|
hello. I'm eunseon.
I have tried remote access ipsec connection, 3th topic in USAGI ipsec HOW-TO documentation. it worked.
but, in the test of the doc, inner host just have site-local address(fec0:0:0:2000::202) not global address. so, remote host have to use site-local address(fec0:0:0:2000::202) of inner host(host2) when it have to send packet to innerhost. I want to make inner host to use global address, (3ffe:a:b:f:d::30)
tunnel sg1 ============================= eth1 -- sg2 --eth0 inner host 3ffe:a:b:c:d::10 3ffe:a:b:c:d::20 3ffe:a:b:f:d:20 3ffe:a:b:f:d:30
needed routing and tunnel configuration is done. the packet
sg1--> sg2 3ffe:a:b:c:d::10 > 3ffe:a:b:c:d::20: 3ffe:a:b:c:d::10 > 3ffe:a:b:f:d::30: icmp6: echo request
sg2--> inner host 3ffe:a:b:c:d::10 > 3ffe:a:b:f:d::30: icmp6: echo request innerhost--> sg2 3ffe:a:b:f:d::30 > 3ffe:a:b:c:d::10: icmp6: echo reply
in other words, the tunneling from sg1->sg2 is work , but sg2->sg1 is not work. sg2 doesn't send capsulated packet. sg2 already have routing entry - ip route add 3ffe:a:b:c::/64 dev tnl0
routing table is almost set rightly, I think. but in tunneling configuration, I got something to have to know..
Among the configuration in the doc, the only one line that I can understand is below line.
---------ip addr add fe80::20 dev tnl0-------
I think that i have to different value to above configuration line , to use global ip address to inner host, what rule is exist the line??
I think anyone is exist who know the mean of above command line... why link-local address is used .. not site-local. Thank you for reading, bye.
|