-
-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ipv6 non-mptcp-able traffic goes out directly via interfaces #3427
Comments
Same here. I have no IPv6 on WAN interfaces (just one address /64 on VPS). TCP/UDP ok and getting 10/10 on test-ipv6.com but ICMPv6 (ping, traceroute) doesn't go out, 6in4 tunnel dead, apparently no route for this kind of traffic (?). See also #3425 GT/Shadowsocks-libev on x86_64 (no AES-NI), OMR v0.61-snapshot-5.4 r0+16862-170d9e447d (same with the stable build, both upgrade and fresh install). Firewall rules untouched, OMR and VPS. from OMR root@link:~# ping -6 google.com from LAN $ ping -6 google.com traceroute -6 $ traceroute -6 google.com 6in4 no traffic |
I would need the result of |
A new image is compiling that should fix the issue. |
Thanks a lot @Ysurac for your help! |
With this patch the tunnel doesn't work. Even thou I see tun0 in ifconfig, I can't ping the other end of the tunnel:
I see this in logread |tail -n 35
|
I forgot to remove some debug log... |
OpenVPN TCP desn't work either. I think it is a problem with the patch as without this patch tunnel does work both with Glorytun TCP and with OpenVPN TCP
|
After installing the latest snapshot (June 27), the whole IPv6 traffic is now routed through the 6in4 tunnel, bringing it back to life. Apparently no proxy for TCP and UDP v6. (r0+16862-170d9e447d)PACKAGE: openmptcprouter BUILD REPO: https://github.com/ysurac/openmptcprouter
|
default via fe80::a00:1 dev 6in4-omr6in4 metric 1 pref medium doesn't survive to router reboots... |
That's the problem I think why my tunnel doesn't work. my omr-vps has only ipv6 public address. With routing of all ipv6 traffic through the 6in4 tunnel there is no way to access my omr-vps public IP |
@rdmitry0911 A default route to the VPS IPv6 should be created so the 6in4 should not make any problem. I will test if it's working (I've more tested IPv4 behind IPv6 only connections for now, so without 6in4). @AndreaLeidi The route |
With the latest commit there is no default route to the VPS IPv6. here is my routing table with ip -6 ro sh
There is nothing related to 2a01:4f8:212:25cf:ff00::199 which is my vps public IP |
As far as I understand the routing logic when aggregation is enables should be like this: ipv4-tcp goes:
ipv4-noncp goes:
ipv6-tcp goes:
ipv6-noncp goes:
Otherwise all the traffic should go via master interface Can someone tell me how this logic is implemented through the scripts? I can find 6in4 scripts, but there are no 4in6 ones. |
It's not the logic. So the VPN, used for anything that is not TCP, is always in IPv4 and 6in4 over it, even when using VPS IPv6. |
@Ysurac you're right, I'm sorry. I found openmptcprouter.settings.disable_6in4='1' on my router. Set it = 0 makes your latest changes working as expected, reboot after reboot. It's strange, I only use LUCI to config and this key is not linked to any control.
Proxy - I'm with Shadowsocks-libev, my router CPU doesn't have AES-NI. I'm gonna run an untouched OMR image on virtualbox to compare each uci key with those of my router, in search of possible inconsistencies. |
What is the reason to have 6in4 over ipv4 vpn when ipv6 vpn is an option? |
@rdmitry0911 It's easier to manage only a 6in4 for now. |
Ok, I tried the latest commit with and without openmptcprouter.settings.disable_6in4='1' With glorytun and with openvpn Tunnel doesn't work at all. It even doesn't exist in ifconfig. However before it worked and only ipv6 non-mptcp-able traffic went out wrong way via master interface. What did I miss in config? |
The "openmptcprouter.settings.disable_6in4" disable 6in4 tunnel so if set to 1, it's normal that 6in4 tunnel is not set up. |
The problem is not with 6in4-omr6in4 tunnel, it exists, the problem is with the main tunnel for non-tcp traffic between omr and vps. This one doesn't exist. I have this in /etc/config/openmptcprouter
and here is ifconfig output:
logread |tail -n 30
ip -6 ro sh
|
This is the problem: |
This didn't happen with the old version.
yes, 2a01:4f8:212:25cf:ff00::199 is reachable via both interfaces
I have no idea. This is how dhcpv6 works. This happens all the time with the new firmware and with the old one. The router sitting on omr eth2 interface is also running openwrt ans is under mine control. It also has several ipv6 addresses on its wan interface like this:
|
It seems, that for any reason the route to vps in new firmware is via 6in4-omr6in4 This is the problem why the omr <-> vps tunnel doesn't start. My vps doesn't have ipv4 public address. tcpdump -n -i any host 2a01:4f8:212:25cf:ff00::199
|
Expected Behavior
if omr-vps has ipv6 only public address then
Current Behavior
openmptcprouter/status doesn't look good
Possible Solution
Steps to Reproduce the Problem
Context (Environment)
Specifications
The text was updated successfully, but these errors were encountered: