i don't understand what's going on. everything worked fine on 7.3
from lan:
# ping 2a02:6b8::2:242
rule 14/(match) [uid 0, pid 25342] pass in on vport0: 302:e594:4a01:512a::20 > 2a02:6b8::2:242: icmp6: echo request (id:0001 seq:30) [icmp6 cksum ok] (len 40, hlim 128)
rule 14/(match) [uid 0, pid 25342] pass out on pppoe0: 302:e594:4a01:512a::20 > 2a02:6b8::2:242: icmp6: echo request (id:0001 seq:30) [icmp6 cksum ok] (len 40, hlim 127)
# ping 222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c
rule 14/(match) [uid 0, pid 65591] pass in on vport0: 302:e594:4a01:512a::20 > ff02::1:ff2f:a92c: icmp6: neighbor sol: who has 222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c(src lladdr: 44:8a:5b:a2:18:59) [icmp6 cksum ok] (len 32, hlim 255)
..and nothing. but should be like this, but from router:
# ping 222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c
..<bla-bla pass in on vport0 from lan>..
rule 14/(match) [uid 0, pid 65591] pass out on tun0: 302:e594:4a01:512a::1 > 222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c: icmp6: echo request (id:8301 seq:0) [icmp6 cksum ok] (len 64, hlim 64)
rule 14/(match) [uid 0, pid 65591] pass in on tun0: 222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c > 302:e594:4a01:512a::1: icmp6: echo reply (id:8301 seq:0) [icmp6 cksum ok] [flowlabel 0x41b0d] (len 64, hlim 64)
..<bla-bla pass out on vport0 to lan>..
routes:
Destination Gateway Flags Refs Use Mtu Prio Iface Label
default fe80::%pppoe0 UGS 0 1648 - 8 pppoe0
200::/7 202:e594:4a01:512a:2409:634a:4ddb:6b39 UCn 2 3 - 4 tun0
222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c link#0 UHc 0 13 - 3 tun0
302:e594:4a01:512a::/64 302:e594:4a01:512a::1 UCn 2 2 - 4 vport0
302:e594:4a01:512a::1 00:00:00:00:00:01 UHLl 0 27 - 1 vport0
302:e594:4a01:512a::20 44:8a:5b:a2:18:59 UHLc 0 23 - 3 vport0
what the white 2a02:6b8::2:242 from lan sends to pppoe0 is correct, since the default route is used.
what deprecated 222:a8e4:50cd:55c:788e:b0a5:4e2f:a92c sends from the router(302:e594:4a01:512a::1) to tun0 is correct, since there is the separate route for 200/7.
but what the hell happens when i try to do the same from lan(302:e594:4a01:512a::20)?! at the same time, there are no problems in communication between 302:e594:4a01:512a::20 and 302:e594:4a01:512a::1.
even net.inet6.ip6.use_deprecated=1, although i do not know what it does, but it definitely does not affect anything here.
yes, the version of yggdrasil has changed, but it does not reach him. and pf has nothing to do with it, since everything is allowed in it.
does anyone have any idea what i'm doing wrong?
No comments:
Post a Comment