• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Linux based router (Mini-PC)

Started by Walter H., September 14, 2016, 05:14:46 AM

Previous topic - Next topic

Walter H.

Quote from: cholzhauer on September 15, 2016, 10:43:06 AM
Unless your router has an address on its interfaces for those subnets,
why talking about interfaceS, when there is only ONE on LAN side ...

Quote
you need to add a route
this can't be the solution, because Linux can be IPv6 pinged, only Windows can't ...

Quote
this is the same behavior if you were trying to ping 10.0.0.1 from 192.168.1.1
no because these are two different things

cholzhauer

This is what you listed

a Win7 VM with  IPv6address 2001:470:747b:1::314/64
a Linux VM this IPv6address 2001:470:747b::10/64

These are two different subnets.

If you route has an IP address in the 2001:470:747b:1 subnet, it knows nothing of the other subnet unless you add a route.

Walter H.

I solved it; first problem was Windows Firewall, that blocked ICMPv6 from other subnets ..., don't ask me why ...

seconds problem is the very suspicious IPv6 design: in IPv4 you can have a big net like this: 10.0.0.0/8
e.g. the gateway is 10.0.0.1 and two hosts have e.g. 10.27.0.254 and 10.44.1.1, they are in same IP-segment
and you have no problem to only deploy IP addresses by DHCP in only this part 10.0.1.0/28

in IPv6 you can't use  e.g. 2001:db8:314::/48 as one whole net, you MUST split this, and so I configured my router box
with several IPv6 addresses from this big /48 prefix, e.g.
2001:db8:314::1/64 ; 2001:db8:314::1/48 doesn't work even if its logically correct;
2001:db8:314:17::1/64
2001:db8:314:31::1/64
2001:db8:314:47::1/64
2001:db8:314:101::1/64
2001:db8:314:223::1/64
2001:db8:314:fff::1/64

next strange fact of the IPv6 design: you have to use /64 for SLAAC; e.g. the following in /etc/radvd.conf

interface eth0
{
   ...
   prefix 2001:db8:314:fff:7::/80
   {
   };
};

doesn't work; it must be 2001:db8:314:fff::/64 instead of 2001:db8:314:fff:7::/80

the following is more than suspicious:
as mentioned above my box has several global scope IPv6 addresses on only LAN interface but only one link local IPv6 address e.g. fe80::26de:adff:febe:ef24, and any host regardless from which /64-prefix part of the /48-prefix can have this only link local IPv6 address as gateway address;

this results in the following:

think of a host with this IPv6 address:
2001:db8:314:17::10/64  (1)
and another host with this IPv6 address
2001:db8:314:47::10/64  (2)

and both have e.g. fe80::26de:adff:febe:ef24 as gateway address;

as long everything works and no host was taken from the net,
you might get on host (1)

64 bytes from 2001:db8:314:47::10: icmp_seq=1 ttl=127 time=0.728 ms

or this on host (2)

64 bytes from 2001:db8:314:17::10: icmp_seq=1 ttl=127 time=0.728 ms


but when you take the host (1) from the net und you do ping6 on host (2)
you might get this:

From 2001:db8:314:47::1 icmp_seq=1 Destination unreachable: Address unreachable

look at this IPv6 address here, this is neither the one from host (1) nor the one you
have configured as gateway(!)

this is more than strange;

Greetings,
Walter H.

cholzhauer

This is what I was telling you above...you should not use /48 unless you're setting up routes.

Glad it's working now