我正在尝试在我的VPS上安装6in4隧道服务器。 客户端和服务器之间可以ping通对方的IPv6地址,当我尝试从客户端ping外部服务器时,出现ICMP地址不可达错误。
但是我可以从服务器上ping IPv6网站,而且在服务器ping之后,我可以在30秒钟之内从客户端ping通,之后我又得到了ICMP地址不可达的错误。
tcpdump表明,当从服务器ping时,它将使用其公有IPv6地址发送一个邻居请求包,并正确地从网关获取邻居通告。 但是,当从客户端ping,服务器将使用其本地链接地址发送邻居请求数据包,并没有得到任何回报。 经过几次尝试后,服务器将放弃并返回客户端无法访问的ICMP地址。
我怎样才能解决这个问题? 我知道我可以添加一个永久的邻居条目到网关,但这是非常hacky,所以我想避免它,如果可能的话。
这是一些额外的信息:
服务器操作系统:Ubuntu 13.10服务器
uname -a : Linux 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
我的ISP给我只有一个/ 112块,所以我用npd6处理入站邻居请求数据包
ip6tables在INPUT和OUTPUT表中没有条目
tcpdump(从服务器ping时):
18:14:33.988952 IP6 [server's public IPv6 address] > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has [gateway's IPv6 address], length 32 18:14:33.989410 IP6 [gateway's IPv6 address] > [server's public IPv6 address]: ICMP6, neighbor advertisement, tgt is [gateway's IPv6 address], length 32 18:14:33.989428 IP6 [server's public IPv6 address] > google-public-dns-a.google.com: ICMP6, echo request, seq 1, length 64 18:14:34.038299 IP6 google-public-dns-a.google.com > [server's public IPv6 address]: ICMP6, echo reply, seq 1, length 64
tcpdump(从客户端ping时,请注意fe80 :: 5054:ff:fe3b:3836是服务器的链路本地地址):
18:12:35.284184 IP [client's IPv4 address] > server: IP6 [sit tunnel address (client)] > google-public-dns-a.google.com: ICMP6, echo request, seq 1, length 64 18:12:35.284263 IP6 fe80::5054:ff:fe3b:3836 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has [gateway's IPv6 address], length 32 18:12:36.282458 IP6 fe80::5054:ff:fe3b:3836 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has [gateway's IPv6 address], length 32 18:12:37.282470 IP6 fe80::5054:ff:fe3b:3836 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has [gateway's IPv6 address], length 32 18:12:38.282503 IP server > [client's IPv4 address]: IP6 [sit tunnel address (server)] > [sit tunnel address (client)]: ICMP6, destination unreachable, unreachable address google-public-dns-a.google.com, length 112
从客户端ping之后,服务器上ip neigh输出如下所示(删除了不相关的条目):
[gateway's IPv6 address] dev eth0 router FAILED
ip addr和ip -6 route (地址是匿名的):
.. snipped .. 2: eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff inet .. snipped .. scope global eth0 valid_lft forever preferred_lft forever inet6 2001:db8:aa:b::cccc:1/48 scope global valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe3b:3836/64 scope link valid_lft forever preferred_lft forever 9: sit: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1472 qdisc noqueue state UNKNOWN link/sit .. snipped .. peer 1.2.3.4 inet6 2001:db8:aa:b::cccc:8001/120 scope global valid_lft forever preferred_lft forever inet6 fe80::dafb:71de/128 scope link valid_lft forever preferred_lft forever ::1.2.3.4 dev sit metric 1024 2001:db8:aa:b::cccc:8000/120 dev sit proto kernel metric 256 2001:db8:aa::/48 dev eth0 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 default via 2001:db8:aa::1 dev eth0 metric 1024
这个设置从根本上被打破。 你将需要大量的静态路由,代理NDP等,使其工作。 这里没有漂亮的解决scheme
现在, 应该如何做: