OK, my network setup is just a *little* odd, but shouldn't be an issue. I've had IPv6 working within my own network for a while, using the autogenerated link-local addresses, and everything seems to work there.
The relevant parts of the network setup are as follows:
'vengeance' is the main server, connected to the primary ethernet (call it eth0).
'ocypete' is a second machine, also connected to eth0, but also with a virtual network (vmnet0). Ocypete is set up to bridge vmnet0 and eth0.
'squeezebase' is a virtual machine running on ocypete, connected to vmnet0 (which it locally calls eth0 just for confusion's sake).
vengeance has an IPv4 connection to the outside world via a router also connected to eth0, and has been set up to tunnel IPv6 packets.
Details of the tunnel are as follows:
Server IPv6 address: 2001:470:1f08:e9d::1/64
Client IPv6 address: 2001:470:1f08:e9d::2/64
Routed /64: 2001:470:1f09:e9d::/64
Vengeance's eth0 is configured thus:
eth0 Link encap:Ethernet HWaddr 00:19:db:45:fd:59
inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:470:1f09:e9d::1/64 Scope:Global
inet6 addr: fe80::219:dbff:fe45:fd59/64 Scope:Link
Squeezebase's virtual eth0 is also configured similarly:
eth0 Link encap:Ethernet HWaddr 00:0c:29:b0:57:e6
inet addr:192.168.1.144 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:470:1f09:e9d::2/64 Scope:Global
inet6 addr: fe80::20c:29ff:feb0:57e6/64 Scope:Link
These addresses work locally:
vengeance:~# ping6 2001:470:1f09:e9d::2
PING 2001:470:1f09:e9d::2(2001:470:1f09:e9d::2) 56 data bytes
64 bytes from 2001:470:1f09:e9d::2: icmp_seq=1 ttl=64 time=2.36 ms
squeezebase:~# ping6 2001:470:1f09:e9d::1
PING 2001:470:1f09:e9d::1(2001:470:1f09:e9d::1) 56 data bytes
64 bytes from 2001:470:1f09:e9d::1: icmp_seq=1 ttl=64 time=2.63 ms
Vengeance is able to talk to the outside world:
vengeance:~# ping6 2001:470:1f08:e9d::1
PING 2001:470:1f08:e9d::1(2001:470:1f08:e9d::1) 56 data bytes
64 bytes from 2001:470:1f08:e9d::1: icmp_seq=1 ttl=64 time=41.7 ms
vengeance:~# ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8002::68) 56 data bytes
64 bytes from 2a00:1450:8002::68: icmp_seq=1 ttl=57 time=48.8 ms
I've set vengeance up to forward ipv6 packets:
vengeance:~# cat /proc/sys/net/ipv6/conf/eth0/forwarding
1
vengeance:~# cat /proc/sys/net/ipv6/conf/sit1/forwarding
1
Squeezebase has a default route set up:
squeezebase:~# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:470:1f09:e9d::/64 :: U 256 0 1 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 2001:470:1f09:e9d::1 UG 1 0 81 eth0
::/0 :: !n -1 1 92 lo
::1/128 :: Un 0 1 4 lo
2001:470:1f09:e9d::2/128 :: Un 0 1 13 lo
fe80::20c:29ff:feb0:57e6/128 :: Un 0 1 12 lo
ff00::/8 :: U 256 0 1 eth0
::/0 :: !n -1 1 92 lo
But squeezebase can't ping externally:
squeezebase:~# ping6 2001:470:1f08:e9d::1
PING 2001:470:1f08:e9d::1(2001:470:1f08:e9d::1) 56 data bytes
^C
--- 2001:470:1f08:e9d::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2007ms
Although it can ping vengeance's tunnel endpoint address:
squeezebase:~# ping6 2001:470:1f08:e9d::2
PING 2001:470:1f08:e9d::2(2001:470:1f08:e9d::2) 56 data bytes
64 bytes from 2001:470:1f08:e9d::2: icmp_seq=1 ttl=64 time=1.84 ms
Can somebody tell me what I've done wrong/missed?
