Hi.
Today I was given a remote VM that it has only ipv6. So I can only connect to that if I too obtain ipv6 address.
I realized that a VPS that I have has an ipv6 because I can use the command
and get responses.
Now, in that VPS I have set up a VPN server inside an LXC. From that container I cannot use the ping6 command and also, VPN clients obtain only ipv4 addresses. What I want to achieve is to give access to the ipv6 network to the VPN clients. So, in the end, to connect through this VPN to the new VM I mentioned earlier.
Here is how I have configured the host and the container so far:
@HOST:
Code:
cat /var/lib/lxc/VPN/config
# Template used to create this container: /usr/share/lxc/templates/lxc-debian
# Parameters passed to the template: -r jessie
# For additional config options, please look at lxc.container.conf(5)
#lxc.network.type = empty
lxc.rootfs = /var/lib/lxc/VPN/rootfs
# Common configuration
lxc.include = /usr/share/lxc/config/debian.common.conf
# Container specific configuration
lxc.mount = /var/lib/lxc/VPN/fstab
lxc.utsname = VPN
lxc.arch = amd64
lxc.autodev = 1
lxc.kmsg = 0
lxc.start.auto = 1
# Network config
lxc.network.type = veth
lxc.network.veth.pair = vethVPN
lxc.network.name = veth0
lxc.network.flags = up
lxc.network.hwaddr = 00:16:3e:42:1d:a7
lxc.network.link = br0
## for openvpn
lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.cgroup.devices.allow = c 10:200 rwm
Code:
cat /etc/iptables/rules.v4
# Generated by iptables-save v1.4.21 on Thu Jun 28 08:57:47 2018
*filter
:INPUT ACCEPT [17498738:2002935490]
:FORWARD ACCEPT [75677814:64716798763]
:OUTPUT ACCEPT [16825445:2395228038]
COMMIT
# Completed on Thu Jun 28 08:57:47 2018
# Generated by iptables-save v1.4.21 on Thu Jun 28 08:57:47 2018
*nat
:PREROUTING ACCEPT [5:288]
:INPUT ACCEPT [5:288]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p udp -m udp --dport 1194 -j DNAT --to-destination 192.168.1.2:1194
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
Code:
cat /proc/sys/net/ipv4/ip_forward
1
@ VPN CONTAINER:
Code:
cat /etc/network/interfaces
auto lo
iface lo inet loopback
#auto eth0
#iface eth0 inet dhcp
auto veth0
iface veth0 inet static
address 192.168.1.2
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1
iface veth0 inet6 static
address 5:6:7:8:101:1:1:1
netmask 80
Code:
cat /etc/iptables/rules.v4
# Generated by iptables-save v1.4.21 on Sat Mar 11 19:37:10 2017
*nat
:PREROUTING ACCEPT [3:180]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [1:67]
:POSTROUTING ACCEPT [1:67]
-A POSTROUTING -s 10.8.0.0/24 -o veth0 -j MASQUERADE
COMMIT
Code:
cat /proc/sys/net/ipv4/ip_forward
1
As you can see I tried to assign an ipv6 address to the container (/etc/network/interfaces) but that didn't really work (still no results from ping6 command).
Can someone help/guide me in order to give access to the ipv6 network in both container and vpn clients?
Any idea / hint is welcome.
Thanks.
