• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Create a 6in4 server, but the client can not access the Internet properly

Started by shirakun, February 11, 2019, 10:02:15 PM

Previous topic - Next topic

shirakun

Hi
I broadcast my own IPv6 block on vultr(I use bird6 to broadcast IP)
I'm going to create my own 6in4 server
I used this script to create the tunnel https://github.com/KazamiLabs/6in4

But the problem arises.

On the client side, I can ping the IPv6 of any network card on the server side.
But the client can't Ping any non-server-bound IPv6.
On the server side, I can ping the client's IPv6 and any internet's ipv6.




I think there's a problem with route on the server side, but I don't know how to modify it.

This is the routing table on the server side.


root@vultr:~#  route -A inet6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:19f0:7001:338::/64        ::                         UAe  256 0     0 ens3
2a0c:b641:245:1::/64           ::                         Un   256 1    26 tun_6in4_1
2a0c:b641:245:8001::/64        ::                         U    1024 0     0 tun_6in4_1
fe80::/64                      ::                         U    256 0     0 ens3
fe80::/64                      ::                         Un   256 0     0 tun_6in4_1
::/0                           fe80::fc00:1ff:fecf:596c   UGDAe 1024 1  4310 ens3
::/0                           ::                         !n   -1  1  4586 lo
::1/128                        ::                         Un   0   2  1150 lo
2001:19f0:7001:338:5400:1ff:fecf:596c/128 ::                         Un   0   2   462 lo
2a0c:b641:245:1::1/128         ::                         Un   0   2    26 lo
fe80::2d4d:8492/128            ::                         Un   0   1     0 lo
fe80::5400:1ff:fecf:596c/128   ::                         Un   0   2   386 lo
ff00::/8                       ::                         U    256 1    35 ens3
ff00::/8                       ::                         U    256 0     0 tun_6in4_1
::/0                           ::                         !n   -1  1  4586 lo



root@vultr:~# ip -6 route
2001:19f0:7001:338::/64 dev ens3  proto kernel  metric 256  expires 2591630sec pref medium
2a0c:b641:245:1::/64 dev tun_6in4_1  proto kernel  metric 256  pref medium
2a0c:b641:245:8001::/64 dev tun_6in4_1  metric 1024  pref medium
fe80::/64 dev ens3  proto kernel  metric 256  pref medium
fe80::/64 dev tun_6in4_1  proto kernel  metric 256  pref medium
default via fe80::fc00:1ff:fecf:596c dev ens3  proto ra  metric 1024  expires 1430sec hoplimit 64 pref medium








Can someone give me some advice?

divad27182

sounds like a problem with the routing table on the CLIENT side.  It needs to know to route internet IPv6 traffic to your server.

divad27182

OK.  It could also be on the server end.

To determine which, run a packet sniffer on the server side, watching for traffic involving the clients IPv6 address.  Then ping an internet host from the client.  Doing this on both interfaces on the server allows you to determine just how far the packets get. 

If you can't get anything on the interface to the client, the problem is routing on the client.  If you get the packets in one direction on one interface and not the other, the problem is server routing (or firewalling).  If you get packets in both directions on both interfaces, the problem is probably on the client (and might be firewall).  If you get packets only in the outbound direction, the problem is further upstream, and if that's your exterior border, might be an announcement issue.