Всем привет! Решил я приобщиться к миру ipv6, но у меня возникла проблема, которую решить не получается.
У меня есть выделенный физический сервер на ubuntu 19.04. Он выходит в сеть через wifi. Решил я настроить себе в локальной сети доступ к IPv6 через туннель от брокера. На сервере туннель заработал сразу, доступ в интернет по IPv6 есть и в настоящее время. Также я хотел, чтобы адреса были во всей локальной сети и решил настроить radvd. Тут у меня и кроется проблема - radvd адреса раздаёт, но интернета на клиентах нет, хотя глобальные адреса на них в наличии. В локальной сети клиенты и серверы пингуются между собой по ipv6 без проблем, но в глобальную паутину не выходят. Хочу отметить, что DNS через ipv6 на клиентах работает (проверял через dig).
tun0 - туннель 6to4
wlp3s0 - сетевой адаптер wifi через который сервер ходит в локальную и глобальную сеть.
2a03:e2c0:1074:5555::/64 - подсеть, которую нужно раздать, также брокер даёт и /48
Выводы комманд, чтобы было проще отследить проблему:
interface wlp3s0{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2a03:e2c0:1074:5555::/64
{
AdvOnLink on;
AdvAutonomous on;
};
route ::/0{
};
RDNSS 2606:4700:4700::1111 2606:4700:4700::1001
{
AdvRDNSSLifetime 100;
};
};
network:
version: 2
renderer: networkd
wifis:
wlp3s0:
addresses:
- 192.168.100.3/27
gateway4: 192.168.100.1
nameservers:
addresses:
- 192.168.100.1
access-points:
НАЗВАНИЕWIFI:
password: мойпароль
tunnels:
tun0:
mode: sit
local: 192.168.100.3
remote: 193.0.203.203
addresses:
- '2a03:e2c0:1074::2/64'
gateway6: '2a03:e2c0:1074::1'
routes:
- to: '::/0'
scope: link
nameservers:
addresses:
- '2606:4700:4700::1111'
- '2606:4700:4700::1001'
br-0e8a782c76d5: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.102.1 netmask 255.255.255.224 broadcast 192.168.102.31
inet6 fe80::42:42ff:fecb:4111 prefixlen 64 scopeid 0x20<link>
ether 02:42:42:cb:41:11 txqueuelen 0 (Ethernet)
RX packets 7 bytes 6634 (6.6 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 16 bytes 2046 (2.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
docker0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.101.1 netmask 255.255.255.224 broadcast 192.168.101.31
inet6 fe80::42:65ff:fea7:488e prefixlen 64 scopeid 0x20<link>
ether 02:42:65:a7:48:8e txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9 bytes 1054 (1.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Локальная петля (Loopback))
RX packets 121 bytes 16304 (16.3 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 121 bytes 16304 (16.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
tun0: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
inet6 fe80::c0a8:6403 prefixlen 64 scopeid 0x20<link>
inet6 2a03:e2c0:1074::2 prefixlen 64 scopeid 0x0<global>
sit txqueuelen 1000 (IPv6-in-IPv4)
RX packets 944 bytes 552071 (552.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 707 bytes 89091 (89.0 KB)
TX errors 1 dropped 0 overruns 0 carrier 1 collisions 0
veth172f578: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a8da:a8ff:fece:81a3 prefixlen 64 scopeid 0x20<link>
ether aa:da:a8:ce:81:a3 txqueuelen 0 (Ethernet)
RX packets 40 bytes 11143 (11.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47 bytes 19460 (19.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethe288f21: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::a4e3:47ff:fe16:2f91 prefixlen 64 scopeid 0x20<link>
ether a6:e3:47:16:2f:91 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1226 (1.2 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethfdf685c: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::849:6ff:fe77:c879 prefixlen 64 scopeid 0x20<link>
ether 0a:49:06:77:c8:79 txqueuelen 0 (Ethernet)
RX packets 28 bytes 17068 (17.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 47 bytes 5971 (5.9 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethfe13024: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::5082:13ff:fe1b:51d9 prefixlen 64 scopeid 0x20<link>
ether 52:82:13:1b:51:d9 txqueuelen 0 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 13 bytes 1486 (1.4 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.100.3 netmask 255.255.255.224 broadcast 192.168.100.31
inet6 2a03:e2c0:1074:5555:4ad2:24ff:fee3:a844 prefixlen 64 scopeid 0x0<global>
inet6 fe80::4ad2:24ff:fee3:a844 prefixlen 64 scopeid 0x20<link>
ether 48:d2:24:e3:a8:44 txqueuelen 1000 (Ethernet)
RX packets 3467 bytes 913125 (913.1 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3332 bytes 989304 (989.3 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Таблица маршрутизация ядра IPv6
Destination Next Hop Flag Met Ref Use If
localhost/128 [::] U 256 2 0 lo
2a03:e2c0:1074::/64 [::] Un 256 3 0 tun0
2a03:e2c0:1074:5555::/64 [::] Ue 1024 4 0 wlp3s0
fe80::/64 [::] Un 256 1 0 tun0
fe80::/64 [::] U 256 1 0 wlp3s0
fe80::/64 [::] U 256 1 0 br-0e8a782c76d5
fe80::/64 [::] U 256 1 0 docker0
fe80::/64 [::] U 256 1 0 vethfe13024
fe80::/64 [::] U 256 1 0 veth172f578
fe80::/64 [::] U 256 1 0 vethfdf685c
fe80::/64 [::] U 256 1 0 vethe288f21
[::]/0 [::] U 1024 5 0 tun0
[::]/0 _gateway UGe 1024 2 0 wlp3s0
localhost/128 [::] Un 0 7 0 lo
2a03:e2c0:1074::/128 [::] Un 0 3 0 tun0
GMC-02/128 [::] Un 0 5 0 tun0
2a03:e2c0:1074:5555::/128 [::] Un 0 3 0 wlp3s0
GMC-02/128 [::] Un 0 3 0 wlp3s0
fe80::/128 [::] Un 0 3 0 tun0
fe80::/128 [::] Un 0 3 0 wlp3s0
fe80::/128 [::] Un 0 3 0 br-0e8a782c76d5
fe80::/128 [::] Un 0 3 0 docker0
fe80::/128 [::] Un 0 3 0 vethfdf685c
fe80::/128 [::] Un 0 3 0 vethfe13024
fe80::/128 [::] Un 0 3 0 veth172f578
fe80::/128 [::] Un 0 3 0 vethe288f21
GMC-02/128 [::] Un 0 8 0 tun0
GMC-02/128 [::] Un 0 3 0 br-0e8a782c76d5
GMC-02/128 [::] Un 0 2 0 docker0
GMC-02/128 [::] Un 0 2 0 vethfdf685c
GMC-02/128 [::] Un 0 6 0 wlp3s0
GMC-02/128 [::] Un 0 2 0 vethfe13024
GMC-02/128 [::] Un 0 2 0 vethe288f21
GMC-02/128 [::] Un 0 3 0 veth172f578
ff00::/8 [::] U 256 5 0 tun0
ff00::/8 [::] U 256 5 0 wlp3s0
ff00::/8 [::] U 256 1 0 br-0e8a782c76d5
ff00::/8 [::] U 256 1 0 docker0
ff00::/8 [::] U 256 1 0 vethfe13024
ff00::/8 [::] U 256 1 0 veth172f578
ff00::/8 [::] U 256 1 0 vethfdf685c
ff00::/8 [::] U 256 1 0 vethe288f21
[::]/0 [::] !n -1 1 0 lo
Chain INPUT (policy DROP)
target prot opt source destination
ufw6-before-logging-input all anywhere anywhere
ufw6-before-input all anywhere anywhere
ufw6-after-input all anywhere anywhere
ufw6-after-logging-input all anywhere anywhere
ufw6-reject-input all anywhere anywhere
ufw6-track-input all anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ufw6-before-logging-forward all anywhere anywhere
ufw6-before-forward all anywhere anywhere
ufw6-after-forward all anywhere anywhere
ufw6-after-logging-forward all anywhere anywhere
ufw6-reject-forward all anywhere anywhere
ufw6-track-forward all anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw6-before-logging-output all anywhere anywhere
ufw6-before-output all anywhere anywhere
ufw6-after-output all anywhere anywhere
ufw6-after-logging-output all anywhere anywhere
ufw6-reject-output all anywhere anywhere
ufw6-track-output all anywhere anywhere
Chain ufw6-after-forward (1 references)
target prot opt source destination
Chain ufw6-after-input (1 references)
target prot opt source destination
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:netbios-ns
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:netbios-dgm
ufw6-skip-to-policy-input tcp anywhere anywhere tcp dpt:netbios-ssn
ufw6-skip-to-policy-input tcp anywhere anywhere tcp dpt:microsoft-ds
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:dhcpv6-client
ufw6-skip-to-policy-input udp anywhere anywhere udp dpt:dhcpv6-server
Chain ufw6-after-logging-forward (1 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-logging-input (1 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-after-logging-output (1 references)
