Hi Selva
ip -6 route
2600:x:x:4d00::/64 dev eth0 proto kernel metric 256 pref
medium
2600:x:x:4dff::/64 dev tun1 proto kernel metric 256 pref
medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 metric 1024 pref medium
ip -4 route
default via X.X.X.1 dev eth0
10.0.0.0/24 dev tun1 proto kernel scope link src 10.0.0.1
X.X.X.0/24 dev eth0 proto kernel scope link src X.X.X.X
10.128.128.0/24 via 10.0.0.2 dev tun1
> I was only testing, so manually added the route -- in your case that would be
> ip -6 route add 2600:x:x:4d09::/64 via 2600:x:x:4dff::y
> where y is the v6 IP of the VPN client (the LAN router in your case) -- y =
> 2 in your case?
Ok I added on the REMOTE-SERVER
ip -6 route add 2600:x:x:4d09::/64 via 2600:x:x:4dff::2
So now I have
ip -6 route
2600:x:x:4d00::/64 dev eth0 proto kernel metric 256 pref
medium
2600:x:x:4d09::/64 via 2600:x:x:4dff::2 dev tun1 metric 1024
pref medium
2600:x:x:4dff::/64 dev tun1 proto kernel metric 256 pref
medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 metric 1024 pref medium
But it doesn't make any difference. Still can't get out from the client side
LAN.
> To state the obvious, also make sure the traffic to this prefix is not
> firewalled.
Sure that's one of the FIRST things I was fumbling around with. While testing
I turned on verbose logging in the firewalls on both ends and don't see
anything being DROPd or REJECTd.
I don't really know if this is only a firewall or routing problem or both :-(
> I don't know the best practice for handling routes to delegated prefixes; I
> guess it depends on whether the delegation is handled by some service running
> on the server or not. If the delegation is managed manually, the route could
> be setup by in a client-connect script or be permanently added?
Once I can get it working I guess there's a bunch of places to do it. Since
its OpenVpn related probably in OpenVpn configuration.
> P.S. This may not be a problem in your case, but I had to set accept_ra = 2
> on the Linode as otherwise ipv6_forward=1 disables "Accept Router
> Advertisements".
I checked on the REMOTE-SERVER. Right now it's
cat /proc/sys/net/ipv6/conf/{all,tun1,eth0}/accept_ra
1
1
1
So I did
echo 2 > /proc/sys/net/ipv6/conf/all/accept_ra
echo 2 > /proc/sys/net/ipv6/conf/tun1/accept_ra
echo 2 > /proc/sys/net/ipv6/conf/eth0/accept_ra
cat /proc/sys/net/ipv6/conf/{all,tun1,eth0}/accept_ra
2
2
2
But it's still the same. No ping.
- John
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
