From dc0980c8f0a9bf1cd8b8e5a92aabe1ebfce40deb Mon Sep 17 00:00:00 2001 From: Nico Schottelius Date: Fri, 29 Jan 2021 21:32:23 +0100 Subject: [PATCH] ++ipv6 routing problem --- nicos-ipv6-vpn-routing-issue.dot | 33 ++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 nicos-ipv6-vpn-routing-issue.dot diff --git a/nicos-ipv6-vpn-routing-issue.dot b/nicos-ipv6-vpn-routing-issue.dot new file mode 100644 index 0000000..ff51e08 --- /dev/null +++ b/nicos-ipv6-vpn-routing-issue.dot @@ -0,0 +1,33 @@ +digraph G { + node [ shape=box ] + label="Why IPv6 upstream on test devices does not work + ICMP works as it's on 1 reply\n + SSH does not work\n + Testdev only receives first syn, not 2nd ack packet\n + Notebook receives duplicated syn-ack packets from testdev\n + Likely problem: router does not see return packet and drops the + packet, no session entry? + It's an outgoing packet, so this should not be a problem\n + Router seems only to send first syn packet from the client\n + VERIFIED by disabling ip6tables / flushing rules" + + notebook [ label="Notebook: 2a0a:e5c0:13::a/64" ] + router [ label="Router: 2a0a:e5c0:13::42/64" ] + testdev [ label="Testdev: 2a0a:e5c0:13::zz/64" ] + + vpnserver [ label="VPN server" ] + + vpnserver->testdev [ label="Route for 2a0a:e5c1:VPN::/48" ] + + notebook->router [ label="1. Connect to 2a0a:e5c1:VPN::42\nWith MAC + of router" ] + router->vpnserver [ label="2. Forwarding packing for Testdev to + router" ] + vpnserver->testdev [ label="3. Forwarding packing for Testdev via + VPN" ] + testdev->notebook [ label="4. Reply directly to notebook\n + testdev has same local network as notebook + Using a different mac address than the router has" ] + + +}