Mailinglist Archive: opensuse-support (91 mails)

< Previous Next >
Re: [opensuse-support] configuration of ipv6 forwarding
15.09.2018 14:09, Adam Mizerski пишет:


W dniu 15.09.2018 o 09:18, Andrei Borzenkov pisze:
11.09.2018 01:21, Adam Mizerski пишет:
W dniu 09.09.2018 o 08:49, Andrei Borzenkov pisze:
09.09.2018 00:13, Adam Mizerski пишет:

Earlier you said that connectivity to outside world works correctly.
Does it mean only ping fails? Can you connect to any IPv6 using TCP/UDP?

strace of both successful and failed ping invocations would be useful.


Pings and everything works correctly before I start (and after I stop)
WireGuard interface.

here are strace outputs:
https://etam.homelinux.com/index.php/s/wmJxaDps6Y3KrA9


sendto() fails immediately with EDESTADDRREQ which makes no sense
because destination address *is* provided. I cannot reproduce it at all.
If I create the same configuration (to the extent rather scarce details
you provided allow) I get "Network is unreachable" when explicitly
selecting the second interface without default route. And for the first
interface I either get timeout or address unreachable depending on which
gateway I set (I get address unreachable if I set dummy gateway with
real public address).

Something must be different on your system. You say VPS - is it some
sort of container? What platform does it run on?

It's a KVM virtual machine, with openSUSE Leap 15, which I installed by
myself from ISO.

"to the extent rather scarce details you provided allow" - I tried to
provide enough info to describe the situation, without dumping half of
my system in one email. If you need more info, I can provide it, just
tell me what you need.


Full "ip a" and "ip r" output would be helpful. Also full output of
"journalctl -b" in case there is something in logs.


Here you go: https://etam.homelinux.com/index.php/s/EWRQ8XP2rxcASX6


Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip link set mtu 1420 dev wg0
Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip link set wg0 up
Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] wg set wg0 fwmark 51820
Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip -6 route add ::/0 dev
wg0 table 51820
Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip -6 rule add not fwmark
51820 table 51820
Sep 15 12:57:41 etam-hitme wg-quick[2210]: [#] ip -6 rule add table main
suppress_prefixlength 0


This makes wg0 default interface while allowing only packets to directly
connected LAN on other interfaces. My understanding is that you need
exactly opposite. You probably need to change your WireGuard
configuration to not declare wg0 as default route.

It's not only ping failing. "curl -6 sixxs.net" gives error:
curl: (7) Failed to connect to sixxs.net port 80: No route to host









< Previous Next >
Follow Ups