtu 1480 advmss 1420 hoplimit 0