Hi,
shouldn't these two rules work as well?
ip route add <remote public ipv6>/64 via 1111:1::1
ip route add <remote public ipv6>/0 dev<own internet interface>
According to my knowledge thus far, linux should pick routes based on specificity. Since /0 is more specific than /64, it should pick that rule whenever the remote public ipv6 is targeted directly. For all other ips in the remote host's subnet, it should pick the route through the vpn. I tried this and it resulted in the same infinite looping behaviour I experienced previously.
Kind regards
Christopher
Gesendet: Montag, 06. Mai 2019 um 14:28 Uhr
Von: "Rafael Wolf" <rfw...@gmail.com>
An: tinc@tinc-vpn.org
Betreff: Re: very high traffic without any load
Von: "Rafael Wolf" <rfw...@gmail.com>
An: tinc@tinc-vpn.org
Betreff: Re: very high traffic without any load
Lars, interesting - do you have an example of what that might look like in the config file?
Thanks!
On Sun, May 5, 2019 at 6:00 PM Lars Kruse <li...@sumpfralle.de> wrote:
Hello Christoph,
I am glad, that you discovered the source of the problem!
Am Sat, 4 May 2019 08:30:28 +0200
schrieb "Christopher Klinge" <christ.kli...@web.de>:
> The goal was that all connections between my nodes, regardless of whether
> they are destined for internal or external ipv6 addresses, end up using the
> VPN.
This is indeed a bit tricky.
I use a setup with a similar goal based on IPv4. I solved it there by using DNAT
rules for the traffic to be routed through the VPN (based on destination ports).
But DNAT is probably not appropriate in a modern IPv6 world :)
In an IPv6 world you may want to use policy routing.
Simply add specific rules based on the incoming interface ("iif"), the source
address ("from") or ports ("sport" / "dport"). The routes in the target
routing table can be filled by your "node-up" scripts.
Cheers,
Lars
_______________________________________________
tinc mailing list
tinc@tinc-vpn.org
https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
--
_______________________________________________ tinc mailing list tinc@tinc-vpn.org https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc
