| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 25 Oct 2017 23:28:38 -0400 From: Jeff Barnhill <0xeffeff@...il.com> To: David Ahern <dsahern@...il.com> Cc: netdev@...r.kernel.org Subject: Re: v6/sit tunnels and VRFs Thanks, David. VM1: sudo ip addr add 192.168.200.1/24 dev enp0s8 broadcast 192.168.200.255 sudo ip link set enp0s8 up sudo ip route add 192.168.210.0/24 nexthop via 192.168.200.3 dev enp0s8 sudo ip tunnel add jtun mode sit remote 192.168.210.2 local 192.168.200.1 sudo ip -6 addr add 2001::1/64 dev jtun sudo ip link set jtun up VM2: sudo ip addr add 192.168.210.2/24 dev enp0s8 broadcast 192.168.210.255 sudo ip link set enp0s8 up sudo ip route add 192.168.200.0/24 nexthop via 192.168.210.3 dev enp0s8 sudo ip link add dev myvrf type vrf table 256 sudo ip link set myvrf up sudo ip link set enp0s8 vrf myvrf sudo ip tunnel add jtun mode sit remote 192.168.200.1 local 192.168.210.2 sudo ip link set jtun vrf myvrf sudo ip -6 addr add 2001::2/64 dev jtun sudo ip link set jtun up VM3: sudo ip addr add 192.168.200.3/24 dev enp0s8 broadcast 192.168.200.255 sudo ip addr add 192.168.210.3/24 dev enp0s9 broadcast 192.168.210.255 sudo ip link set enp0s8 up sudo ip link set enp0s9 up sudo sysctl net.ipv4.conf.enp0s8.forwarding=1 sudo sysctl net.ipv4.conf.enp0s9.forwarding=1 jeff@VM2:~$ ping -c 3 -I jtun 2001::1 PING 2001::1(2001::1) from 2001::2 jtun: 56 data bytes >From 2001::2 icmp_seq=1 Destination unreachable: Address unreachable >From 2001::2 icmp_seq=2 Destination unreachable: Address unreachable >From 2001::2 icmp_seq=3 Destination unreachable: Address unreachable --- 2001::1 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2039ms jeff@VM2:~$ ping -c 3 -I myvrf 2001::1 ping6: Warning: source address might be selected on device other than myvrf. PING 2001::1(2001::1) from 2001::2 myvrf: 56 data bytes >From 2001::2 icmp_seq=1 Destination unreachable: Address unreachable >From 2001::2 icmp_seq=2 Destination unreachable: Address unreachable >From 2001::2 icmp_seq=3 Destination unreachable: Address unreachable --- 2001::1 ping statistics --- 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2045ms Let me know if you have any questions or if you think I've done something wrong. Thanks, Jeff On Wed, Oct 25, 2017 at 5:31 PM, David Ahern <dsahern@...il.com> wrote: > On 10/25/17 2:45 PM, Jeff Barnhill wrote: >> Are v6/sit tunnels working with VRFs? >> >> For instance, I have a very simple configuration with three VMs >> running 4.13.0-16 (Ubuntu Server 17.10) kernels. VM3 is setup as a >> router for separation. VM1 and VM2 have static routes to each other >> via VM3. All VMs have v4 interfaces configured. If I setup a sit >> tunnel with v6 addrs from V1 to V2, tunneled data flows as expected >> (verified with ping) and can be seen via tcpdump on VM3. However, if >> I create a VRF on VM2 and enslave the v4 interface and tunnel to that >> VRF, data does not leave VM2 and ping displays "Destination Host >> Unreachable". I did verify that basic v4 ping works between VM1 and >> VM2 with the v4 interface on VM2 enslaved to VRF device. >> >> If this should work, I can provide more details with configuration commands. > > Please provide configuration details and I'll take a look
Powered by blists - more mailing lists