为了玩和学习的目的,我build立了一个OpenVPN服务器。 我目前连接到一个没有IPv6的networking。 因此,我想通过VPN路由所有IPv6stream量。 用IPv4和iptables-masquerading这已经很好了。
现在到IPv6:我在networking内部build立了IPv6。 我能够在客户端和服务器之间build立连接和ping(ping6)。
服务器内核的转发被激活。 服务器具有到外部的IPv6连接。
我试过这个设置:
push "route-ipv6 2000::/3" 和
push "route-ipv6 <my IPv6>"
如果我想在“外部”上ping一些地址:
ping6 ipv6.google.com connect: Network is unreachable
即使如果我用“-I tun2”设置正确的接口。 (只是为了确保它不尝试使用其他的接口)
现在我的configuration和设置:
客户的IP:
inet6 addr: fdee:dead:b0b::1000/64
服务器的IP:
inet6 addr: fdee:dead:b0b::1/64
服务器configuration:
port 443 proto udp proto udp6 dev tun tun-ipv6 ca ca.crt cert server.crt key server.key dh dh4096.pem auth SHA512 server 10.0.0.0 255.255.255.0 server-ipv6 fdee:dead:b0b::/64 push "redirect-gateway def1 bypass-dhcp" push "dhcp-option DNS 10.0.0.1" client-to-client keepalive 10 60 tls-auth ta.key 0 cipher AES-256-CBC comp-lzo max-clients 3 user nobody group nogroup persist-key persist-tun log-append openvpn.log verb 4 nice -19
那就是我关于转发的内核设置:
net.ipv4.conf.all.forwarding = 1 net.ipv4.conf.all.mc_forwarding = 0 net.ipv4.conf.default.forwarding = 1 net.ipv4.conf.default.mc_forwarding = 0 net.ipv4.conf.lo.forwarding = 1 net.ipv4.conf.lo.mc_forwarding = 0 net.ipv4.conf.venet0.forwarding = 1 net.ipv4.conf.venet0.mc_forwarding = 0 net.ipv4.conf.tun0.forwarding = 1 net.ipv4.conf.tun0.mc_forwarding = 0 net.ipv4.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv6.conf.all.mc_forwarding = 0 net.ipv6.conf.default.forwarding = 1 net.ipv6.conf.default.mc_forwarding = 0 net.ipv6.conf.lo.forwarding = 1 net.ipv6.conf.lo.mc_forwarding = 0 net.ipv6.conf.venet0.forwarding = 1 net.ipv6.conf.venet0.mc_forwarding = 0 net.ipv6.conf.tun0.forwarding = 1 net.ipv6.conf.tun0.mc_forwarding = 0
如果有人能带领我走向正确的方向,我将不胜感激。