target prot opt source destination
Chain ufw6-after-output (1 references)
target prot opt source destination
Chain ufw6-before-forward (1 references)
target prot opt source destination
DROP all anywhere anywhere rt type:0
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply
ufw6-user-forward all anywhere anywhere
Chain ufw6-before-input (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
DROP all anywhere anywhere rt type:0
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply
ufw6-logging-deny all anywhere anywhere ctstate INVALID
DROP all anywhere anywhere ctstate INVALID
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 141 HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 142 HL match HL == 255
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 130
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 131
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 132
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 143
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 148 HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 149 HL match HL == 255
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 151 HL match HL == 1
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 152 HL match HL == 1
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 153 HL match HL == 1
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 144
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 145
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 146
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 147
ACCEPT udp fe80::/10 fe80::/10 udp spt:dhcpv6-server dpt:dhcpv6-client
ACCEPT udp anywhere ff02::fb udp dpt:mdns
ACCEPT udp anywhere ff02::f udp dpt:1900
ufw6-user-input all anywhere anywhere
Chain ufw6-before-logging-forward (1 references)
target prot opt source destination
Chain ufw6-before-logging-input (1 references)
target prot opt source destination
Chain ufw6-before-logging-output (1 references)
target prot opt source destination
Chain ufw6-before-output (1 references)
target prot opt source destination
ACCEPT all anywhere anywhere
DROP all anywhere anywhere rt type:0
ACCEPT all anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp destination-unreachable
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp packet-too-big
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp time-exceeded
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp parameter-problem
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-request
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp echo-reply
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-advertisement HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp neighbour-solicitation HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmp router-advertisement HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 141 HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 142 HL match HL == 255
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 130
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 131
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 132
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 143
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 148 HL match HL == 255
ACCEPT ipv6-icmp anywhere anywhere ipv6-icmptype 149 HL match HL == 255
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 151 HL match HL == 1
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 152 HL match HL == 1
ACCEPT ipv6-icmp fe80::/10 anywhere ipv6-icmptype 153 HL match HL == 1
ufw6-user-output all anywhere anywhere
Chain ufw6-logging-allow (0 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw6-logging-deny (1 references)
target prot opt source destination
RETURN all anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw6-reject-forward (1 references)
