07.09.2018 23:47, Adam Mizerski пишет:
W dniu 07.09.2018 o 11:07, Andrei Borzenkov pisze:
On Thu, Sep 6, 2018 at 11:01 PM Adam Mizerski <adam@mizerski.pl> wrote:
Hi,
I have the following situation: I have a VPS with openSUSE 15 Leap on it. It has a public IPv6 address and connectivity with outside world works correctly. I also have a whole /64 subnet to use (public address is not in this subnet).
I want to configure WireGuard so that devices connected to it would have addresses from my subnet (for now set by hand, I'll play with autoconfiguration later) and connectivity to outside world.
My VSP operator requires that all IPv6 traffic should come out of my public address.
Here's what I've got:
# ip -6 a [...] 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000 inet6 {PUBLIC_IP}/64 scope global valid_lft forever preferred_lft forever [...] 3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 state UNKNOWN qlen 1000 inet6 {SUBNET}::1/64 scope global deprecated valid_lft forever preferred_lft 0sec
# ip -6 r local ::1 dev lo proto kernel metric 256 pref medium {SUBNET}::/64 dev wg0 proto kernel metric 256 pref medium {PUBLIC_IP_SUBNET}::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via {GATEWAY} dev eth0 src {PUBLIC_IP} metric 1024 pref medium
# sysctl -a | grep ipv6 | grep forwarding | grep -v mc_forwarding net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.eth0.forwarding = 1 net.ipv6.conf.lo.forwarding = 0 net.ipv6.conf.wg0.forwarding = 1
# ping6 -c1 sixxs.net -I eth0 PING sixxs.net(nlams01.paphosting.net (2a02:898:146::2)) from {PUBLIC_IP} eth0: 56 data bytes 64 bytes from nlams01.paphosting.net (2a02:898:146::2): icmp_seq=1 ttl=58 time=28.1 ms
--- sixxs.net ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 28.109/28.109/28.109/0.000 ms
...
So it looks like this:
# ping6 -c1 sixxs.net PING sixxs.net(nlams01.paphosting.net (2a02:898:146::2)) 56 data bytes From {PUBLIC_IP} ({PUBLIC_IP}) icmp_seq=1 Destination unreachable: Address unreachable ping: sendmsg: Destination address required
--- sixxs.net ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
As you can see, ping failed. But if I use `ping6 -c1 sixxs.net -I eth0` it works, as I wrote before. And I don't see the reason why it fails. Because address on wg0 is deprecated, I though both command should be equivalent.
Earlier you said that connectivity to outside world works correctly. Does it mean only ping fails? Can you connect to any IPv6 using TCP/UDP? strace of both successful and failed ping invocations would be useful.