IPv6 默认路由未设置 netplan Ubuntu 18.04.2 LTS

tag-icon tag-icon networking 18.04 netplan routing ipv6
IPv6 默认路由未设置 netplan Ubuntu 18.04.2 LTS

无法在 Ubuntu 18.04.2 系统上配置默认路由。发出netplan明确命令后,路由即可正常工作。ip -6 route add ...

隐私扩展已被禁用:/etc/sysctl.d/10-ipv6-privacy.conf

net.ipv6.conf.all.use_tempaddr = 0
net.ipv6.conf.default.use_tempaddr = 0
net.ipv6.conf.ens192.use_tempaddr = 0

SLACC 和 RA 已禁用,IPv4/IPv6 转发为一(机器用作 OpenVPN 服务器)

/etc/sysctl.d/10-ipv6-router.conf

net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.all.accept_ra = 0

net.ipv6.conf.all.proxy_ndp = 1

/etc/sysctl.conf

net.ipv4.ip_forward=1
...
net.ipv6.conf.all.forwarding=1

/etc/netplan/01-netcfg.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    ens18:
      dhcp4: no
      addresses:
        - a.b.c.d/24
      gateway4: a.b.c.e

      dhcp6: no
      accept-ra: no
      addresses:
        - "2001:0db8:0004:4a1a::dead:beef/64"
      gateway6: "2001:0db8:0004::0001"

    ens19:
      dhcp6: no
      accept-ra: no
      addresses:
        - "2001:0db8:0004:4a1a::dead:dead/64"
      gateway6: "2001:0db8:0004::0001"

这会将地址分配给接口,如下所示:

$ ip -6 addr show

2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:0db8:0004:4a1a::dead:beef/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::abcd:efff:fea3:2a03/64 scope link 
       valid_lft forever preferred_lft forever
3: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 2001:0db8:0004:4a1a::dead:dead/64 scope global 
       valid_lft forever preferred_lft forever
    inet6 fe80::defc:deff:fe98:7c74/64 scope link 
       valid_lft forever preferred_lft forever

使用路线ip -6 route show

2001:0db8:0004:4a1a::/64 dev ens19 proto kernel metric 256 pref medium
2001:0db8:0004:4a1a::/64 dev ens18 proto kernel metric 256 pref medium

fe80::/64 dev ens19 proto kernel metric 256 pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium

配置了默认路由,但 ping 外部站点不起作用:

$ ping -6 -c3 ipv6.google.com
connect: Network is unreachable

运行以下两个命令:

$ sudo ip -6 route add 2001:0db8:0004::0001 dev ens18 metric 1
$ sudo ip -6 route add default via 2001:0db8:0004::0001 dev ens18 metric 1

正在上映的ip -6 route节目:

2001:0db8:4::1 dev ens18 metric 1 pref medium

2001:0db8:4:4a1a::/64 dev ens19 proto kernel metric 256 pref medium
2001:0db8:4:4a1a::/64 dev ens18 proto kernel metric 256 pref medium

fe80::/64 dev ens19 proto kernel metric 256 pref medium
fe80::/64 dev ens18 proto kernel metric 256 pref medium

default via 2001:0db8:4::1 dev ens18 metric 1 pref medium

默认路由是现在配置并 ping 外部站点作品

$ ping -6 -c3 ipv6.google.com
PING ipv6.google.com(ord38s18-in-x0e.1e100.net (2607:f8b0:4009:804::200e)) 56 data bytes
64 bytes from ord38s18-in-x0e.1e100.net (2607:f8b0:4009:804::200e): icmp_seq=1 ttl=56 time=23.2 ms
64 bytes from ord38s18-in-x0e.1e100.net (2607:f8b0:4009:804::200e): icmp_seq=2 ttl=56 time=23.2 ms
64 bytes from ord38s18-in-x0e.1e100.net (2607:f8b0:4009:804::200e): icmp_seq=3 ttl=56 time=23.2 ms

--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 23.274/23.283/23.293/0.176 ms

那么,netplan 配置有什么问题?为什么没有配置默认 IPv6 路由?

根据@slangasek 的建议进行了修改:

 ethernets:
    ens18:
     ...

      dhcp6: no
      accept-ra: no
      addresses:
        - "2001:0db8:0004:4a1a::dead:beef/64"

      routes:
        - to: "::/0"
          via: "2001:0db8:0004::1"
          metric: 1
          on-link: true

然而,这确实不是工作。我收到类似ens18: Could not set route: No route to host日志中的消息。

从答案https://askubuntu.com/a/1014683,我使用以下命令向路由器添加了附加路由scope: link

  routes:
    - to: "2001:0db8:0004::1/128"
      via: "2001:0db8:0004::1"
      metric: 1
      scope: link
    - to: "::/0"
      via: "2001:0db8:0004::1"
      metric: 1
      on-link: true

不是在职的!

答案1

您的配置显示您有一个本地网络 2001:0db8:0004:4a1a::/64,但您正尝试配置网关 2001:0db8:0004::0001,而该网关不属于该网络。因此 networkd 拒绝通过您没有路由的路由器添加默认路由。

您的手动配置ip route也反映了这一点:您首先为路由器的地址添加路由,声明它本地连接到您的以太网,然后设置默认路由。

因此,您必须使用 netplan 执行等效操作,即在 routes: 中声明两个条目,一个是scope: link,另一个是设置on-link: true

  addresses:
    - "2001:0db8:0004:4a1a::dead:dead/64"
  routes:
    - to: "2001:0db8:0004::0001/128"
      scope: link
    - to: "::/0"
      via: "2001:0db8:0004::0001"
      on-link: true

答案2

network:
  version: 2
  renderer: networkd
  ethernets:
    ens19:
      dhcp6: no
      accept-ra: no
      addresses: ["2001:0db8:0004:4a1a::dead:dead/64"]
      gateway6: "2001:0db8:0004::0001"
      routes:
         - to: "2001:0db8:0004::0001/128"
           scope: link

在我撰写本文时,这在 Ubuntu 18.04.4 LTS 上对我来说是有效的(使用不同的网络块但经过测试)

答案3

我刚刚遇到了这个问题。实际原因写在 /etc/sysctl.conf 中

# Uncomment the next line to enable packet forwarding for IPv6
#  Enabling this option disables Stateless Address Autoconfiguration
#  based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1

当 IPv6 转发被禁用时,主机将不会侦听路由器通告,而这通常是确定默认路由的方式。因此,您必须手动添加默认路由(以及 DNS 服务器和您从 RA 中获取的任何其他信息),或者将accept_ra内核选项设置为 2,这将覆盖此行为。

请参阅此博客文章了解更多信息。

相关内容