On 27/11/2018 15:03, Reco wrote:
> In conclusion, your current NAT66 setup is probably the best you can
> achieve without a risk to your VPS or your sanity ;)
>
OK Reco, that's great. I'm announcing a valid IPv6 address, so it's
achieving its objective. I can route traffic from any of my IOT boxe
On Tue, Nov 27, 2018 at 01:56:34PM +0100, tony wrote:
> >> If I remove the line
> >> -A POSTROUTING -s 2a03:9800:10:54:8000::/65 -o eth0 -j SNAT --to-source
> >> 2a03:9800:10:54::2
> >> I lose any ipv6 routing
> >
> > Strictly speaking, that's expected. Outside world does not know about
> > your n
On 27/11/2018 13:34, Reco wrote:
> Hi.
>
> On Tue, Nov 27, 2018 at 01:20:25PM +0100, tony wrote:
>> On 27/11/2018 12:44, Reco wrote:
>>> Hi.
>>>
>>> On Tue, Nov 27, 2018 at 12:26:03PM +0100, tony wrote:
OK, that fixed it, thanks. Almost there. I had expected the host's
openVPN
Hi.
On Tue, Nov 27, 2018 at 01:20:25PM +0100, tony wrote:
> On 27/11/2018 12:44, Reco wrote:
> > Hi.
> >
> > On Tue, Nov 27, 2018 at 12:26:03PM +0100, tony wrote:
> >> OK, that fixed it, thanks. Almost there. I had expected the host's
> >> openVPN ip (2a03:9800:10:54:8000::1000) to pr
On 27/11/2018 12:44, Reco wrote:
> Hi.
>
> On Tue, Nov 27, 2018 at 12:26:03PM +0100, tony wrote:
>> OK, that fixed it, thanks. Almost there. I had expected the host's
>> openVPN ip (2a03:9800:10:54:8000::1000) to propagate, but I'm seeing my
>> server's address:
>>
>> tony@tony-fr:~$ dig +sh
Hi.
On Tue, Nov 27, 2018 at 12:26:03PM +0100, tony wrote:
> OK, that fixed it, thanks. Almost there. I had expected the host's
> openVPN ip (2a03:9800:10:54:8000::1000) to propagate, but I'm seeing my
> server's address:
>
> tony@tony-fr:~$ dig +short any myip.opendns.com @resolver1.opend
On 27/11/2018 11:55, Reco wrote:
> On Tue, Nov 27, 2018 at 11:53:07AM +0100, tony wrote:
>> On 27/11/2018 11:43, Reco wrote:
>>> Hi.
>>>
>>> On Tue, Nov 27, 2018 at 11:19:12AM +0100, tony wrote:
>> push "route-ipv6 2a03:9800:10:54:8000::/65"
>> push "route-ipv6 2000::/3"
>> push "re
On Tue, Nov 27, 2018 at 11:53:07AM +0100, tony wrote:
> On 27/11/2018 11:43, Reco wrote:
> > Hi.
> >
> > On Tue, Nov 27, 2018 at 11:19:12AM +0100, tony wrote:
> push "route-ipv6 2a03:9800:10:54:8000::/65"
> push "route-ipv6 2000::/3"
> push "redirect-gateway def1 bypass-dhcp"
>
On 27/11/2018 11:43, Reco wrote:
> Hi.
>
> On Tue, Nov 27, 2018 at 11:19:12AM +0100, tony wrote:
push "route-ipv6 2a03:9800:10:54:8000::/65"
push "route-ipv6 2000::/3"
push "redirect-gateway def1 bypass-dhcp"
>>>
>>> Remove these. Use this instead:
>>>
>>> push "redirect-gatew
Hi.
On Tue, Nov 27, 2018 at 11:19:12AM +0100, tony wrote:
> >> push "route-ipv6 2a03:9800:10:54:8000::/65"
> >> push "route-ipv6 2000::/3"
> >> push "redirect-gateway def1 bypass-dhcp"
> >
> > Remove these. Use this instead:
> >
> > push "redirect-gateway def1"
> > push "route-ipv6 ::/0
On 26/11/2018 18:13, Reco wrote:
> Hi.
>
> On Mon, Nov 26, 2018 at 05:53:27PM +0100, tony wrote:
2000::/3 dev tun0 metric 1024 pref medium
2000::/3 dev tun0 metric 1028 pref medium
>>>
>>> Er, wat? Exterminate this travesty, you should never announce things
>>> like these through
Hi.
