我已经设置了带有 OpenThread RadioCoprocessor 的 Raspberry Pi,以作为 OpenThread Border 路由器运行。这可以正常工作,但我无法从 Thread 网络访问 NAT64 接口。
在家里,我有一个路由器,它创建了一个本地 IPv6 网络。Pi 被分配了两个 IPv6 IP 地址,到这些地址的路由传播到 RadioCoprocessor。在这里,我可以向已知前缀和 NAT64 接口添加路由,并使用 NAT64 接口作为 DNS 服务器将主机名解析为已知前缀地址并 ping 这些地址。
但在工作中,本地网络没有 IPv6。Pi 没有分配 IPv6 地址。在工作中,我无法从 OpenThread 网络 ping 任何知名前缀地址,但我可以从 Pi ping。
我是否遗漏了某条路线?
家中的路由表
pi@raspberrypi:~ $ route -6 -n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: U 256 3 0 lo
64:ff9b::/96 :: U 1024 1 0 nat64
2002:1111:1111:1111::/64 :: UAe 256 1 0 eth0 <<< Router ipv6 network
fd11:db8:1::/64 :: U 256 1 0 otbr0
fd35:ad25:a99f:8c75::/64 :: U 256 2 0 wpan0
fdaa:bb:1::2/128 :: U 256 3 0 nat64
fdb5:d386:5ef5::/64 :: UAe 256 1 0 eth0 <<< Router ipv6 network
fdbb:9fbb:e58b:f471::/64 :: U 256 2 0 wpan0
fe80::/64 :: U 256 2 0 eth0
fe80::/64 :: U 256 1 0 nat64
fe80::/64 :: U 256 1 0 wpan0
fe80::/64 :: U 256 1 0 otbr0
fe80::/64 :: U 256 1 0 vethdbec410
fe80::/64 :: U 256 1 0 docker0
::/0 fe80::ee3e:b3ff:fe63:1320 UGDAe 1024 1 0 eth0
::1/128 :: Un 0 7 0 lo
2002:1111:1111:1111::/128 :: Un 0 3 0 eth0 <<< Router ipv6 network
2002:1111:1111:1111:ba27:ebff:fe6f:9215/128 :: <<< Router ipv6 network
Un 0 3 0 eth0
fd35:ad25:a99f:8c75::/128 :: Un 0 3 0 wpan0
fd35:ad25:a99f:8c75:a9c8:521f:d197:eca5/128 ::
Un 0 3 0 wpan0
fdaa:bb:1::2/128 :: Un 0 4 0 nat64
fdb5:d386:5ef5::/128 :: Un 0 3 0 eth0 <<< Router ipv6 network
fdb5:d386:5ef5:0:ba27:ebff:fe6f:9215/128 :: Un 0 3 0 eth0 <<< Router ipv6 network
fdbb:9fbb:e58b:f471::/128 :: Un 0 6 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:e800/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc00/128 :: Un 0 4 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc10/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc11/128 :: Un 0 2 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc38/128 :: Un 0 2 0 wpan0
fdbb:9fbb:e58b:f471:f21d:c077:3438:5937/128 ::
Un 0 2 0 wpan0
fe80::/128 :: Un 0 6 0 eth0
fe80::/128 :: Un 0 3 0 nat64
fe80::/128 :: Un 0 3 0 wpan0
fe80::/128 :: Un 0 3 0 vethdbec410
fe80::/128 :: Un 0 3 0 docker0
fe80::42:23ff:fee8:b3c/128 :: Un 0 2 0 docker0
fe80::858:1860:afaa:fde9/128 :: Un 0 2 0 wpan0
fe80::3024:2fff:fe63:1c/128 :: Un 0 2 0 vethdbec410
fe80::3cd7:afb4:fc53:bc71/128 :: Un 0 3 0 nat64
fe80::ba27:ebff:fe6f:9215/128 :: Un 0 4 0 eth0
ff00::/8 :: U 256 7 0 eth0
ff00::/8 :: U 256 1 0 nat64
ff00::/8 :: U 256 1 0 wpan0
ff00::/8 :: U 256 5 0 vethdbec410
ff00::/8 :: U 256 5 0 docker0
::/0 :: !n -1 1 0 lo
工作中的路由表
pi@raspberrypi:~ $ route -6 -n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: U 256 2 0 lo
64:ff9b::/96 :: U 1024 1 0 nat64
fd11:db8:1::/64 :: U 256 1 0 otbr0
fdaa:bb:1::2/128 :: U 256 3 0 nat64
fdbb:9fbb:e58b:f471::/64 :: U 256 2 0 wpan0
fe80::/64 :: U 256 2 0 wlan0
fe80::/64 :: U 256 1 0 nat64
fe80::/64 :: U 256 1 0 wpan0
fe80::/64 :: U 256 1 0 otbr0
fe80::/64 :: U 256 1 0 veth89bb918
fe80::/64 :: U 256 1 0 docker0
::/0 :: !n -1 1 0 lo
::1/128 :: Un 0 5 0 lo
fdaa:bb:1::2/128 :: Un 0 5 0 nat64
fdbb:9fbb:e58b:f471::/128 :: Un 0 5 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:e800/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc00/128 :: Un 0 4 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc10/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc11/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc38/128 :: Un 0 2 0 wpan0
