# Problem with OpenVPN + Sixxs IPv6 + Routing, AICCU and radvd

## Pegasus87

Hello,

I have some issues on my local server and network with IPv6 routing. My IPv6 tunnel is provided by sixxs and worked great for a long time. The configuration was as simple as it could be: The server has 2 interfaces, eth0 and eth1. eth0 is used for the local LAN with subnet 192.168.4.X. eth1 is used with ppp0 to connect to the internet. Additionaly the sixxs interface was created by AICCU. The radvd ran on eth0 with this config:

```

interface eth0 { 

        AdvSendAdvert on;

        MinRtrAdvInterval 30;

        MaxRtrAdvInterval 100;

        prefix <my_subnet>::/64 {

                AdvOnLink on;

                AdvAutonomous on;

        };                       

};

```

Everything worked fine, each client in 192.168.4.X got an IPv6 global link address and was able to connect through the server to the internet.

Now:

 Last week I tried to set up an OpenVPN server to make a remote network (connected via wifi) available in my local network. Therefore I added a bridge to /etc/conf.d/net to connect my eth0 and the tap0 of the VPN tunnel.

```

config_eth0="null"

rc_net_br0_need="net.eth0 openvpn.bridge"

bridge_br0="eth0 tap0"

# or dynamically add them when the interface comes up

#bridge_add_eth0="br0"

config_br0="192.168.4.1/24 

        <my_subnet>::1/64"

```

As you can see eth0 now has no IP address, br0 gets the IP eth0 had before and the ::1 of my IPv6 subnet. br0 is waiting for the openvpn until it provides the tap0 and then combine eth0 and tap0.

So far so good...

After replacing eth0 by br0 in my shorewall configuration everything worked as before (for IPv4 !!). To get IPv6 working again I replaced eth0 with br0 in radvd.conf too:

```

interface br0 { 

        AdvSendAdvert on;

        MinRtrAdvInterval 30;

        MaxRtrAdvInterval 100;

        prefix <my_subnet>::/64 {

                AdvOnLink on;

                AdvAutonomous on;

        };                       

};

```

After that my ip addr show on the server looks like that:

```

5: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000

    link/ether 00:01:2e:23:bc:9a brd ff:ff:ff:ff:ff:ff

    inet6 fe80::201:2eff:fe23:bc9a/64 scope link 

       valid_lft forever preferred_lft forever

37: sixxs: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN 

    link/sit 92.226.70.22 peer 78.35.24.135

    inet6 <tunnel>::2/64 scope global 

       valid_lft forever preferred_lft forever

    inet6 fe80::c0a8:401/64 scope link 

       valid_lft forever preferred_lft forever

    inet6 fe80::5ce2:4619/64 scope link 

       valid_lft forever preferred_lft forever

    inet6 fe80::c0a8:2cbc/64 scope link 

       valid_lft forever preferred_lft forever

    inet6 fe80::c0a8:501/64 scope link 

       valid_lft forever preferred_lft forever

72: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 100

    link/ether 5e:d7:61:ee:ec:36 brd ff:ff:ff:ff:ff:ff

    inet6 fe80::5cd7:61ff:feee:ec36/64 scope link 

       valid_lft forever preferred_lft forever

73: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 

    link/ether 00:01:2e:23:bc:9a brd ff:ff:ff:ff:ff:ff

    inet 192.168.4.1/24 brd 192.168.4.255 scope global br0

    inet6 <my_sub>::1/64 scope global 

       valid_lft forever preferred_lft forever

    inet6 fe80::201:2eff:fe23:bc9a/64 scope link 

       valid_lft forever preferred_lft forever

```

And here is the ip -6 route on the server:

```

<tunnel>::/64 via :: dev sixxs  proto kernel  metric 256 

<my_subnet>::/64 dev eth1  proto kernel  metric 256  expires 69563sec

<my_subnet>::/64 dev br0  proto kernel  metric 256 

fe80::/64 dev eth0  proto kernel  metric 256 

fe80::/64 via :: dev sixxs  proto kernel  metric 256 

fe80::/64 dev tap0  proto kernel  metric 256 

fe80::/64 dev br0  proto kernel  metric 256 

default via <my_subnet>::1 dev sixxs  metric 1024

```

Pinging an external IPv6 ip from the server is no problem, but pinging from a machine in my local network IT IS! Here you see:

```

# ping6 ipv6.google.com

PING ipv6.google.com(ber01s09-in-x12.1e100.net) 56 data bytes

^C

--- ipv6.google.com ping statistics ---

15 packets transmitted, 0 received, 100% packet loss, time 13999ms

```

A client in the 192.168.4.X network gets a correct IPv6 address from the radvd, for example:

```

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000

    inet6 <my_subnet>:52e5:49ff:fe5f:26d4/64 scope global dynamic 

       valid_lft 86375sec preferred_lft 14375sec

    inet6 fe80::52e5:49ff:fe5f:26d4/64 scope link 

       valid_lft forever preferred_lft forever

```

It's a scope global dynamic so it should be possible to communicate with the internet.

The routing table on this client looks like that:

```

<my_subnet>::/64 dev eth0  proto kernel  metric 256  expires 86370sec

fe80::/64 dev eth0  proto kernel  metric 256 

ff00::/8 dev eth0  metric 256 

default via fe80::201:2eff:fe23:bc9a dev eth0  proto ra  metric 1024  expires 270sec

```

You can see that it goes per default via the link local address of the br0 (fe80::201:2eff:fe23:bc9a) of the server machine. But there seems to be the problem... The server is not able to get the package through the sixxs interface.

I didn't do anything more or less than in my old configuration without the VPN tap0 and the br0 interface. What's the matter here? I just plugged 2 interfaces together... Why it's not working anymore?

Thanks for help!

----------

