Hi list,
I got an ipv6 /48 from my provider. I gave an ipv6 address to the UTM interface connected to the provider, a second one to the internal interface of UTM with ipv6 GW being the UTM interface connected to provider. I don't use Prefix Advertisement which is limited to /64. BTW, would it work if I use another mask like /96 or so ?
My Setup: host with Linux Debian9 and libvirt/kvm. UTM is software in a VM v9.510-5. A second VM act as server for OpenVPN, DHCP, DNS, aso. Everything is working fine with ipv4. I create a FW rule to allow all ipv6 to ipv6 for all services. I setted manually ipv6 address to a host behind the UTM -which means connected to the internal interface- and from here I can ping, ssh or telnet to outside, all is good.
Problem is that I can't connect/reach the other way, outside to internal. I can ping the UTM provider interface, that's all. What is also possible is to ssh an outside port redirected to the ipv6 of the host, but session doesn't finish properly. With tshark I can see the traffic coming and on the client side (ssh -vvv) I have after a while:
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
Connection closed by <UTM external ipv6 addr> port <ssh port>
Client is a VM in DC with same set up (Host Debian9, VM Debian9, ipv6 in /64 subnet). From the host behind UTM I can ping, ssh, telnet this client.
Any clue on that ?
Daniel
This thread was automatically locked due to age.
