Mailinglist Archive: opensuse-support (91 mails)

< Previous Next >
Re: [opensuse-support] configuration of ipv6 forwarding
W dniu 08.09.2018 o 07:40, Andrei Borzenkov pisze:
07.09.2018 23:47, Adam Mizerski пишет:


W dniu 07.09.2018 o 11:07, Andrei Borzenkov pisze:
On Thu, Sep 6, 2018 at 11:01 PM Adam Mizerski <adam@xxxxxxxxxxx> wrote:

Hi,

I have the following situation: I have a VPS with openSUSE 15 Leap on
it. It has a public IPv6 address and connectivity with outside world
works correctly. I also have a whole /64 subnet to use (public address
is not in this subnet).



I want to configure WireGuard so that devices connected to it would have
addresses from my subnet (for now set by hand, I'll play with
autoconfiguration later) and connectivity to outside world.

My VSP operator requires that all IPv6 traffic should come out of my
public address.

Here's what I've got:

# ip -6 a
[...]
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 {PUBLIC_IP}/64 scope global
valid_lft forever preferred_lft forever
[...]
3: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 state UNKNOWN qlen 1000
inet6 {SUBNET}::1/64 scope global deprecated
valid_lft forever preferred_lft 0sec

# ip -6 r
local ::1 dev lo proto kernel metric 256 pref medium
{SUBNET}::/64 dev wg0 proto kernel metric 256 pref medium
{PUBLIC_IP_SUBNET}::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via {GATEWAY} dev eth0 src {PUBLIC_IP} metric 1024 pref medium


# sysctl -a | grep ipv6 | grep forwarding | grep -v mc_forwarding
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.wg0.forwarding = 1


# ping6 -c1 sixxs.net -I eth0
PING sixxs.net(nlams01.paphosting.net (2a02:898:146::2)) from
{PUBLIC_IP} eth0: 56 data bytes
64 bytes from nlams01.paphosting.net (2a02:898:146::2): icmp_seq=1
ttl=58 time=28.1 ms

--- sixxs.net ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 28.109/28.109/28.109/0.000 ms

...

So it looks like this:

# ping6 -c1 sixxs.net
PING sixxs.net(nlams01.paphosting.net (2a02:898:146::2)) 56 data bytes
From {PUBLIC_IP} ({PUBLIC_IP}) icmp_seq=1 Destination unreachable:
Address unreachable
ping: sendmsg: Destination address required

--- sixxs.net ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms


As you can see, ping failed. But if I use `ping6 -c1 sixxs.net -I eth0`
it works, as I wrote before. And I don't see the reason why it fails.
Because address on wg0 is deprecated, I though both command should be
equivalent.



Earlier you said that connectivity to outside world works correctly.
Does it mean only ping fails? Can you connect to any IPv6 using TCP/UDP?

strace of both successful and failed ping invocations would be useful.


Pings and everything works correctly before I start (and after I stop)
WireGuard interface.

here are strace outputs:
https://etam.homelinux.com/index.php/s/wmJxaDps6Y3KrA9

It's not only ping failing. "curl -6 sixxs.net" gives error:
curl: (7) Failed to connect to sixxs.net port 80: No route to host

--
Adam Mizerski

< Previous Next >
Follow Ups