0

I have two systems that both tunnel to a core routing server. These systems both have a client address from the same /64 IPv6 prefix. From each client, I can ping the server with no problems and vice versa.

However, I cannot ping other clients. I was wondering if there was any way to accomplish this.

Here is the error when I try to ping another client:

PING 2602:fed2:7706::4(2602:fed2:7706::4) 56 data bytes
From 2602:fed2:7706::2 icmp_seq=1 Time exceeded: Hop limit

Where 2602:fed2:7706::2 is the local client, and 2602:fed2:7706::4 is the other client I am trying to ping.

Edit: The clients do still need to be able to ping the server. Essentially I want to create a big mesh network between all the clients and the server.

Electromaster
  • 1
  • 3
  • Packets using Link-Local IPv6 addressing (`fe80::/10`) cannot be routed, and that is clearly explained in the RFCs. You must use Global (`2000::/3`) or ULA (`fc00::/7`, although only addresses in the `fd00::/8` range with the next 40 bits randomly chosen are correct) IPv6 addressing in order to route packets. You would need to bridge, not route, in order to do what you want. See the [IANA IPv6 Special-Purpose Address Registry](https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml) for IPv6 address ranges that are forwardable. – Ron Maupin Aug 09 '19 at 21:52
  • Those are not the real IPs of my machines. I purchased an IPv6 block (I am not announcing it) and was told by a friend if I included the original IPs in my post it would be removed. I'll edit it to set it back to the original IPs. – Electromaster Aug 09 '19 at 21:58
  • Use the IPv6 range (`2001:db8::/32`) set aside for such things and explain that it is hiding the real addressing, otherwise you will get answers that do not fit your situation. See the range in the link I provided in my previous comment. – Ron Maupin Aug 09 '19 at 21:59
  • In any case, routers route traffic _between_ networks, not from a network back to the same network. You route between networks, and bridge on the same network. – Ron Maupin Aug 09 '19 at 22:01

1 Answers1

0

I managed to get it working thanks to some comments on the original post.

Originally, all the different clients shared addresses out of the /64, and they were all added as /64 (ip addr add <ip>/64 <etc..>). However, I ended up fixing the issue by instead giving each system a /127 (2 addresses. One for the server, one for the client) out of the same /64.

On one system, I did need to add the entire /64 aswell as the /127 to the GRE interface on the client side for the system to think that the addresses were routable, but that only happened on one of my systems.

Keep in mind this only happened because I was using non-announced addresses (this could also happen if you used private addresses), if you had public, routable addresses for each system, that you used over the tunnel, you would not run into this issue.

Electromaster
  • 1
  • 3