我已经build立了一个从家到远程主机的未编号的L2tp隧道。 在尝试ping ipv6.google.com时,我收到了一个超出范围的错误,我知道在一段时间之前,链接本地地址不应该以这种方式使用,但现在使用无编号的接口,这应该是可能的。
两台机器都运行着最新的debian jessie,但是使用了更新的内核4.6.0-0.bpo.1-amd64
隧道:
~> sudo ip l2tp show tunnel Tunnel 386, encap IP From 192.168.88.254 to remote_host Peer tunnel 381
地址和路由:
首页〜> ip -6 addr
5: l2tpeth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 1000 inet6 fe80::8427:7dff:fea4:939b/64 scope link valid_lft forever preferred_lft forever ~> ip -6 route local ::1 dev lo proto kernel metric 256 fe80::/64 dev vnet0 proto kernel metric 256 fe80::/64 dev l2tpeth0 proto kernel metric 1024 default via fe80::f94e:693a:aa66:e79b dev l2tpeth0 metric 1024
remote_host〜> ip -6 addr
5: l2tpeth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 state UNKNOWN qlen 1000 inet6 fe80::f94e:693a:aa66:e79b/128 scope link valid_lft forever preferred_lft forever inet6 fe80::f434:73ff:fef3:5236/64 scope link valid_lft forever preferred_lft forever ~> ip -6 route local ::1 dev lo proto kernel metric 256 2400:8900::/64 dev eth0 proto kernel metric 256 expires 2591997sec mtu 1300 fe80::f94e:693a:aa66:e79b dev l2tpeth0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 mtu 1300 fe80::/64 dev tun0 proto kernel metric 256 fe80::/64 dev l2tpeth0 proto kernel metric 256 mtu 1460 default via fe80::1 dev eth0 proto ra metric 1024 expires 87sec mtu 1500 hoplimit 64
平:
~> ping6 fe80::f94e:693a:aa66:e79b%l2tpeth0 PING fe80::f94e:693a:aa66:e79b%l2tpeth0(fe80::f94e:693a:aa66:e79b) 56 data bytes 64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=1 ttl=64 time=61.9 ms 64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=2 ttl=64 time=58.4 ms 64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=3 ttl=64 time=57.4 ms 64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=4 ttl=64 time=56.5 ms 64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=5 ttl=64 time=66.1 ms ^C --- fe80::f94e:693a:aa66:e79b%l2tpeth0 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4006ms rtt min/avg/max/mdev = 56.509/60.113/66.190/3.562 ms
从家里ping谷歌:
ping6 ipv6.google.com PING ipv6.google.com(hkg12s01-in-x0e.1e100.net) 56 data bytes From hkg12s01-in-x0e.1e100.net icmp_seq=1 Destination unreachable: Beyond scope of source address From hkg12s01-in-x0e.1e100.net icmp_seq=2 Destination unreachable: Beyond scope of source address ^C --- ipv6.google.com ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1001ms
tcpdump在远程:
~> sudo tcpdump -ni l2tpeth0 icmp6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on l2tpeth0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:34:19.944576 IP6 fe80::8427:7dff:fea4:939b > 2404:6800:4005:801::200e: ICMP6, echo request, seq 1, length 64 09:34:19.944749 IP6 fe80::f94e:693a:aa66:e79b > fe80::8427:7dff:fea4:939b: ICMP6, destination unreachable, beyond scope 2404:6800:4005:801::200e, source address fe80::8427:7dff:fea4:939b, length 112 09:34:20.946277 IP6 fe80::8427:7dff:fea4:939b > 2404:6800:4005:801::200e: ICMP6, echo request, seq 2, length 64 09:34:20.946397 IP6 fe80::f94e:693a:aa66:e79b > fe80::8427:7dff:fea4:939b: ICMP6, destination unreachable, beyond scope 2404:6800:4005:801::200e, source address fe80::8427:7dff:fea4:939b, length 112 ^C 4 packets captured 4 packets received by filter 0 packets dropped by kernel
远程主机上的sysctl(ipv6转发已启用):
net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.eth0.forwarding = 1 net.ipv6.conf.l2tpeth0.forwarding = 1
Beyond scope of source address意味着您没有足够大的IPv6地址到达目的地。
特别是,你只有一个链接本地地址,所以你只能到达第二层链接上的IPv6地址。 在这种情况下,这意味着你只能到达隧道的另一端。
为了到达互联网,您需要全球范围的IPv6地址,并且您需要将它们路由到您(并从中)。 您从互联网服务提供商,大学,数据中心等获得这些地址。