Forwarding IPv6 traffic

Question

How can I forward IPv6 traffic from my tun0 interface to the eth0 interface?

ifconfig:

eth0      Link encap:Ethernet  HWaddr 00:16:3E:12:77:54  
          inet addr:208.111.39.160  Bcast:208.111.39.255  Mask:255.255.255.0
          inet6 addr: 2607:f740:0:3f::eda/64 Scope:Global
          inet6 addr: fe80::216:3eff:fe12:7754/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:65590 errors:0 dropped:499 overruns:0 frame:0
          TX packets:40111 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:13246038 (12.6 MiB)  TX bytes:28807669 (27.4 MiB)
          Interrupt:29 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
          inet6 addr: 2607:f740:44:22::8/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:16876 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16504 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:2235766 (2.1 MiB)  TX bytes:7680377 (7.3 MiB)

I have forwarding enabled:

[root@baobei ~]# sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1

Firewall:

ip6tables -F INPUT
ip6tables -F FORWARD
ip6tables -F OUTPUT
ip6tables -F 

ip6tables -P INPUT ACCEPT
ip6tables -P FORWARD ACCEPT
ip6tables -P OUTPUT ACCEPT

echo -n "1" >/proc/sys/net/ipv6/conf/all/forwarding
echo -n "1" >/proc/sys/net/ipv6/conf/all/proxy_ndp
echo -n "0" >/proc/sys/net/ipv6/conf/all/autoconf
echo -n "0" >/proc/sys/net/ipv6/conf/all/accept_ra
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -A FORWARD -m state --state NEW -i tun0 -o eth0 -s 2607:f740:44:22::/64 -j ACCEPT
ip6tables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT

Routes:

unreachable ::/96 dev lo  metric 1024  error -101
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101
unreachable 2002:a00::/24 dev lo  metric 1024  error -101
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101
unreachable 2002:e000::/19 dev lo  metric 1024  error -101
2607:f740:0:3f::/64 dev eth0  proto kernel  metric 256 
2607:f740:44:22::/64 dev tun0  proto kernel  metric 256 
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev tun0  proto kernel  metric 256 
default via 2607:f740:0:3f::1 dev eth0  metric 1

However ipv6 packets which arrive at the tun0 interface are not routed to the eth0 interface. Thanks for any help, suggestions.

Do you have routes that would make sense here? What is your route table look like? `ip -6 route show` — Zoredache, Dec 20 '12 at 17:49
It's not really a duplicate, no mention of OpenVPN and this is a very specific question, the other very general. — user66779, Dec 20 '12 at 17:51
It's exactly the same issue; you should have updated your existing question rather than start a new one. — Michael Hampton, Dec 20 '12 at 17:53
If you successively get it shut down i'll have to. But as I said this is a narrow question, I would have to delete all the configs and logs from the other question which would make it not make sense to those who already replied. — user66779, Dec 20 '12 at 17:54
This is exactly the detail that you should have provided originally. So go right ahead. — Michael Hampton, Dec 20 '12 at 18:00
@user66779, If this is the same issue, you could also close other question, and just make it go away. — Zoredache, Dec 20 '12 at 18:04
I'll close the other, one of the comments in that question solved a major problem, which just leaves the one in this question, lol. — user66779, Dec 20 '12 at 18:04

score 8 · Accepted Answer · answered Dec 20 '12 at 18:00

8

This is a simple question of routing. Your routing table, doesn't have any routes to direct traffic over the tun0 interface, so nothing gets forwarded that way.

I gather you are using OpenVPN. As far as I know right now, the IPv6 support for OpenVPN doesn't include an IPv6 equivalent of the redirect-gateway option. You probably need to add your own routes with route-ipv6 statements pushed from the server.

answered Dec 20 '12 at 18:00

Zoredache

130,897
41
276
420

According to the manual, --route-ipv6 ipv6addr/bits [gateway] [metric], so i'm guessing route-ipv6 2607:f740:44:22::/64 eth0 1 – user66779 Dec 20 '12 at 18:08
@user66779, no, that is not how you route. Check your route table, a route for `2607:f740:44:22::/64` already exists. What you probably need is a **default route**, or something like what the `def1` option to the ipv4 redirect gateway does for you, by sending a few routes. – Zoredache Dec 20 '12 at 18:16
Like this?: ip -6 route add / via dev ] – user66779 Dec 20 '12 at 18:28
Also found: route -A inet6 add / gw [dev ] – user66779 Dec 20 '12 at 18:30
both of those are commands that add routes, but you are missing the point, the `route-ipv6` openvpn option to set a route is perfectly fine, what you need to figure out is **the correct route(s)** to add. – Zoredache Dec 20 '12 at 18:33
1

adding this fixed it: push "route-ipv6 2607:f740:44:22::/64" push "route-ipv6 2000::/3" but i have no idea why. What does 2000::/3 mean? – user66779 Dec 20 '12 at 18:45
Well for starters, the '::' means this is a sequence of zeros. /3 means netmask for the route. 2000 is a routing prefix. See simipledns.com/private-ipv6.aspx for your own ipv6 routing prefix. – ArrowInTree Dec 25 '12 at 20:09

Forwarding IPv6 traffic

1 Answers1