On Mon, Nov 26, 2018 at 05:53:27PM +0100, tony wrote:
> >> 2000::/3 dev tun0 metric 1024 pref medium
> >> 2000::/3 dev tun0 metric 1028 pref medium
> >
> > Er, wat? Exterminate this travesty, you should never announce things
> > like these through openvpn even once, let alone twice.
On 26/11/2018 16:55, Reco wrote:
> Hi.
>
> It's been a long and an eventful day. But,
>
Sorry to ruin your day. I'm truly grateful for your help.
> On Mon, Nov 26, 2018 at 01:40:22PM +0100, tony wrote:
Have you any further suggestions as to what I might try?
>>>
>>> I'd like to see y
Hi.
It's been a long and an eventful day. But,
On Mon, Nov 26, 2018 at 01:40:22PM +0100, tony wrote:
> >> Have you any further suggestions as to what I might try?
> >
> > I'd like to see your IPv6 routing tables from your VPS and the OpenVPN
> > client.
> > Two simple 'ip -6 ro l' will
On 26/11/2018 12:48, Reco wrote:
> Hi.
>
> On Mon, Nov 26, 2018 at 11:49:13AM +0100, tony wrote:
> As for the persistent configuration, that depends on the contents of
> /etc/network/interfaces. Can be static (it's straightforward then),
> DHCPv6 (you won't be able to do the spli
Hi.
On Mon, Nov 26, 2018 at 11:49:13AM +0100, tony wrote:
> >>> As for the persistent configuration, that depends on the contents of
> >>> /etc/network/interfaces. Can be static (it's straightforward then),
> >>> DHCPv6 (you won't be able to do the split) or RA (ditto).
> >>>
> >> No, it's
Sorry, hit the wrong button!
Forwarded Message
Subject: Re: openvpn over ipv6 /65
Date: Mon, 26 Nov 2018 11:25:09 +0100
From: tony
To: Reco
On 23/11/2018 15:24, Reco wrote:
> HI.
>
> On Fri, Nov 23, 2018 at 03:07:01PM +0100, tony wrote:
>> Thanks
> Hi.
>
> > This will need to be repeated at every reboot,
>
> No, it won't. OP has two stanzas regarding eth0 in e/n/i already - one
> for inet and another one for inet6.
You're right; I'm clearly not having a good day! Thank-you
for the correction.
Steve
--
https://www.steve.org.
Hi.
On Fri, Nov 23, 2018 at 03:39:16PM +, Steve Kemp wrote:
> > with this:
> >
> > iface eth0 inet6 static
> >address 2a03:9800:10:54::2
> >netmask 65
> >gateway 2a03:9800:10:54::1
> >
> > Leave all the other entries intact.
> > Then invoke this as
> with this:
>
> iface eth0 inet6 static
>address 2a03:9800:10:54::2
>netmask 65
>gateway 2a03:9800:10:54::1
>
> Leave all the other entries intact.
> Then invoke this as root (one-time only):
>
> ip a d dev eth0 2a03:9800:10:54::2/64
> ip a a dev eth0 2a03:98
HI.
On Fri, Nov 23, 2018 at 03:07:01PM +0100, tony wrote:
> Thanks for your quick response, Reco,
>
> On 23/11/2018 13:33, Reco wrote:
> > Hi.
> >
> > On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote:
> >> Hi,
> >>
> >> I have a Stretch VPServer with a /64 netbloch, of which only
Thanks for your quick response, Reco,
On 23/11/2018 13:33, Reco wrote:
> Hi.
>
> On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote:
>> Hi,
>>
>> I have a Stretch VPServer with a /64 netbloch, of which only the first 2
>> addresses are used. I've been struggling for some time to get the r
Hi.
On Fri, Nov 23, 2018 at 01:18:45PM +0100, tony wrote:
> Hi,
>
> I have a Stretch VPServer with a /64 netbloch, of which only the first 2
> addresses are used. I've been struggling for some time to get the right
> stanza to split that into two /65s, using the upper half for openvpn.
I
Hi,
I have a Stretch VPServer with a /64 netbloch, of which only the first 2
addresses are used. I've been struggling for some time to get the right
stanza to split that into two /65s, using the upper half for openvpn.
There are many 'quick config' tutorials on the web, but none seem to
suit my o
24 matches
Mail list logo
