Hi,
in office we have a /48 ipv6 from our provider and we have our own /48
from RIPE. The provider ipv6 is in place and running well. Now we want
to add ipv6 access in parallel using our own ipv6 range for our
notebooks if outside office where there is no ipv6 possibility. This one
is terminated in a bgp VM outside our office network.
We have setup an tun openvpn on notebooks where a /64 is sended through,
all is good. Problem is that when notebooks are in the office, we can't
reach them through their VPN ipv6 IP, packets are coming in but no
answer. What we want to do is that all trafic coming in from tun
interface goes out from this too.
What we did where $tmpif is our tun interface:
$fwtables add rule ip6 filter input iifname "$tmpif" meta mark set 201
counter
$fwtables add rule ip6 filter forward iifname "$tmpif" accept
$fwtables add rule ip6 filter output oifname "$tmpif" meta mark ==
$mymark accept
$fwtables add rule ip6 nat postrouting oifname "$tmpif" counter
masquerade random,persistent
ip -6 rule add fwmark 201 table isp1
ip -6 r add default via <ipv6 of other VPN end> dev $tmpif table isp1
Additionnaly, with this setup, we can't access <ipv6 of other VPN end>
getting permission denied when trying to ping.
What is wrong with our setup ?
Thanks for any hint
--
Daniel