TCP/IPv6 thru ssh tunnel

linux ssh ipv6
13,006

Yes, it is possible and not too difficult, but the solution is very suboptimal, since SSH runs over TCP and has a sensible overhead.

The server must have in its configuration file sshd_config:

PermitTunnel point-to-point

Then, you need to be root on both machines. You connect to the server using:

ssh -w any root@server

After connection, use the command ip link in both systems to know which tunN device was created in each one, and use it in the following commands. Note that I'm using example site-local addresses, which are obsolete, but ok for this introduction.

On the server:

server# ip link set tun0 up
server# ip addr add fec0:1::1/112 dev tun0

On the client:

client# ip link set tun0 up
client# ip addr add fec0:1::2/112 dev tun0

This is enough so that you can ping the other side through the tunnel, if there is no firewall rule blocking. The next step is to set routes over the tunnel (don't forget net.ipv6.conf.default.forwarding=1), and then adjust the link MTU to get optimal performance.

server# sysctl net.ipv6.conf.all.forwarding=1

client# ip -6 route add default via fec0:1::1

This will allow your client to ping other networks that the server has access to, given that the targets have routes back to your remote client.

You'll also have to fix the link MTU so that the client doesn't send packets that the server won't be able to transmit forward. This depends on the MTU of the IPv6 link of the server itself. Do not rely on path MTU discovery since it won't work correctly over the SSH tunnel. If in doubt, start with a low MTU value, like 1280 (minimum MTU allowed for IPv6).

Share:
13,006

Related videos on Youtube

Admin
Author by

Admin

Updated on September 17, 2022

Comments

  • Admin
    Admin almost 2 years

    i am wondering how to tunnel tcp/ipv6 traffic over the ssh/ipv4 tunnel (ptp connection). Is it possible? How can i achieve that?

    • Sam Cogan
      Sam Cogan over 13 years
      Are you trying to tunnel JUST ipV6 traffic over the tunnel? As your SSH tunnel will allow you to use IPV5 or V6 over it without issue, assuming the network at either ends support it.
    • Reece45
      Reece45 over 13 years
      TCP over TCP is usually not a good idea: sites.inka.de/sites/bigred/devel/tcp-tcp.html TCP over TCP over TCP: It doesn't sound any better
  • Jeremy Visser
    Jeremy Visser over 13 years
    The minimum MTU that IPv6 supports is 1280 (in contrast to IPv4, which supports a minimum MTU of 576). Warning: if you set your MTU below 1280, your IPv6 addresses will disappear, and won’t be able to be re-added until you restart SSH!
  • larsr
    larsr over 10 years
    OS X doesn't have the ip command, so set the ip address with sudo ifconfig tun0 inet6 fec0:1::2/112 up and set the route with sudo route add -inet6 -mtu 1280 default fec0:1::1

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Unable to ssh server via ipv6
How do I use rsync with an IPv6 address via SSH?
Why does my remote process still run after killing an ssh session?
Neither libtoolize nor glibtoolize could be found
mysqldump with ssh connection in shell script
Can't kill PHP script
SSH remote server - display only "echo" on output in terminal
Using WinSCP to grab a file through a tunnel
How to handle special characters in a wget download link?
how to keep an ssh connection from closing?