Hallo Zusammen,
ich habe mir einen Arch-Server als Home-Router aufgesetzt und habe derzeit Probleme, IPv6 zum Laufen zu bekommen, IPv4-Routing funktioniert einwandfrei.
Ich habe auch schon mehrere Guides dazu im Internet gewälzt, aber leider hat sich bei keinem die Lösung gefunden.
Erstmal zu den Details des Aufbaus, es handelt sich um einen FTTH-Anschluss der Telekom:
Telekom Glasfaser-Modem 2 -> Arch-Server -> Netzwerk
Für das Routing verwende ich systemd-networkd und iptables.
Meine Konfigurationsdateien (ich versuche mich auf die wichtigen zu beschränken):
/etc/ppp/peers/provider
noipdefault
defaultroute
hide-password
lcp-echo-interval 20
lcp-echo-failure 3
connect /bin/true
noauth
noaccomp
default-asyncmap
plugin rp-pppoe.so
nic-vlan7
user XXXXXX@t-online.de
nodetach
persist
debug
+ipv6
/etc/systemd/network/10-ppp0.network
[Match]
Name=ppp0
[Network]
DefaultRouteOnDevice=true
IPv6AcceptRA=yes
DHCPPrefixDelegation=yes
DHCP=yes
[DHCPv6]
PrefixDelegationHint=56
UseDNS=false
[DHCPPrefixDelegation]
UplinkInterface=:self
SubnetId=0
Announce=no
[IPv6AcceptRA]
UseDNS=false
/etc/systemd/network/10-lan.network
[Match]
Name=lan
[Network]
Address=192.168.1.1/24
DHCPServer=yes
VLAN=vlan100
VLAN=vlan101
VLAN=vlan102
[Network]
IPv6SendRA=yes
IPv6AcceptRA=no
DHCPPrefixDelegation=yes
[DHCPPrefixDelegation]
UplinkInterface=ppp0
Announce=yes
SubnetId=1
[DHCPServer]
PoolOffset=100
PoolSize=154
DNS=192.168.1.1
/etc/sysctl.d/01-ipforward.conf
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.core.default_qdisc=fq_codel
net.ipv4.tcp_congestion_control=bbr
net.ipv4.tcp_notsent_lowat=16384
Zumindest ppp0 hat eine IPv6-Adresse, die LAN-Schnittstelle allerdings nicht, wie "ip a" zeigt:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0a:cd:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global lan
valid_lft forever preferred_lft forever
inet6 fe80::20a:cdff:fe42:98a4/64 scope link
valid_lft forever preferred_lft forever
3: wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 90:2b:34:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::922b:34ff:fe9a:8ba8/64 scope link
valid_lft forever preferred_lft forever
4: vlan7@wan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 90:2b:34:xx:xx:xx brd ff:ff:ff:ff:ff:ff
inet6 fe80::922b:34ff:fe9a:8ba8/64 scope link
valid_lft forever preferred_lft forever
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet x.x.x.x peer x.x.x.x/32 scope global ppp0
valid_lft forever preferred_lft forever
inet6 2003:.../64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 14063sec preferred_lft 1463sec
inet6 fe80::dd9a:ea5c:4b0f:e0ba peer fe80::f6b5:2fff:fe7a:80fe/128 scope link
valid_lft forever preferred_lft forever
ip6tables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lo * ::/0 ::/0
1005 407K ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 REJECT tcp * * ::/0 ::/0 tcp flags:!0x13/0x02 ctstate NEW reject-with icmp6-port-unreachable
0 0 REJECT all * * ::/0 ::/0 ctstate INVALID reject-with icmp6-port-unreachable
116 8672 ACCEPT ipv6-icmp * * ::/0 ::/0
652 149K MAIN-INPUT all * * ::/0 ::/0
652 149K REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 REJECT all * * ::/0 ::/0 ctstate INVALID reject-with icmp6-port-unreachable
0 0 ACCEPT ipv6-icmp * * ::/0 ::/0
0 0 MAIN-FORWARD all * * ::/0 ::/0
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable
Chain OUTPUT (policy ACCEPT 1026 packets, 98035 bytes)
pkts bytes target prot opt in out source destination
157 15732 ACCEPT ipv6-icmp * * ::/0 ::/0
Chain DHCP-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp lan * ::/0 ::/0 udp dpt:547
0 0 ACCEPT udp vlan100 * ::/0 ::/0 udp dpt:547
0 0 ACCEPT udp vlan101 * ::/0 ::/0 udp dpt:547
0 0 ACCEPT udp vlan102 * ::/0 ::/0 udp dpt:547
0 0 ACCEPT udp lan * ::/0 fe80::/64 ctstate NEW udp dpt:546
0 0 ACCEPT udp vlan100 * ::/0 fe80::/64 ctstate NEW udp dpt:546
0 0 ACCEPT udp vlan101 * ::/0 fe80::/64 ctstate NEW udp dpt:546
0 0 ACCEPT udp vlan102 * ::/0 fe80::/64 ctstate NEW udp dpt:546
Chain MAIN-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 ROUTING-FORWARD all * * ::/0 ::/0
Chain MAIN-INPUT (1 references)
pkts bytes target prot opt in out source destination
652 149K DHCP-INPUT all * * ::/0 ::/0
652 149K SSH-INPUT all * * ::/0 ::/0
652 149K UNBOUND-INPUT all * * ::/0 ::/0
Chain ROUTING-FORWARD (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lan * ::/0 ::/0
0 0 ACCEPT all vlan100 * ::/0 ::/0
0 0 ACCEPT all vlan101 * ::/0 ::/0
0 0 ACCEPT all vlan102 * ::/0 ::/0
Chain SSH-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp lan * ::/0 ::/0 tcp dpt:22 limit: avg 10/min burst 50
Chain UNBOUND-INPUT (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp lan * ::/0 ::/0 udp dpt:53
0 0 ACCEPT tcp lan * ::/0 ::/0 tcp dpt:53
0 0 ACCEPT udp vlan100 * ::/0 ::/0 udp dpt:53
0 0 ACCEPT tcp vlan100 * ::/0 ::/0 tcp dpt:53
0 0 ACCEPT udp vlan101 * ::/0 ::/0 udp dpt:53
0 0 ACCEPT tcp vlan101 * ::/0 ::/0 tcp dpt:53
0 0 ACCEPT udp vlan102 * ::/0 ::/0 udp dpt:53
0 0 ACCEPT tcp vlan102 * ::/0 ::/0 tcp dpt:53
Hat jemand eine Idee, wo der Fehler liegt oder wie ich evtl. die Ursache suchen kann?
Bin für jede Hilfe dankbar...
Vorher hatte ich OpnSense am gleichen Anschluss verwendet, da funktioniert IPv6 einwandfrei.
Besten Dank.