fdbb:9fbb:e58b:f471:f21d:c077:3438:5937/128 :: Un 0 2 0 wpan0
fe80::/128 :: Un 0 8 0 wlan0
fe80::/128 :: Un 0 3 0 nat64
fe80::/128 :: Un 0 3 0 wpan0
fe80::/128 :: Un 0 3 0 docker0
fe80::/128 :: Un 0 3 0 veth89bb918
fe80::42:7dff:fece:4ad4/128 :: Un 0 2 0 docker0
fe80::858:1860:afaa:fde9/128 :: Un 0 2 0 wpan0
fe80::1450:5aff:feb6:879f/128 :: Un 0 2 0 veth89bb918
fe80::5227:2e50:3570:ab37/128 :: Un 0 2 0 nat64
fe80::ba27:ebff:fe3a:c740/128 :: Un 0 2 0 wlan0
ff00::/8 :: U 256 7 0 wlan0
ff00::/8 :: U 256 1 0 nat64
ff00::/8 :: U 256 1 0 wpan0
ff00::/8 :: U 256 5 0 veth89bb918
ff00::/8 :: U 256 5 0 docker0
::/0 :: !n -1 1 0 lo
更新
我缺少从 OT-RCP 到 Pi 上的 eth/wlan 接口的默认路由。
我手动添加了一个 IPv6 地址,并添加了一条默认路由:“prefix add 2001:470:6c92:1::/64 paros med”
现在我可以 ping FDAA:BB:1::2 处的 NAT64,但是解析 DNS 时出现错误 8,描述为安全。
更新 2 tcpdump 日志:
tcpdump: listening on wpan0, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144 bytes
***DNS request from ot-cli thread device "ot dns resolve ing.nl fdaa:bb:1::2 53 1000 2 1"***
19:54:30.284814 IP6 (hlim 64, next-header UDP (17) payload length: 32) 2001:470:6c92:1:8196:1c3f:41ed:fed.49153 > fdaa:bb:1::2.53: [udp sum ok] 11238+ AAAA? ing.nl. (24)
19:54:30.285478 IP6 (flowlabel 0x3bd7d, hlim 64, next-header UDP (17) payload length: 32) fdaa:bb:1::2.53 > 2001:470:6c92:1:8196:1c3f:41ed:fed.49153: [udp sum ok] 11238 Refused- 0/0/0 (24)
19:54:30.302290 IP6 (hlim 64, next-header UDP (17) payload length: 32) 2001:470:6c92:1:8196:1c3f:41ed:fed.49153 > fdaa:bb:1::2.53: [udp sum ok] 34254+ A? ing.nl. (24)
19:54:30.303347 IP6 (flowlabel 0x3bd7d, hlim 64, next-header UDP (17) payload length: 32) fdaa:bb:1::2.53 > 2001:470:6c92:1:8196:1c3f:41ed:fed.49153: [udp sum ok] 34254 Refused- 0/0/0 (24)
***Successful Ping from ot-cli thread device "ot ping 64:ff9b::9765:818c"***
20:51:46.076737 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:470:6c92:1:8196:1c3f:41ed:fed > 64:ff9b::9765:818c: [icmp6 sum ok] ICMP6, echo request, id 6, seq 6
20:51:46.088699 IP6 (hlim 56, next-header ICMPv6 (58) payload length: 16) 64:ff9b::9765:818c > 2001:470:6c92:1:8196:1c3f:41ed:fed: [icmp6 sum ok] ICMP6, echo reply, id 6, seq 6
***Successful Ping from ot-cli thread device "ot ping fdaa:bb:1::2"***
20:53:27.162740 IP6 (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:470:6c92:1:8196:1c3f:41ed:fed > fdaa:bb:1::2: [icmp6 sum ok] ICMP6, echo request, id 7, seq 7
20:53:27.162871 IP6 (flowlabel 0x9a0cc, hlim 64, next-header ICMPv6 (58) payload length: 16) fdaa:bb:1::2 > 2001:470:6c92:1:8196:1c3f:41ed:fed: [icmp6 sum ok] ICMP6, echo reply, id 7, seq 7
答案1
这是由 dhcpcd.conf 中的 dns 设置引起的
网络信息
pi@raspberrypi:~ $ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether b8:27:eb:6f:92:15 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether b8:27:eb:3a:c7:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.119/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
valid_lft 86063sec preferred_lft 75263sec
inet6 2001:470:6c92:1::1/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::20b4:b0a4:1951:1a51/64 scope link
valid_lft forever preferred_lft forever
4: nat64: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 500
link/none
inet 192.168.255.1/32 scope global nat64
