New on LowEndTalk? Please Register and read our Community Rules.
Running own IPv6 over IPv4 tunnel - connecting it to the internet?
linuxthefish
Member
in Help
Hi,
Server A: I have an IPv6 enabled server with a /48 and an IPv4 address.
Server B: I have an IPv4 only server with a single static IPv4.
I've setup a linux 6in4 to tunnel a /64 from within my /48 from server A to server B.
Server A has been assigned ::1 and server B has been assigned ::2, and everything is good and they can ping each other. They cannot ping addresses outside their /64.
Now for some strange reason I would like to be able to use the internet on Server B. This involves connecting to the default gateway in the /48! How would I do this?
Comments
Server A:
tun-6in4 Link encap:IPv6-in-IPv4 inet6 addr: 2a04:4444:7:efef::1/64 Scope:Global inet6 addr: fe80::b979:1803/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:232 errors:0 dropped:0 overruns:0 frame:0 TX packets:235 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:24128 (23.5 KiB) TX bytes:24728 (24.1 KiB)Server A's IPv6 Address:
Server B:
tun-6in4 Link encap:IPv6-in-IPv4 inet6 addr: 2a04:4444:7:efef::2/64 Scope:Global inet6 addr: fe80::b973:7d02/128 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1 RX packets:229 errors:0 dropped:0 overruns:0 frame:0 TX packets:232 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:24104 (23.5 KiB) TX bytes:24128 (23.5 KiB)Looking good:
Not good when trying to ping ISP default gateway over tunnel.
That's not how it works. The default gateway for ServerB will be ServerA, and then ServerA will route packets back and forth between the ISP network and the tunnel. ServerA will need to have forwarding enabled in the OS, and allowed in ip6tables.
Your default gw for server B will be 2a04:4444:7:efef::1. If you need any help setting it up please do let me know :-).
Thanks guys, I've tried setting the default gateway for the IPv6 tunnel on server B to 2a04:4444:7:efef::1 using the command
but still no luck.
Output of "ip -6 route":
and the route to Google shows as:
Do you have the IPv6 forwarding enabled on server A as @rm_ said? Can you see the packets with tcpdump on server A while you ping google on server B?
Is this net routed to your tunnel server?
Double check the forwarding for v6 and see if you can ping 2a04:4444:7:efef::1 externally.
I've re-configured it as a ifcfg-sit2 file on CentOS server B to make adding the routes easier:
Server B:
So it's definitely using 2a04:4444:7:efef::1 as the default route for all ipv6.
Yeah the packets are coming over the tunnel when i try to ping6 google.com from Server B:
I've not done any routing on ServerA (the side with native /48 ipv6), just configured a tunnel manually using the following:
Your ISP needs to route the subnet to your server, otherwise it will not work.
It won't work.
the /48 is likely not specifically routed to this host. Your server has ::4, meaning that ::1 is likely the router for this subnet. You'd need to have the subnet routed directly to your server to make it work.
Won't 2a04:4444:7:efef::/64 already be inside 2a04:4444:7::/48 routed to my server?
Yeah it might be routed to your server, but not "through" it.
What your provider would have to do on their router, is this:
That's what it means for the subnet to be routed.
However even if they don't do it and it's not routed, you can workaround that by using
ndppd. It can basically turn any subnet or part of it into a routed one.Holy fuck I love you rm! All working great now with ndppd, thanks everyone for your help.