I set up an OpenVpn Server & Client.
It's configured as IPv4 with IPv6 'inside'.
I'm trying to get ALL IPv6 traffic from the Client's LAN to go over the OpenVpn
link and out to & in from the net.
Right now I can ping from the Client OpenVpn box out over the vpn link via IPv6.
I can't ping from the Client LAN. Not even to the Server end of the tunnel.
I can't figure out why :-/ and would appreciate any helpful hints!
For this 3 machine setup
REMOTE-SERVER / OpenVpn Server
eth0 X.X.X.X
2600:####:####:4d00::1/64
vpn0 10.0.0.1/24
2600:####:####:4dff::1/64
LOCAL-ROUTER / OpenVpn Client
eth0 Y.Y.Y.Y
vpn0 10.0.0.2/24
2600:####:####:4dff::2/64
eth1 10.128.128.1/24
2600:####:####:4d09::1/64
LAN-PC
eth1 10.128.128.20/24
2600:####:####:4d09::2/64
I'm using this configuration
OpenVPN server
server.conf
bind
ccd-exclusive
client-config-dir ccd/
client-to-client
dev tun1
mode server
proto udp
script-security 2
topology subnet
local X.X.X.X
server 10.0.0.0 255.255.255.0
server-ipv6 2600:####:####:4dff::/64
push "route 10.128.128.0 255.255.255.0"
route 10.128.128.0 255.255.255.0
...
ccd/client.conf
ifconfig-push 10.0.0.2 255.255.255.0
ifconfig-ipv6-push 2600:####:####:4dff::2/64
2600:####:####:4dff::1
push "route-ipv6 2000::/3"
push "redirect-gateway-ipv6 def1"
iroute 10.128.128.0 255.255.255.0
...
OpenVPN client
client.conf
bind
daemon
dev tun1
proto udp
pull
local Y.Y.Y.Y
<connection>
remote X.X.X.X udp
</connection>
...
>From shell on the LOCAL-ROUTER, this works
ping6 -v -c 1 2600:####:####:4dff::1
PING 2600:####:####:4dff::1(2600:####:####:4dff::1) 56 data
bytes
64 bytes from 2600:####:####:4dff::1: icmp_seq=1 ttl=64
time=27.5 ms
But this doesn't.
ping6 -v -c 1 -I 2600:####:####:4d09::1 2600:####:####:4dff::1
PING 2600:####:####:4dff::1(2600:####:####:4dff::1) from
2600:####:####:4d09::1 : 56 data bytes
Where the LAN side of my LOCAL-ROUTER is
ip -6 addr show eth1
eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2600:####:####:4d09::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c2eb:87d3:fcc4:a3ce/64 scope link
valid_lft forever preferred_lft forever
ip -6 addr show tun1
tun1@NONE: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500
qlen 100
inet6 2600:####:####:4dff::2/64 scope global
valid_lft forever preferred_lft forever
ip -6 route show
2600:####:####:4d09::/64 dev eth1 proto kernel metric 256
pref medium
2600:####:####:4dff::/64 dev tun1 proto kernel metric 256
pref medium
2000::/3 dev tun1 metric 1024 pref medium
fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 pref
medium
fe80::/64 dev ifb0 proto kernel metric 256 pref medium
>From the PC-LAN I can ping the LOCAL-ROUTER tunnel endpoint, but can't get any
>further.
I'm not sure what's going wrong here & why I can't ping from the LAN.
Am I missing a route?
- John
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
