[eduVPN-deploy] NDP problems using public IPv6
François Kooman
fkooman at deic.dk
Mon Sep 12 11:32:48 CEST 2022
On 12.09.22 10:45, Pascal Panneels via eduVPN-deploy wrote:
> Hi François, all,
Hi Pascal,
> net.ipv4.ip_forward = 1
> net.ipv4.conf.all.proxy_arp = 1
> net.ipv6.conf.all.forwarding = 1
> net.ipv6.conf.all.proxy_ndp = 1
All that should be needed is the sysctl options that are already set in
/etc/sysctl.d/70-vpn.conf (by default).
Do you have a "non-standard" IPv6 deployment on that site?
The configuration assumes that (just like it would be with IPv4) the
IPv6 prefix that is to be assigned to the VPN clients is routed to the
public IPv6 address of the VPN server by the first router in the path
(and allow egress from this prefix as well arriving from the VPN
server's public IPv6 address).
Of course, this all assumes that you use a *static* IPv6 address on the
VPN server and have the routing properly configured in your router.
Make sure you update the VPN server firewall to allow the forwarding
to/from the correct IP ranges and disable NAT there. Even without *any*
firewall rules on the VPN server it should work, so you can temporary
disable the entire firewall to see if that helps.
Can you provide the output of `ip6tables -S` and `ip6tables -S -t nat`
and `ip -6 addr show`?
Regards,
François
More information about the eduVPN-deploy
mailing list