valid_lft forever preferred_lft forever
inet6 fdaa:bb:1::2/128 scope global
valid_lft forever preferred_lft forever
inet6 fe80::541e:2c1c:3682:1f26/64 scope link stable-privacy
valid_lft forever preferred_lft forever
6: otbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:c0:8f:82:6f brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 brd 172.19.255.255 scope global otbr0
valid_lft forever preferred_lft forever
inet6 fd11:db8:1::1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::1/64 scope link tentative
valid_lft forever preferred_lft forever
7: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:8a:3b:6f:9a brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:8aff:fe3b:6f9a/64 scope link
valid_lft forever preferred_lft forever
9: vethe2fc65a@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 46:fe:f5:19:50:bd brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.151.160/16 brd 169.254.255.255 scope global noprefixroute vethe2fc65a
valid_lft forever preferred_lft forever
inet6 fe80::44fe:f5ff:fe19:50bd/64 scope link
valid_lft forever preferred_lft forever
15: wpan0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/void
inet6 fd35:ad25:a99f:8c75:a9c8:521f:d197:eca5/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fdbb:9fbb:e58b:f471:0:ff:fe00:fc11/64 scope global nodad deprecated
valid_lft forever preferred_lft 0sec
inet6 fdbb:9fbb:e58b:f471:0:ff:fe00:fc10/64 scope global nodad deprecated
valid_lft forever preferred_lft 0sec
inet6 fdbb:9fbb:e58b:f471:0:ff:fe00:fc38/64 scope global nodad deprecated
valid_lft forever preferred_lft 0sec
inet6 fdbb:9fbb:e58b:f471:0:ff:fe00:fc00/64 scope global nodad deprecated
valid_lft forever preferred_lft 0sec
inet6 fdbb:9fbb:e58b:f471:0:ff:fe00:e800/64 scope global nodad deprecated
valid_lft forever preferred_lft 0sec
inet6 fdbb:9fbb:e58b:f471:f21d:c077:3438:5937/64 scope global nodad deprecated
valid_lft forever preferred_lft 0sec
inet6 fe80::858:1860:afaa:fde9/64 scope link nodad
valid_lft forever preferred_lft forever
pi@raspberrypi:~ $ route -6 -n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: U 256 3 0 lo
64:ff9b::/96 :: U 1024 4 0 nat64
2001:470:6c92:1::/64 :: U 303 1 0 wlan0
fd11:db8:1::/64 :: U 256 3 0 otbr0
fd35:ad25:a99f:8c75::/64 :: U 215 3 0 wpan0
fdaa:bb:1::2/128 :: U 256 3 0 nat64
fdaa:bb:1::2/128 :: U 1024 1 0 nat64
fdbb:9fbb:e58b:f471::/64 :: U 256 1 0 wpan0
fe80::/64 :: U 256 1 0 nat64
fe80::/64 :: U 256 1 0 otbr0
fe80::/64 :: U 256 1 0 vethe2fc65a
fe80::/64 :: U 256 1 0 docker0
fe80::/64 :: U 256 1 0 wpan0
fe80::/64 :: U 256 1 0 wlan0
::/0 :: !n -1 1 0 lo
::1/128 :: Un 0 7 0 lo
2001:470:6c92:1::/128 :: Un 0 3 0 wlan0
2001:470:6c92:1::1/128 :: Un 0 3 0 wlan0
fd35:ad25:a99f:8c75::/128 :: Un 0 3 0 wpan0
fd35:ad25:a99f:8c75:a9c8:521f:d197:eca5/128 :: Un 0 3 0 wpan0
fdaa:bb:1::2/128 :: Un 0 9 0 nat64
fdbb:9fbb:e58b:f471::/128 :: Un 0 5 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:e800/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc00/128 :: Un 0 4 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc10/128 :: Un 0 3 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc11/128 :: Un 0 2 0 wpan0
fdbb:9fbb:e58b:f471:0:ff:fe00:fc38/128 :: Un 0 2 0 wpan0
fdbb:9fbb:e58b:f471:f21d:c077:3438:5937/128 :: Un 0 2 0 wpan0
fe80::/128 :: Un 0 8 0 nat64