(Edit: I also have permissive firewall settings:
vengeance:~# ip6tables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
so that shouldn't be the problem, right?)
Seems like the firewall isn't an issue because it resides on your router, and one of your other computers can access the outside world.
Can ocypete access the outside world via V6?
I had wanted to avoid setting ocypete up with IPv6 access until I had everything working, including a slightly more useful firewall :), but as nothing seems to be working anyway I figure it's worth a try. But no luck there either, same results as on squeezebox: can ping internally, including the local tunnel endpoint (so routing must be working), but nothing external.
Silly Q but what distro is ocypete using? There were some with 2.6.18 kernels (RHEL and it's clones) that couldn't properly use ::/0 for the default route, and needed 2000::/3. Also, any ip6tables rules on either machine?
All are on Debian Lenny, except squeezebase which is (of course) on Squeeze. Vengeance has a custom kernel build, the others are standard. No machines have any ip6tables rules.
vengeance:~# uname -a
Linux vengeance 2.6.26-2-686 #1 SMP Wed Feb 10 08:59:21 UTC 2010 i686 GNU/Linux
ocypete:~# uname -a
Linux ocypete 2.6.26-1-amd64 #1 SMP Sat Jan 10 17:57:00 UTC 2009 x86_64 GNU/Linux
squeezebase:~# uname -a
Linux squeezebase 2.6.32-5-amd64 #1 SMP Thu Aug 12 13:01:50 UTC 2010 x86_64 GNU/Linux
OK, experiment two: I decided that enabling IPv6 forwarding on just the interfaces I expected to be using might not be enough, so did:
vengeance:~# echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
This seems to have had some effect (not sure why, though). I can now use a web-based ping6 interface I found to ping my internal hosts:
http://www.berkom.blazing.de/tools/ping.cgi?STR=2001%3A470%3A1f09%3Ae9d%3A%3A2
PING 2001:470:1f09:e9d::2: 56 data bytes
64 bytes from 2001:470:1f09:e9d::2: icmp_seq=0. time=87.5 ms
64 bytes from 2001:470:1f09:e9d::2: icmp_seq=1. time=87.0 ms
64 bytes from 2001:470:1f09:e9d::2: icmp_seq=2. time=88.1 ms
64 bytes from 2001:470:1f09:e9d::2: icmp_seq=3. time=88.0 ms
64 bytes from 2001:470:1f09:e9d::2: icmp_seq=4. time=87.9 ms
----2001:470:1f09:e9d::2 PING Statistics----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max/stddev = 87.0/87.7/88.1/0.44
*But* using ping6 from those hosts to attempt to ping external addresses fails with a new error message:
ocypete:~# ping6 ipv6.google.com
PING ipv6.google.com(2a00:1450:8002::67) 56 data bytes
From fe80::219:dbff:fe45:fd59 icmp_seq=1 Destination unreachable: Beyond scope of source address
^C
--- ipv6.google.com ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
fe80::219:dbff:fe45:fd59 is vengeance's link local address.
I'm guessing that for some reason ocypete is attaching its link-local address to the outgoing packets rather than its global one.
ifconfig shows:
eth0 Link encap:Ethernet HWaddr 00:1f:e2:38:c6:ab
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::21f:e2ff:fe38:c6ab/64 Scope:Link
inet6 addr: 2001:470:1f09:e9d::2/64 Scope:Global
So how do I persuade it to use the global address?
ocypete:~# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:470:1f09:e9d::/64 :: U 256 0 1 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 2001:470:1f09:e9d::1 UG 1 0 43 eth0
::/0 :: !n -1 1 72 lo
::1/128 :: Un 0 3 19 lo
fe80::21f:e2ff:fe38:c6ab/128 :: Un 0 1 67 lo
ff00::/8 :: U 256 0 0 eth0
::/0 :: !n -1 1 72 lo
The gateway appears to be set appropriately (I'd guess it should use the link local address iff I had configured a link local gateway, right?), so I'm not sure what else to do.
OK. Got it working :)
Removing the address from the interface and readding it worked. Now, on to making this work permanently. :)