Tweet
Hi,
I implemented ipv6 on my openvpn setup (debian - openvpn version 2.6.3-1). I didn't setup any ULA prefix (fd00::/8) and I' am using GUA (global unique address).
Everything works fine if I use NAT but I'm having problem without it. What I am trying to achieve is the same of this topic (the user never got a response):
So now the question is:
is "openvpn with GUA without NAT" something that is currently used and/or does it make sense?
if yes, I have some more details to share, since I have access to the openvpn-client, the openvpn-server (VPS) and the target-server. I analyzed the traffic with tcpdump.
Here is described what happens:
- The openvpn-client gets a GUA from the openvpn-server (fine)
- The openvpn-client tries to contact a webserver on the target-server and sends a SYN package, the openvpn-server forwards the SYN package to the target server without NAT (fine)
- The target-server receives the SYN package and responds with a SYN,ACK package (fine)
- The openvpn-server never gets the SYN,ACK package but it receives a neighbour solicitation package on eth0 from the router of the VPS-Provider, that asks who has the IP of the openvpn-client. Of course there is no neighbour advertisement as answer, because on eth0 there is no such an address.
What am I doing wrong? Could you please help me in finding a solution?
Thank you,
vbx89ps
P.S. The firewall is set to allow everything. This way it can be excluded from being the problem
I implemented ipv6 on my openvpn setup (debian - openvpn version 2.6.3-1). I didn't setup any ULA prefix (fd00::/8) and I' am using GUA (global unique address).
Everything works fine if I use NAT but I'm having problem without it. What I am trying to achieve is the same of this topic (the user never got a response):
So now the question is:
is "openvpn with GUA without NAT" something that is currently used and/or does it make sense?
if yes, I have some more details to share, since I have access to the openvpn-client, the openvpn-server (VPS) and the target-server. I analyzed the traffic with tcpdump.
Here is described what happens:
- The openvpn-client gets a GUA from the openvpn-server (fine)
- The openvpn-client tries to contact a webserver on the target-server and sends a SYN package, the openvpn-server forwards the SYN package to the target server without NAT (fine)
- The target-server receives the SYN package and responds with a SYN,ACK package (fine)
- The openvpn-server never gets the SYN,ACK package but it receives a neighbour solicitation package on eth0 from the router of the VPS-Provider, that asks who has the IP of the openvpn-client. Of course there is no neighbour advertisement as answer, because on eth0 there is no such an address.
What am I doing wrong? Could you please help me in finding a solution?
Thank you,
vbx89ps
P.S. The firewall is set to allow everything. This way it can be excluded from being the problem
Comment