target prot opt source destination
Chain ufw6-reject-input (1 references)
target prot opt source destination
Chain ufw6-reject-output (1 references)
target prot opt source destination
Chain ufw6-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-skip-to-policy-input (6 references)
target prot opt source destination
DROP all anywhere anywhere
Chain ufw6-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain ufw6-track-forward (1 references)
target prot opt source destination
Chain ufw6-track-input (1 references)
target prot opt source destination
Chain ufw6-track-output (1 references)
target prot opt source destination
ACCEPT tcp anywhere anywhere ctstate NEW
ACCEPT udp anywhere anywhere ctstate NEW
Chain ufw6-user-forward (1 references)
target prot opt source destination
Chain ufw6-user-input (1 references)
target prot opt source destination
ACCEPT tcp anywhere anywhere tcp dpt:35065
ACCEPT tcp anywhere anywhere tcp dpt:https
ACCEPT udp anywhere anywhere udp dpt:443
Chain ufw6-user-limit (0 references)
target prot opt source destination
LOG all anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all anywhere anywhere reject-with icmp6-port-unreachable
Chain ufw6-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all anywhere anywhere
Chain ufw6-user-logging-forward (0 references)
target prot opt source destination
Chain ufw6-user-logging-input (0 references)
target prot opt source destination
Chain ufw6-user-logging-output (0 references)
target prot opt source destination
Chain ufw6-user-output (1 references)
target prot opt source destination
Адаптер беспроводной локальной сети Беспроводная сеть:
DNS-суффикс подключения . . . . . :
IPv6-адрес. . . . . . . . . . . . : 2a03:e2c0:1074:5555:5839:c122:1943:92f2
Временный IPv6-адрес. . . . . . . : 2a03:e2c0:1074:5555:81be:2f7e:fab9:371b
Локальный IPv6-адрес канала . . . : fe80::5839:c122:1943:92f2%16
IPv4-адрес. . . . . . . . . . . . : 192.168.100.2
Маска подсети . . . . . . . . . . : 255.255.255.224
Основной шлюз. . . . . . . . . : fe80::1%16
fe80::4ad2:24ff:fee3:a844%16
192.168.100.1
C:\Новая папка>dig -t aaaa google.com
; <<>> DiG 9.15.7 <<>> -t aaaa google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48433
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 230 IN AAAA 2a00:1450:4010:c08::66
;; Query time: 6 msec
;; SERVER: 192.168.100.1#53(192.168.100.1)
;; WHEN: Tue Dec 24 19:56:24 RTZ 2 (чшьр) 2019
;; MSG SIZE rcvd: 56
C:\Новая папка>ping -6 google.com
Обмен пакетами с google.com [2a00:1450:4010:c08::66] с 32 байтами данных:
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Превышен интервал ожидания для запроса.
Статистика Ping для 2a00:1450:4010:c08::66:
Пакетов: отправлено = 4, получено = 0, потеряно = 4
(100% потерь)
Что я пробовал делать сам:
- Отключение сетевого фильтра UFW
- Сброс таблицы маршрутов IPv6
- Сброс правил iptables для IPv6
- Отключение антивируса и сетевого экрана на клиенте windows
- Подключение с других устройств, в том числе на платформе Android
Всё вышесказанное мне не помогло - глобальные адреса есть, dns IPv6 резолвится, а пингов и интернета на клиентах так и нет(
Если вам потребуется дополнительная информация, или если я что-то забыл - пишите, предоставлю любую нужную инфу. Заранее спасибо =)
p.s.
Проведя кучу времени за решением этой проблемы, я смог локализовать проблемный участок. Проблема в следующем - ipv6 тарфик просто не попадает на интерфейс wlp3s0, который как раз и смотрит в сторону локальной сети. Если пропинговать любой ресурс ipv6 с сервера, используя этот интерфейс - проблема проявляется (ping6 -I wlp3s0 google.com например). Как мне создать маршрут с tun0 на wlp3s0, чтобы трафик пошёл? Я сам не смог разобраться в этом, прошу вашей помощи, бьюсь уже несколько дней...
Тема: проблема с интернетом через RADVD (Прочитано 910 раз)
