Eu configurei um túnel L2tp não numerado de casa para um host remoto.
Ao tentar pingar o ipv6.google.com, recebi um erro além do escopo, sei que antes de algum tempo, os endereços locais de link não deveriam ser usados dessa maneira, mas agora com uma interface não numerada isso deveria ser possível. / p>
A máquina executando o mais recente debian jessie, mas com um kernel mais recente 4.6.0-0.bpo.1-amd64
Túnel:
~> sudo ip l2tp show tunnel
Tunnel 386, encap IP
From 192.168.88.254 to remote_host
Peer tunnel 381
Endereços e encaminhamento:
Página inicial > ip -6 addr
5: l2tpeth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 1000
inet6 fe80::8427:7dff:fea4:939b/64 scope link
valid_lft forever preferred_lft forever
~> ip -6 route
local ::1 dev lo proto kernel metric 256
fe80::/64 dev vnet0 proto kernel metric 256
fe80::/64 dev l2tpeth0 proto kernel metric 1024
default via fe80::f94e:693a:aa66:e79b dev l2tpeth0 metric 1024
remote_host ~ > ip -6 addr
5: l2tpeth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 state UNKNOWN qlen 1000
inet6 fe80::f94e:693a:aa66:e79b/128 scope link
valid_lft forever preferred_lft forever
inet6 fe80::f434:73ff:fef3:5236/64 scope link
valid_lft forever preferred_lft forever
~> ip -6 route
local ::1 dev lo proto kernel metric 256
2400:8900::/64 dev eth0 proto kernel metric 256 expires 2591997sec mtu 1300
fe80::f94e:693a:aa66:e79b dev l2tpeth0 proto kernel metric 256
fe80::/64 dev eth0 proto kernel metric 256 mtu 1300
fe80::/64 dev tun0 proto kernel metric 256
fe80::/64 dev l2tpeth0 proto kernel metric 256 mtu 1460
default via fe80::1 dev eth0 proto ra metric 1024 expires 87sec mtu 1500 hoplimit 64
Ping:
~> ping6 fe80::f94e:693a:aa66:e79b%l2tpeth0
PING fe80::f94e:693a:aa66:e79b%l2tpeth0(fe80::f94e:693a:aa66:e79b) 56 data bytes
64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=1 ttl=64 time=61.9 ms
64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=2 ttl=64 time=58.4 ms
64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=3 ttl=64 time=57.4 ms
64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=4 ttl=64 time=56.5 ms
64 bytes from fe80::f94e:693a:aa66:e79b: icmp_seq=5 ttl=64 time=66.1 ms
^C
--- fe80::f94e:693a:aa66:e79b%l2tpeth0 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 56.509/60.113/66.190/3.562 ms
pingue o Google em casa:
ping6 ipv6.google.com
PING ipv6.google.com(hkg12s01-in-x0e.1e100.net) 56 data bytes
From hkg12s01-in-x0e.1e100.net icmp_seq=1 Destination unreachable: Beyond scope of source address
From hkg12s01-in-x0e.1e100.net icmp_seq=2 Destination unreachable: Beyond scope of source address
^C
--- ipv6.google.com ping statistics ---
2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1001ms
tcpdump no controle remoto:
~> sudo tcpdump -ni l2tpeth0 icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on l2tpeth0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:34:19.944576 IP6 fe80::8427:7dff:fea4:939b > 2404:6800:4005:801::200e: ICMP6, echo request, seq 1, length 64
09:34:19.944749 IP6 fe80::f94e:693a:aa66:e79b > fe80::8427:7dff:fea4:939b: ICMP6, destination unreachable, beyond scope 2404:6800:4005:801::200e, source address fe80::8427:7dff:fea4:939b, length 112
09:34:20.946277 IP6 fe80::8427:7dff:fea4:939b > 2404:6800:4005:801::200e: ICMP6, echo request, seq 2, length 64
09:34:20.946397 IP6 fe80::f94e:693a:aa66:e79b > fe80::8427:7dff:fea4:939b: ICMP6, destination unreachable, beyond scope 2404:6800:4005:801::200e, source address fe80::8427:7dff:fea4:939b, length 112
^C
4 packets captured
4 packets received by filter
0 packets dropped by kernel
sysctl no host remoto (o encaminhamento de ipv6 está ativado):
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.l2tpeth0.forwarding = 1