Obtendo clientes da rede local para usar o túnel IPv6 do roteador da Debian

1

Eu tenho um servidor Debian Jessie que atua como roteador para a nossa rede doméstica. Eu consegui configurar um túnel IPv6 com sucesso usando o TunnelBroker e os comandos traceroute retornaram com sucesso.

Abaixo estão minhas tabelas de rotas e a saída de ip -6 addr

~$ ip -6 route
::/96 dev sit0  proto kernel  metric 256
2001:470:1f14:904::1 dev he-ipv6  metric 1024
2001:470:1f14:904::2 dev sit1  proto kernel  metric 256
2001:470:1f14:904::/64 dev he-ipv6  proto kernel  metric 256
fe80::/64 dev eth0  proto kernel  metric 256
fe80::/64 dev eth1  proto kernel  metric 256
fe80::/64 dev he-ipv6  proto kernel  metric 256
default via 2001:470:1f14:904::1 dev he-ipv6  metric 1024
~$ ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::5a6d:8fff:febf:1147/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 fe80::218:71ff:feea:f57b/64 scope link
       valid_lft forever preferred_lft forever
4: sit0: <NOARP,UP,LOWER_UP> mtu 1480
    inet6 ::192.168.10.1/96 scope global
       valid_lft forever preferred_lft forever
    inet6 ::188.142.102.214/96 scope global
       valid_lft forever preferred_lft forever
    inet6 ::127.0.0.1/96 scope host
       valid_lft forever preferred_lft forever
5: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
    inet6 2001:470:1f14:904::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::bc8e:66d6/64 scope link
       valid_lft forever preferred_lft forever
6: sit1: <POINTOPOINT,NOARP> mtu 1480
    inet6 2001:470:1f14:904::2/128 scope global
       valid_lft forever preferred_lft forever

Um simples comando traceroute retorna isso:

~$ traceroute ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:4013:c00::65), 30 hops max, 80 byte packets
 1  roelof-1.tunnel.tserv11.ams1.ipv6.he.net (2001:470:1f14:904::1)  7.770 ms  10.780 ms  7.698 ms
 2  v213.core1.ams1.he.net (2001:470:0:7d::1)  10.738 ms  20.527 ms  20.511 ms
 3  amsix-router.google.com (2001:7f8:1::a501:5169:1)  11.302 ms  11.284 ms  11.257 ms
 4  2001:4860::1:0:8 (2001:4860::1:0:8)  11.487 ms  20.417 ms  11.447 ms
 5  2001:4860::8:0:519f (2001:4860::8:0:519f)  11.194 ms 2001:4860::8:0:51a0 (2001:4860::8:0:51a0)  11.178 ms 2001:4860::8:0:519f (2001:4860::8:0:519f)  11.163 ms
 6  2001:4860::8:0:519e (2001:4860::8:0:519e)  14.235 ms 2001:4860::8:0:517a (2001:4860::8:0:517a)  12.216 ms 2001:4860::8:0:519e (2001:4860::8:0:519e)  12.179 ms
 7  2001:4860::2:0:66f (2001:4860::2:0:66f)  10.875 ms 2001:4860::2:0:66e (2001:4860::2:0:66e)  10.566 ms  13.118 ms
 8  * * *
 9  ee-in-x65.1e100.net (2a00:1450:4013:c00::65)  12.799 ms  13.025 ms  12.635 ms

Parece que eu configurei com êxito o radvd para distribuir endereços IPv6, conforme mostrado na resposta ipconfig do meu desktop do Windows 8.1 Pro:

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : example.com
   IPv6 Address. . . . . . . . . . . : 2001:470:1f14:904:a05b:6fd2:b36b:f9af
   Temporary IPv6 Address. . . . . . : 2001:470:1f14:904:d40d:78ad:a2db:30cc
   Link-local IPv6 Address . . . . . : fe80::a05b:6fd2:b36b:f9af%2
   IPv4 Address. . . . . . . . . . . : 192.168.10.6
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::218:71ff:feea:f57b%2
                                       192.168.10.1

No entanto, quando tento fazer um tracert para ipv6.google.com, a solicitação expira;

C:\>tracert -6 -h 10 ipv6.google.com

Tracing route to ipv6.l.google.com [2a00:1450:4013:c00::64]
over a maximum of 10 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.

Agora a pergunta é: Como faço para que meus clientes da LAN usem o túnel no meu roteador linux?

Eu já investiguei, mas provavelmente não consigo encontrar os termos de pesquisa certos para resolver minha pergunta.

Editar: adicionada radvd configuração

interface eth1
{

    AdvSendAdvert on;

    MinRtrAdvInterval 5;
    MaxRtrAdvInterval 15;

    prefix 2001:470:1f14:904::2/64
    {
        AdvOnLink on;
        AdvAutonomous on;
    };
};
    
por Roelof 10.08.2014 / 23:08

1 resposta

0

Algumas ideias:

  • Você ativou o roteamento ipv6 (sysctl -w net.ipv6.conf.all.forwarding = 1); pode precisar fazer isso para cada intf
  • Seu túnel he-net encaminhará / aceitará os endereços IPv6 que você está distribuindo para seus clientes? Se não, você precisará do NAT.
por 11.08.2014 / 09:26