another question, ping6 is ok, but can not http or ssh.
add customed rule
ip6tables -t mangle -I POSTROUTING -s 240e:82:aaaa:bbbb::/64 -o wg0 -j SNPT --src-pfx 240e:82:aaaa:bbbb::/64 --dst-pfx 2001:470:cccc:dddd::/64
ip6tables -t mangle -I PREROUTING -i wg0 -d 2001:470:cccc:dddd::/64 -j DNPT --src-pfx 2001:470:cccc:dddd::/64 --dst-pfx 240e:82:aaaa:bbbb::/64
without using vpn:
C:\Users\Allan>tracert www.yahoo.com
通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:
1 1 ms <1 毫秒 <1 毫秒 OpenWrt.lan [fdbb:1fc4:1e19::1]
2 1 ms 1 ms 1 ms 240e:82:aaaa:bbbb::1
3 4 ms 3 ms 2 ms 240e:0:8000::411
4 3 ms 2 ms 2 ms 240e:0:8000:411::c
5 * ^C
a strange question, maybe ndp proxy's fault,must ping gateway before using network.
C:\Users\Allan>tracert www.yahoo.com
通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:
1 * * * 请求超时。
2 * * * 请求超时。
3 ^C
C:\Users\Allan>tracert www.yahoo.com
通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:
1 * ^C
C:\Users\Allan>tracert www.yahoo.com
通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::10] 的路由:
1 * ^C
C:\Users\Allan>ping 240e:82:901:9400::1
正在 Ping 240e:82:aaaa:bbbb::1 具有 32 字节的数据:
来自 240e:82:aaaa:bbbb::1 的回复: 时间=1111ms
来自 240e:82:aaaa:bbbb::1 的回复: 时间=5ms
来自 240e:82:aaaa:bbbb::1 的回复: 时间=2ms
来自 240e:82:aaaa:bbbb::1 的回复: 时间=1ms
240e:82:aaaa:bbbb::1 的 Ping 统计信息:
数据包: 已发送 = 4,已接收 = 4,丢失 = 0 (0% 丢失),
往返行程的估计时间(以毫秒为单位):
最短 = 1ms,最长 = 1111ms,平均 = 279ms
C:\Users\Allan>
though vpn, with snpt dnpt.
C:\Users\Allan>tracert www.yahoo.com
通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:
1 2 ms <1 毫秒 <1 毫秒 OpenWrt.lan [fdbb:1fc4:1e19::1]
2 227 ms 228 ms 228 ms 2001:470:cccc::1
3 292 ms 293 ms 293 ms tunnel589291.tunnel.tserv29.fmt1.ipv6.he.net [2001:470:66:56a::1]
4 289 ms 294 ms 345 ms 10ge3-19.core3.fmt1.he.net [2001:470:0:206::1]
5 296 ms 291 ms 292 ms 100ge6-1.core1.sjc2.he.net [2001:470:0:1a7::2]
6 301 ms 293 ms 292 ms pat2.sjc.yahoo.com [2001:504:0:1:0:1:310:2]
7 291 ms 295 ms 291 ms ae-5.pat1.sjc.yahoo.com [2001:4998:f005:1::]
8 443 ms 445 ms 445 ms ae0.pat1.hkz.yahoo.com [2001:4998:f005:b::1]
9 470 ms 468 ms 468 ms et-3-3-0.pat1.sgy.yahoo.com [2406:2000:f01f:13::]
10 469 ms 469 ms 469 ms ae-5.msr1.sg3.yahoo.com [2406:2000:f01f:3::1]
11 471 ms 470 ms 474 ms 2406:2000:e4:fe01::1
12 472 ms 470 ms 470 ms 2406:2000:e4:fa07::1
13 480 ms 474 ms 472 ms media-router-fp2.prod1.media.vip.sg3.yahoo.com [2406:2000:e4:a1a::11]
ping is ok but can not open web page and ssh.
show connexion reset?
连接到 [2a02:6b8:a::a] 时发生错误。PR_CONNECT_RESET_ERROR
C:\Users\Allan>tracert www.yahoo.com
通过最多 30 个跃点跟踪
到 new-fp-shed.wg1.b.yahoo.com [2406:2000:e4:a1a::11] 的路由:
1 2 ms <1 毫秒 <1 毫秒 OpenWrt.lan [fdbb:1fc4:1e19::1]
2 227 ms 228 ms 228 ms 2001:470:cccc::1
3 292 ms 293 ms 293 ms tunnel589291.tunnel.tserv29.fmt1.ipv6.he.net [2001:470:66:56a::1]
4 289 ms 294 ms 345 ms 10ge3-19.core3.fmt1.he.net [2001:470:0:206::1]
5 296 ms 291 ms 292 ms 100ge6-1.core1.sjc2.he.net [2001:470:0:1a7::2]
6 301 ms 293 ms 292 ms pat2.sjc.yahoo.com [2001:504:0:1:0:1:310:2]
7 291 ms 295 ms 291 ms ae-5.pat1.sjc.yahoo.com [2001:4998:f005:1::]
8 443 ms 445 ms 445 ms ae0.pat1.hkz.yahoo.com [2001:4998:f005:b::1]
9 470 ms 468 ms 468 ms et-3-3-0.pat1.sgy.yahoo.com [2406:2000:f01f:13::]
10 469 ms 469 ms 469 ms ae-5.msr1.sg3.yahoo.com [2406:2000:f01f:3::1]
11 471 ms 470 ms 474 ms 2406:2000:e4:fe01::1
12 472 ms 470 ms 470 ms 2406:2000:e4:fa07::1
13 480 ms 474 ms 472 ms media-router-fp2.prod1.media.vip.sg3.yahoo.com [2406:2000:e4:a1a::11]
ping npt's ipv6 in router, to vps server and turn back, ok,
root@OpenWrt:~# traceroute6 2001:470:4999:100:276b:d046:1cb:783d
traceroute to 2001:x:x:x:276b:d046:1cb:783d (2001:x:x:x:276b:d046:1cb:783d), 30 hops max, 64 byte packets
1 2001:x:x::1 (2001:x:x::1) 228.426 ms 226.692 ms 227.231 ms
2 2001:x:x::x (2001:x:x::x) 227.932 ms 228.225 ms 227.459 ms
3 240e:x:x:x:d4e3:d046:1cb:783d (240e:x:x:x:d4e3:d046:1cb:783d) 228.241 ms 228.812 ms 228.694 ms
npt'ed indeed.
but ping npt'ed ipv6 from vps server:
root@localhost:~# ping6 2001:x:x:x:276b:d046:1cb:783d
PING 2001:x:x:x:276b:d046:1cb:783d(2001:x:x:x:276b:d046:1cb:783d) 56 data bytes
^C
25 packets transmitted, 0 received, 100% packet loss, time 24579ms
is it because firewall only accept related packet sent from wg0? one feature of state firewall?