Bonjour,
J'aurais bien aimé faire parti des hérétiques.
Je voulais le faire sur Untangle mais pas vu la possibilité de faire du nat avec ipv6.
Je mets OpenWrt en amont mais j'arrive pas à joindre les adresses vers Untangle.
L'ajout de route static en ipv6 ne semble rien changer, j'ai testé tout ce qui mettait passer par la tête, j'espere d'autres suggestion car j'ai évidement pas tout compris.
Les requetes depuis eth5 sont natées mais pas de retour, celles depuis eth0 semblent aller nulle part aprés être arrivées sur eth2(br-lan).
OpenWrt Untangle
eth2(br-lan) <--> eth5
eth0(wan) eth0 (lan)
OpenWrt
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
link/ether 52:54:00:2f:f4:ca brd ff:ff:ff:ff:ff:ff
inet 192.168.1.19/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a01:_:_:8100:5054:ff:fe2f:f4ca/64 scope global dynamic noprefixroute
valid_lft 86368sec preferred_lft 568sec
inet6 fe80::5054:ff:fe2f:f4ca/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br-lan state UP qlen 1000
link/ether 52:54:00:1b:1e:9d brd ff:ff:ff:ff:ff:ff
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 52:54:00:1b:1e:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.15.2/24 brd 192.168.15.255 scope global br-lan
valid_lft forever preferred_lft forever
inet6 2a01:_:_:81fd::1/64 scope global dynamic noprefixroute
valid_lft 86389sec preferred_lft 589sec
inet6 fd92:94c4:2cf2::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe1b:1e9d/64 scope link
valid_lft forever preferred_lft forever
ip -6 n
fe80::5054:ff:fe2f:f4ca dev eth0 lladdr 52:54:00:2f:f4:ca used 0/0/0 probes 0 STALE
2a01:_:_:8100:5054:ff:fe2f:f4ca dev br-lan used 0/0/0 probes 6 FAILED
2a01:_:_:8100:5239:2fff:feda:f740 dev eth0 lladdr 50:39:2f:da:f7:40 router ref 1 used 0/0/0 probes 1 REACHABLE
fe80::5054:ff:fe79:bd99 dev br-lan lladdr 52:54:00:79:bd:99 ref 1 used 0/0/0 probes 1 DELAY
2a01:_:_:8100:5054:ff:fe79:bd99 dev eth0 ref 1 used 0/0/0 probes 4 INCOMPLETE
fe80::5239:2fff:feda:f740 dev eth0 lladdr 50:39:2f:da:f7:40 router used 0/0/0 probes 1 STALE
2a01:_:_:8100:4502:a08c:143a:3b83 dev br-lan used 0/0/0 probes 6 FAILED
fe80::f09e:beff:feb5:267f dev br-lan lladdr f2:9e:be:b5:26:7f router ref 1 used 0/0/0 probes 1 DELAY
2a01:_:_:8100:c225:e9ff:fe1e:ffde dev br-lan used 0/0/0 probes 6 FAILED
2a01:_:_:8100:f09e:beff:feb5:267f dev eth0 used 0/0/0 probes 6 FAILED
fe80::2bc:e21c:578e:13c2 dev eth0 lladdr 18:01:f1:4b:60:f3 used 0/0/0 probes 0 STALE
ip -6 r
default from 2a01:_:_:8100::/64 via fe80::5239:2fff:feda:f740 dev eth0 metric 384
default from 2a01:_:_:81fd::/64 via fe80::5239:2fff:feda:f740 dev eth0 metric 384
2a01:_:_:8100:5239:2fff:feda:f740 dev eth0 metric 1024
2a01:_:8100::/64 dev eth0 metric 256
unreachable 2a01:_:_:8100::/64 dev lo metric 2147483647
2a01:_:_:8110::/64 dev lo metric 1024
2a01:_:_:81fd::/64 dev br-lan metric 1024
unreachable 2a01:_:_:81fd::/64 dev lo metric 2147483647
fd92:94c4:2cf2::/64 dev br-lan metric 1024
unreachable fd92:94c4:2cf2::/48 dev lo metric 2147483647
fe80::/64 dev br-lan metric 256
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth1 metric 256
anycast 2a01:_:_:8100:: dev eth0 metric 0
anycast 2a01:_:_:81fd:: dev br-lan metric 0
anycast fd92:94c4:2cf2:: dev br-lan metric 0
anycast fe80:: dev eth0 metric 0
anycast fe80:: dev br-lan metric 0
anycast fe80:: dev eth1 metric 0
multicast ff00::/8 dev br-lan metric 256
multicast ff00::/8 dev eth0 metric 256
multicast ff00::/8 dev eth1 metric 256
Untangle
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:a9:76:35 brd ff:ff:ff:ff:ff:ff
altname enp0s11
altname ens11
inet 192.168.10.1/24 brd 192.168.10.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 2a01:cb22:800d:8110::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fea9:7635/64 scope link
valid_lft forever preferred_lft forever
7: eth5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:79:bd:99 brd ff:ff:ff:ff:ff:ff
altname enp0s16
altname ens16
inet 192.168.15.1/24 brd 192.168.15.255 scope global eth5
valid_lft forever preferred_lft forever