fe80::/128 :: Un 0 3 0 vethe2fc65a
fe80::/128 :: Un 0 3 0 docker0
fe80::/128 :: Un 0 3 0 wpan0
fe80::/128 :: Un 0 3 0 wlan0
fe80::42:8aff:fe3b:6f9a/128 :: Un 0 2 0 docker0
fe80::858:1860:afaa:fde9/128 :: Un 0 2 0 wpan0
fe80::20b4:b0a4:1951:1a51/128 :: Un 0 2 0 wlan0
fe80::44fe:f5ff:fe19:50bd/128 :: Un 0 2 0 vethe2fc65a
fe80::541e:2c1c:3682:1f26/128 :: Un 0 3 0 nat64
ff00::/8 :: U 256 1 0 nat64
ff00::/8 :: U 256 5 0 vethe2fc65a
ff00::/8 :: U 256 5 0 docker0
ff00::/8 :: U 256 4 0 wpan0
ff00::/8 :: U 256 4 0 wlan0
::/0 :: !n -1 1 0 lo
pi@raspberrypi:~ $ ip -6 route
::1 dev lo proto kernel metric 256 pref medium
64:ff9b::/96 dev nat64 metric 1024 pref medium
2001:470:6c92:1::/64 dev wlan0 metric 303 pref medium
fd11:db8:1::/64 dev otbr0 proto kernel metric 256 linkdown pref medium
fd35:ad25:a99f:8c75::/64 dev wpan0 metric 215 pref medium
fdaa:bb:1::2 dev nat64 proto kernel metric 256 pref medium
fdaa:bb:1::2 dev nat64 metric 1024 pref medium
fdbb:9fbb:e58b:f471::/64 dev wpan0 proto kernel metric 256 pref medium
fe80::/64 dev nat64 proto kernel metric 256 pref medium
fe80::/64 dev otbr0 proto kernel metric 256 linkdown pref medium
fe80::/64 dev vethe2fc65a proto kernel metric 256 pref medium
fe80::/64 dev docker0 proto kernel metric 256 pref medium
fe80::/64 dev wpan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
pi@raspberrypi:~ $ sudo ot-ctl
> route
64:ff9b:0:0:0:0::/96 s med e800
fdaa:bb:1:0:0:0::/96 s med e800
Done
> prefix
fd35:ad25:a99f:8c75::/64 paos med e800
Done
> ipaddr
fd35:ad25:a99f:8c75:a9c8:521f:d197:eca5
fdbb:9fbb:e58b:f471:0:ff:fe00:fc11
fdbb:9fbb:e58b:f471:0:ff:fe00:fc10
fdbb:9fbb:e58b:f471:0:ff:fe00:fc38
fdbb:9fbb:e58b:f471:0:ff:fe00:fc00
fdbb:9fbb:e58b:f471:0:ff:fe00:e800
fdbb:9fbb:e58b:f471:f21d:c077:3438:5937
fe80:0:0:0:858:1860:afaa:fde9
Done
>
/etc/dhcpcd.conf 的内容
pi@raspberrypi:~ $ cat /etc/dhcpcd.conf
# A sample configuration for dhcpcd.
# See dhcpcd.conf(5) for details.
# Allow users of this group to interact with dhcpcd via the control socket.
#controlgroup wheel
# Inform the DHCP server of our hostname for DDNS.
hostname
# Use the hardware address of the interface for the Client ID.
clientid
# or
# Use the same DUID + IAID as set in DHCPv6 for DHCPv4 ClientID as per RFC4361.
4# Some non-RFC compliant DHCP servers do not reply with this set.
# In this case, comment out duid and enable clientid above.
#duid
# Persist interface configuration when dhcpcd exits.
persistent
# Rapid commit support.
# Safe to enable by default because it requires the equivalent option set
# on the server to actually work.
option rapid_commit
# A list of options to request from the DHCP server.
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
# Respect the network MTU. This is applied to DHCP routes.
option interface_mtu
# Most distributions have NTP support.
option ntp_servers
# A ServerID is required by RFC2131.
require dhcp_server_identifier
# OR generate Stable Private IPv6 Addresses based from the DUID
slaac private
# Example static IP configuration:
interface eth0
#static ip_address=192.168.2.1/30
interface wlan0
#static ip_address=192.168.2.1/30
static ip6_address=2001:470:6c92:1::1/64
# dont set dns here
#static domain_name_servers=fdaa:bb:1::2
interface wpan0
static ip6_address=fd35:ad25:a99f:8c75:a9c8:521f:d197:eca5/64