Hi Pascal, Am Sonntag, 6. Januar 2019, 19:41:51 CET schrieb Pascal Hambourg: > Le 06/01/2019 à 18:36, Rainer Dorsch a écrit : > > ISP router -> Stretch router (home) -> Endpoint (mohot) > > > > I can ssh from the mohot to home (ssh > > 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c) and I can ssh from the home to > > the internet (using IPv6), but I cannot ssh > > from the mohot (endpoint) to the internet: > (...) > > > For me it seems that home is dropping the request, if that is the case, is > > there a good way to find out why that happens? > > Did you run a packet capture on each involved interface ?
Since these are all vlans, I can run wireshark on each interface. That would be my next step... > > > Stretch Router: > > --------------- > > > > The stretch router has an upstream interface > > > > root@home:/etc# ip addr show dev eth0.1 > > 4: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > > state UP group default qlen 1000 > > > > link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff > > inet 192.168.0.30/24 brd 192.168.0.255 scope global eth0.1 > > > > valid_lft forever preferred_lft forever > > > > inet6 2a02:8070:898f:e400:d263:b4ff:fe00:325c/64 scope global > > mngtmpaddr > > > > dynamic > > > > valid_lft 6968sec preferred_lft 3368sec > > > > inet6 fe80::d263:b4ff:fe00:325c/64 scope link > > > > valid_lft forever preferred_lft forever > > > > and a downstream interface > > > > root@home:/etc# ip addr show dev eth0.7 > > 10: eth0.7@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > > state UP group default qlen 1000 > > > > link/ether d0:63:b4:00:32:5c brd ff:ff:ff:ff:ff:ff > > inet 192.168.7.1/24 brd 192.168.7.255 scope global eth0.7 > > > > valid_lft forever preferred_lft forever > > > > inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:325c/62 scope global > > Why /62 instead of the standard /64 ? I think that is the outcome of prefix delegation (I have /56 from the ISP). This is implemented by the script in https://wiki.debian.org/IPv6PrefixDelegation (at least I am not aware that I specify anywhere /62). > > > valid_lft forever preferred_lft forever > > > > inet6 fe80::d263:b4ff:fe00:325c/64 scope link > > > > valid_lft forever preferred_lft forever > > > > root@home:/etc# > > > > for prefix delegation, I followed the Debian wiki > > > > https://wiki.debian.org/IPv6PrefixDelegation > > > > And routing information: > > root@home:/etc# ip -6 r > > 2a02:8070:898f:e400::/64 dev eth0.1 proto kernel metric 256 expires > > 6974sec pref medium > > 2a02:8070:898f:e4f8::/62 dev eth0.7 proto kernel metric 256 pref medium > > (...) > > > IPv6 forwarding is enabled: > > > > root@home:/etc# cat /proc/sys/net/ipv6/conf/all/forwarding > > 1 > > root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.7/forwarding > > 1 > > root@home:/etc# > > What about eth0.1 ? Needed to forward incoming reply packets too. They should be forwarded: root@home:/etc# cat /proc/sys/net/ipv6/conf/eth0.1/forwarding 1 root@home:/etc# > > Endpoint: > > --------- > > rd@mohot:~$ ip addr show dev eth0 > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state > > UP group default qlen 1000 > > > > link/ether d0:63:b4:00:4d:d1 brd ff:ff:ff:ff:ff:ff > > inet 192.168.7.31/24 brd 192.168.7.255 scope global eth0 > > > > valid_lft forever preferred_lft forever > > > > inet6 2a02:8070:898f:e400:d263:b4ff:fe00:4dd1/64 scope global dynamic > > > > mngtmpaddr > > > > valid_lft 7030sec preferred_lft 3430sec > > > > inet6 2a02:8070:898f:e4f8:d263:b4ff:fe00:4dd1/64 scope global dynamic > > > > mngtmpaddr > > > > valid_lft 14215sec preferred_lft 14215sec > > > > inet6 fe80::d263:b4ff:fe00:4dd1/64 scope link > > > > valid_lft forever preferred_lft forever > > What about IPv6 routes ? root@mohot:~# ip -6 r 2a02:8070:898f:e400::/64 dev eth0 proto kernel metric 256 pref medium 2a02:8070:898f:e4f8::/64 dev eth0 proto kernel metric 256 pref medium 2a02:8070:898f:e4f8::/62 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium default via fe80::d263:b4ff:fe00:325c dev eth0 proto ra metric 1024 hoplimit 64 pref medium default via fe80::e228:6dff:fe43:5776 dev eth0 proto ra metric 1024 hoplimit 255 pref medium root@mohot:~# I thought I better start with an empty ipv6 config on mohot, but even with rd@mohot:~$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The primary network interface allow-hotplug eth0 iface eth0 inet dhcp # This is an autoconfigured IPv6 interface #iface eth0 inet6 auto iface eth0 inet6 manual rd@mohot:~$ I get the same output. Not sure why these routes and addresses are configured on mohot. Thanks Rainer -- Rainer Dorsch http://bokomoko.de/

