i activated on two of my firewalls an ipv6 tunnelbroker.
Setup an ipsec tunnel between both asg's with ipv4 adresses and the two official ipv6 networks.
so on the first ASG the SA looks like this:
SA: 2001:a60:f0a4::/48=10.10.252.10 123.456.789.123=2001:4dd0:f88a::/48
and on the other like this:
SA: 2001:4dd0:f88a::/48=10.20.100.1 456.789.123.456=2001:a60:f0a4::/48
What i wanna do with this, is to hold the traffic between thos two networks "internal" what imho
should be fine.
But it won't work, do i have an error in my configuration? I tried to figure out something with netstat -A inet6 -rn but i coudn't find any routes. Is there another command for routing on the ASG?
Interessting is that on a windows PC i can make a traceroute, which looks like this:
C:\Users\robert>tracert svn.ducktales.net
Routenverfolgung zu 2001:a60:f0a4:1110::7 über maximal 30 Abschnitte:
1
And a Ping shows:
C:\Users\robert>ping svn.ducktales.net
Ping wird ausgeführt für 2001:a60:f0a4:1110::7 mit 32 Bytes Daten:
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Zeitüberschreitung der Anforderung.
Ping-Statistik für 2001:a60:f0a4:1110::7:
Pakete: Gesendet = 4, Empfangen = 0, Verloren = 4
(100% Verlust),
C:\Users\robert>
The ipconfig of that windows PC looks like this:
Ethernet-Adapter LAN-Verbindung:
Verbindungsspezifisches DNS-Suffix:
IPv6-Adresse. . . . . . . . . . . : 2001:4dd0:f88a:2010::21
Verbindungslokale IPv6-Adresse . : fe80::fcea:8c92:88ce:5bf8%10
IPv4-Adresse . . . . . . . . . . : 10.20.10.21
Subnetzmaske . . . . . . . . . . : 255.255.255.0
Standardgateway . . . . . . . . . : 2001:4dd0:f88a:2010::1
fe80::20c:29ff:fe07:850a%10
10.20.10.1
on a Linux PC on the same subnet i'm able to Ping, but not to traceroute:
server:~# ifconfig
eth0 Link encap:Ethernet Hardware Adresse 00:0c:29:cc:bc[:D]9
inet Adresse:10.20.10.2 Bcast:10.20.10.255 Maske:255.255.255.0
inet6-Adresse: 2001:4dd0:f88a:2010::2/128 Gültigkeitsbereich:Global
inet6-Adresse: fe80::20c:29ff:fecc:bcd9/64 Gültigkeitsbereich:Verbindung
UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1
RX packets:77831833 errors:0 dropped:0 overruns:0 frame:0
TX packets:75955098 errors:0 dropped:0 overruns:0 carrier:0
Kollisionen:0 Sendewarteschlangenlänge:1000
RX bytes:98922864274 (92.1 GiB) TX bytes:68333717745 (63.6 GiB)
server:~# netstat -A inet6 -rn
Kernel-IPv6-Routentabelle
Destination Next Hop Flag Met Ref Use If
2001:4dd0:f88a:2010::2/128 :: U 256 0 0 eth0
2001:4dd0:f88a:2010::/64 :: UAe 256 0 76 eth0
fe80::/64 :: U 256 0 0 eth0
::/0 2001:4dd0:f88a:2010::1 UG 1 0 148 eth0
::/0 fe80::20c:29ff:fe07:850a UGDAe 1024 0 0 eth0
::/0 :: !n -1 1 304 lo
::1/128 :: Un 0 1 1055 lo
2001:4dd0:f88a:2010::2/128 :: Un 0 1 29 lo
fe80::20c:29ff:fecc:bcd9/128 :: Un 0 1 59 lo
ff00::/8 :: U 256 0 0 eth0
::/0 :: !n -1 1 304 lo
server:~# ping6 2001:a60:f0a4:1110::7
PING 2001:a60:f0a4:1110::7(2001:a60:f0a4:1110::7) 56 data bytes
64 bytes from 2001:a60:f0a4:1110::7: icmp_seq=1 ttl=62 time=133 ms
64 bytes from 2001:a60:f0a4:1110::7: icmp_seq=2 ttl=62 time=135 ms
64 bytes from 2001:a60:f0a4:1110::7: icmp_seq=3 ttl=62 time=133 ms
64 bytes from 2001:a60:f0a4:1110::7: icmp_seq=4 ttl=62 time=133 ms
64 bytes from 2001:a60:f0a4:1110::7: icmp_seq=5 ttl=62 time=128 ms
64 bytes from 2001:a60:f0a4:1110::7: icmp_seq=6 ttl=62 time=132 ms
^C
--- 2001:a60:f0a4:1110::7 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5019ms
rtt min/avg/max/mdev = 128.052/132.944/135.084/2.271 ms
server:~# traceroute6 !$
traceroute6 2001:a60:f0a4:1110::7
traceroute to 2001:a60:f0a4:1110::7 (2001:a60:f0a4:1110::7), 30 hops max, 40 byte packets
1 2001:4dd0:f88a:2010::1 (2001:4dd0:f88a:2010::1) 0.664 ms 0.649 ms 0.639 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
server:~#
Any ideas? I have no entrys in the packetfilter.log nor in the ips.log
Robert
