No one ?
If not, does someone knows a clear documentation on how to setup
nftables for two or more isp's ?
Thanks for any hint
Le 22/09/2020 à 22:46, Daniel a écrit :
Hi,
in office we have a /48 ipv6 from our provider and we have our own /48
from RIPE. The provider ipv6 is in place and running well. Now we want
to add ipv6 access in parallel using our own ipv6 range for our
notebooks if outside office where there is no ipv6 possibility. This
one is terminated in a bgp VM outside our office network.
We have setup an tun openvpn on notebooks where a /64 is sended
through, all is good. Problem is that when notebooks are in the
office, we can't reach them through their VPN ipv6 IP, packets are
coming in but no answer. What we want to do is that all trafic coming
in from tun interface goes out from this too.
What we did where $tmpif is our tun interface:
$fwtables add rule ip6 filter input iifname "$tmpif" meta mark set 201
counter
$fwtables add rule ip6 filter forward iifname "$tmpif" accept
$fwtables add rule ip6 filter output oifname "$tmpif" meta mark ==
$mymark accept
$fwtables add rule ip6 nat postrouting oifname "$tmpif" counter
masquerade random,persistent
ip -6 rule add fwmark 201 table isp1
ip -6 r add default via <ipv6 of other VPN end> dev $tmpif table isp1
Additionnaly, with this setup, we can't access <ipv6 of other VPN end>
getting permission denied when trying to ping.
What is wrong with our setup ?
Thanks for any hint
--
Daniel
