I'm moving all IPv6 traffic from my LOCAL-ROUTER+LAN over a Vpn link to &
through a REMOTE-SERVER.
Seems to be working.
Checking my firewall logs on the REMOTE-SERVER I see
Aug 22 13:04:26 remote01 kernel: [78121.376357] FW:vpn12net:REJECT
IN=tun1 OUT=eth0 SRC=2600:x:x:4d09:0000:0000:0000:0007
DST=2610:00a1:1017:0000:0000:0000:0000:00e8 LEN=97 TC=0 HOPLIMIT=62 FLOWLBL=0
PROTO=UDP SPT=42150 DPT=53 LEN=57
This UDP/53 traffic is clearly DNS.
SRC=SRC=2600:x:x:4d09:0000:0000:0000:0007 is a desktop on the client-side LAN.
DST=2610:00a1:1017:0000:0000:0000:0000:00e8 is a DNS server @ 'ultradns' (Don't
know why it's using their DNS; I don't.)
host 2610:00a1:1017:0000:0000:0000:0000:00e8
8.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.1.0.1.1.a.0.0.0.1.6.2.ip6.arpa domain
name pointer pdns196.ultradns.co.uk.
I have a DNS server on my local LAN.
It's launched in IPv4-only mode; I just didn't get around to changing it to
IPv6 yet.
It listens right now ONLY on IPv4, and only forwards to IPv4 addresses.
My desktop, ...:0007, has it's nameserver set to use the local DNS
/etc/resolv.conf
nameserver 10.128.128.53
So all of its queries should be going out ONLY via IPv4.
I guess what I don't get is why anything DNS is going out vie IPv6 over the VPN
then?
I know there's general routing, openvpn routing, and firewall all involved.
Don't know where to look yet :-/
So what's that rejected traffic about?
Where in configs do I make sure that only the IPv4 DNS is used?
Does accessing an IPv6 site in a browser automatically mean that the query will
ALSO go out via IPv6? Do I need some sort of an exception?
- John
------------------------------------------------------------------------------
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
