Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
Q
Q
quadro_qa2021-01-29 15:33:20
linux
quadro_qa, 2021-01-29 15:33:20

How to configure routable /56 ipv6 to different interfaces?

I asked the hosting provider to give network 56 so that I could do /64 for
VPN
clients 254
I will route 2a0f:9500:fa0:100::/56 to it as requested."

Then I set it up like this

2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:c3:49:69:76:3d brd ff:ff:ff:ff:ff:ff
    inet x/24 brd x scope global noprefixroute ens18
       valid_lft forever preferred_lft forever
    inet6 2a0f:9500:fa0:16::1/44 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::696e:8a9:ec5e:97ce/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
8: wg_ip6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.5.100.1/24 scope global wg_ip6
       valid_lft forever preferred_lft forever
    inet6 2a0f:9500:fa0:102::1/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::dee5:2713:2944:1812/64 scope link flags 800 
       valid_lft forever preferred_lft forever


[[email protected] user]# ip -6 r | grep -v unr
2a0f:9500:fa0:102::/64 dev wg_ip6 proto kernel metric 256 pref medium
2a0f:9500:fa0::/44 dev ens18 proto kernel metric 100 pref medium
fe80::/64 dev ens18 proto kernel metric 100 pref medium
fe80::/64 dev wg_ip6 proto kernel metric 256 pref medium
default via 2a0f:9500:fa0::254 dev ens18 proto static metric 100 pref medium


[[email protected] user]# ip -6 nei
fe80::244b:88ff:fee6:7e86 dev ens18 lladdr 26:4b:88:e6:7e:86 router STALE
fe80::ba27:ebff:fe97:cb4e dev ens18 lladdr b8:27:eb:97:cb:4e router STALE
2a0f:9500:fa0::254 dev ens18 lladdr 26:4b:88:e6:7e:86 router STALE


that is, I added 2a0f:9500:fa0:16::1/44 and gateway 2a0f:9500:fa0::254 on ens18
and for wireguard added 2a0f:9500:fa0:102::1/64

the problem is with wireguard client 2a0f:9500:fa0:102::2/64 does not respond to neighbor solicitation from gateway 2a0f:9500:fa0::254

[[email protected] user]# tcpdump -i wg_ip6  -q -nnn ip6  
13:16:06.789627 IP6 2a0f:9500:fa0:102::2 > 2606:4700:4700::1001: ICMP6, echo request, seq 10, length 64
13:16:07.808882 IP6 2a0f:9500:fa0:102::2 > 2606:4700:4700::1001: ICMP6, echo request, seq 11, length 64
^C

[[email protected] user]# tcpdump -i ens18  -q -nnn ip6  
13:16:12.928877 IP6 2a0f:9500:fa0:102::2 > 2606:4700:4700::1001: ICMP6, echo request, seq 16, length 64
13:16:12.970394 IP6 fe80::244b:88ff:fee6:7e86 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2a0f:9500:fa0:102::2, length 32
13:16:13.963624 IP6 2a0f:9500:fa0:102::2 > 2606:4700:4700::1001: ICMP6, echo request, seq 17, length 64
13:16:13.987436 IP6 fe80::244b:88ff:fee6:7e86 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2a0f:9500:fa0:102::2, length 32
^C


I was able to solve this problem by adding
ip -6 neigh add proxy 2a0f:9500:fa0:102::2 dev ens18
but for SLAAC I don’t know what to do

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

[[+comments_count]] answer(s)
Report
N
Nicholas, 2021-01-29
@romancelover

ndppd can be used.
in /etc/ndppd.conf
proxy enp18 {
rule 2a0f:9500:fa0:102::/64
{
iface wg_ip6
}
}
prefix type options: static - respond to all neighbor solicitation (not recommended for large prefixes, so as not to clog the table of neighbors non- existent addresses),
iface - redirect to the interface, auto - also redirect to the interface, but determine it automatically.
I have a similar configuration, ndppd and Wireguard are installed, but Wireguard does not have its own subnet with SLAAC, and the prefix is ​​small (/112), the option is just static.
Since wireguard is a p2p interface, then (as I imagine it), on the other side of wireguard'a ndppd should similarly transfer nd requests from wireguard already to the network on that side. Of course, radvd should be running there, announcing the specified prefix to the network.

Report
Q
quadro_qa, 2021-01-29
@quadro_qa

another question
on ens18 set 2a0f:9500:fa0:16::1/44
and nearby on other interfaces it will be 2a0f:9500:fa0:102::/64, 2a0f:9500:fa0:103::/64 and all of them are included in /44
for example on one server, will this work correctly

eth0 - 185.10.0.0/16 gateway 185.10.0.1
eth1 - 185.10.1.0/24
eth2 - 185.10.2.0/24

UPDATE:
"Apologies, there was a syntax error on our router so the static route was not being pointed correctly."
problem solved

Similar questions
D
Danil2020-03-14 19:16:34
How to create custom macros for text in PHP? 7Reply
M
michydev2020-03-25 19:19:42
Should a layout designer write logic, such as a currency exchange calculator? 7Reply
A
alexandrnevajno12017-11-26 03:58:56
PHP - Is it correct to change the extension to .jpg when uploading an image? Why is this option better? 4Reply
A
Anton2017-08-07 05:40:56
How to recover data on Kali Linux? 1Reply
S
SpideR-KOSS2017-08-07 09:21:39
How can I make webmin save only the latest file when saving a backup? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question