OpenVPN:无法通过 IPv6 访问客户端

tag-icon tag-icon openvpn ipv6
OpenVPN:无法通过 IPv6 访问客户端

当前设置:具有 IPv4 和 IPv6 的 OpenVPN 服务器:

[...]
port 1234
proto udp6
dev tun
server 10.9.8.0 255.255.255.0
server-ipv6 2001:1af8:3100:a00a:0021:a:b:0000/112
client-to-client
[...]

客户端通过CCD获取IP:

ifconfig-ipv6-push 2001:1af8:3100:a00a:21:a:b:0006
ifconfig-push 10.9.8.6 10.9.8.5

附注:这似乎只适用于 Linux(包括 Debian 上的 2.2 oVPN);IPv6 线路会破坏 Tunnelblick(OS X)和 Windows 上的所有内容(=> 客户端甚至无法通过 IPv4 相互 ping 通)。

连接的客户端获得两个 IP:一个 IPv4 地址和一个 IPv6 地址:

10.9.8.6,pc1,::ffff:212.3.2.1,Fri Dec 19 23:26:02 2014
2001:1af8:3100:a00a:21:a:b:6,pc1,::ffff:212.3.2.1,Fri Dec 19 23:21:22 2014

10.9.8.102,pc2,2001:1af8:b:a00a:21::4,Fri Dec 19 23:25:34 2014
2001:1af8:3100:a00a:21:a:b:102,pc2,2001:1af8:b:a00a:21::4,Fri Dec 19 23:06:11 2014

从 VPN 服务器 ping IPv6 地址(即:2001:1af8:3100:a00a:21:a:b:102)可以正常工作。客户端之间的 ping 不起作用:

pc1 ~ # ping6 2001:1af8:3100:a00a:21:a:b:102
PING 2001:1af8:3100:a00a:21:a:b:102 (2001:1af8:3100:a00a:21:a:b:102): 56 data bytes
64 bytes from 2a02:578:854f:100:7271:a:1b11: Destination unreachable: Address unreachable
64 bytes from 2a02:578:854f:100:7271:a:1b11: Destination unreachable: Address unreachable
64 bytes from 2a02:578:854f:100:7271:a:1b11: Destination unreachable: Address unreachable
^C--- 2001:1af8:3100:a00a:21:a:b:102 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

但 IPv4 是可行的:

pc1 ~ # ping 10.9.8.102
PING 10.9.8.102 (10.9.8.102): 56 data bytes
64 bytes from 10.9.8.102: icmp_seq=0 ttl=64 time=32.217 ms
64 bytes from 10.9.8.102: icmp_seq=1 ttl=64 time=31.641 ms
^C--- 10.9.8.102 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 31.641/31.929/32.217/0.288 ms

我遗漏了什么?iptables?一些 sysctl 选项?谢谢。

vpn-server # cat /proc/sys/net/ipv6/conf/all/forwarding
1

跟踪(一直到我自己的 IPv6 地址):

pc1 ~ # traceroute6 2001:1af8:3100:a00a:21:a:b:102
traceroute to 2001:1af8:3100:a00a:21:a:b:102 (2001:1af8:3100:a00a:21:a:b:102), 30 hops max, 80 byte packets
 1  2a02:578:854f:100:7271:bcff:f:1b11 (2a02:578:854f:100:7271:bcff:f:1b11)  3008.038 ms !H  3008.020 ms !H  3007.985 ms !H
pc1 ~ #

路线:

pc1 ~ # ip -6 route show
2001:1af8:3100:a00a::/64 dev eth0  proto kernel  metric 256  expires 51sec mtu 1492 advmss 1432 hoplimit 0
2001:1af8:3100:a00a::/64 dev wlan0  proto kernel  metric 256  expires 51sec mtu 1492 advmss 1432 hoplimit 0
2001:1af8:3100:a00a::/64 dev tun0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
2a02:578:854f:100::/64 dev eth0  proto kernel  metric 256  expires 7177sec mtu 1492 advmss 1432 hoplimit 0
2a02:578:854f:100::/64 dev wlan0  proto kernel  metric 256  expires 7177sec mtu 1492 advmss 1432 hoplimit 0
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1492 advmss 1432 hoplimit 0
fe80::/64 dev wlan0  proto kernel  metric 256  mtu 1492 advmss 1432 hoplimit 0
fe80::/64 dev tun0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
default via fe80::3631:c4ff:fe3d:eac2 dev eth0  proto kernel  metric 1024  expires 1777sec mtu 1492 advmss 1432 hoplimit 255
default via fe80::3631:c4ff:fe3d:eac2 dev wlan0  proto kernel  metric 1024  expires 1777sec mtu 1492 advmss 1432 hoplimit 255

相关内容