inet6 2a01:_:_:8100:5054:ff:fe79:bd99/64 scope global dynamic mngtmpaddr
valid_lft 86374sec preferred_lft 574sec
inet6 fe80::5054:ff:fe79:bd99/64 scope link
valid_lft forever preferred_lft forever
tcpdump -vv -i any ip6 and not port 53
09:13:15.117373 eth2 In IP6 (flowlabel 0x6085f, hlim 64, next-header TCP (6) payload length: 40) 2a01:_:_:8100:5054:ff:fe79:bd99.6516 > lafibre.info.80: Flags [S], cksum 0x21b2 (incorrect -> 0x58a0), seq 2678813998, win 64800, options [mss 1440,sackOK,TS val 936340066 ecr 0,nop,wscale 7], length 0
09:13:15.117373 br-lan In IP6 (flowlabel 0x6085f, hlim 64, next-header TCP (6) payload length: 40) 2a01:_:_:8100:5054:ff:fe79:bd99.6516 > lafibre.info.80: Flags [S], cksum 0x21b2 (incorrect -> 0x58a0), seq 2678813998, win 64800, options [mss 1440,sackOK,TS val 936340066 ecr 0,nop,wscale 7], length 0
09:13:15.117411 eth0 Out IP6 (flowlabel 0x6085f, hlim 63, next-header TCP (6) payload length: 40) 2a01:_:_:8100:5054:ff:fe2f:f4ca.6516 > lafibre.info.80: Flags [S], cksum 0x5899 (incorrect -> 0x21b9), seq 2678813998, win 64800, options [mss 1440,sackOK,TS val 936340066 ecr 0,nop,wscale 7], length 0
09:13:15.244790 eth2 In IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::f09e:beff:feb5:267f > 2a01:_:_:8100:5239:2fff:feda:f740: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2a01:_:_:8100:5239:2fff:feda:f740
09:13:15.244792 br-lan In IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::f09e:beff:feb5:267f > 2a01:_:_:8100:5239:2fff:feda:f740: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2a01:_:_:8100:5239:2fff:feda:f740
09:13:15.244819 br-lan Out IP6 (flowlabel 0xc0786, hlim 64, next-header ICMPv6 (58) payload length: 80) fe80::5054:ff:fe1b:1e9d > fe80::f09e:beff:feb5:267f: [icmp6 sum ok] ICMP6, destination unreachable, beyond scope 2a01:_:_:8100:5239:2fff:feda:f740, source address fe80::f09e:beff:feb5:267f
09:13:15.244820 eth2 Out IP6 (flowlabel 0xc0786, hlim 64, next-header ICMPv6 (58) payload length: 80) fe80::5054:ff:fe1b:1e9d > fe80::f09e:beff:feb5:267f: [icmp6 sum ok] ICMP6, destination unreachable, beyond scope 2a01:_:_:8100:5239:2fff:feda:f740, source address fe80::f09e:beff:feb5:267f
09:13:15.244948 eth0 Out IP6 (flowlabel 0x3a6ce, hlim 255, next-header ICMPv6 (58) payload length: 8) 2a01:_:_:8100:5054:ff:fe2f:f4ca > 2a01:_:_:8100:5239:2fff:feda:f740: [icmp6 sum ok] ICMP6, echo request, id 0, seq 0
09:13:15.244999 br-lan Out IP6 (flowlabel 0x30a53, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5054:ff:fe1b:1e9d > fe80::f09e:beff:feb5:267f: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2a01:_:_:8100:5239:2fff:feda:f740, Flags [solicited]
09:13:15.245000 eth2 Out IP6 (flowlabel 0x30a53, hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5054:ff:fe1b:1e9d > fe80::f09e:beff:feb5:267f: [icmp6 sum ok] ICMP6, neighbor advertisement, length 32, tgt is 2a01:_:_:8100:5239:2fff:feda:f740, Flags [solicited]
09:13:15.245316 eth0 In IP6 (hlim 255, next-header ICMPv6 (58) payload length: 8) 2a01:_:_:8100:5239:2fff:feda:f740 > 2a01:_:_:8100:5054:ff:fe2f:f4ca: [icmp6 sum ok] ICMP6, echo reply, id 0, seq 0
09:13:15.308901 eth0 In IP6 (flowlabel 0x6d418, hlim 51, next-header TCP (6) payload length: 40) lafibre.info.80 > 2a01:_:_:8100:5054:ff:fe2f:f4ca.6516: Flags [S.], cksum 0xcfce (correct), seq 1174323951, ack 2678813999, win 64260, options [mss 1440,sackOK,TS val 1485632119 ecr 936340066,nop,wscale 10], length 0
09:13:15.308925 eth0 Out IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5054:ff:fe2f:f4ca > ff02::1:ff79:bd99: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2a01:_:_:8100:5054:ff:fe79:bd99
09:13:16.080060 br-lan Out IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5054:ff:fe1b:1e9d > ff02::1:ff2f:f4ca: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2a01:_:_:8100:5054:ff:fe2f:f4ca
09:13:16.080064 eth2 Out IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5054:ff:fe1b:1e9d > ff02::1:ff2f:f4ca: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has 2a01:_:_:8100:5054:ff:fe2f:f4ca