More than 3 years have passed since last update.

VPN網の構築 (IPv4 over IPv6)

Last updated at 2019-12-31Posted at 2019-12-31

構成

| ROUTER A | - NGN - | ROUTER B |

L2TPv3によるVPN網構築

ROUTER A

 bridge br10 {
     address 10.0.200.1/24
     aging 300
     bridged-conntrack disable
     hello-time 2
     max-age 20
     priority 32768
     promiscuous disable
     stp false
 }
- 省略 -
 l2tpv3 l2tpeth0 {
     bridge-group {
         bridge br10
     }
     destination-port 5000
     encapsulation udp
     local-ip [IPv6 AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA]
     mtu 1420
     peer-session-id 2
     peer-tunnel-id 2
     remote-ip  [IPv6 BBBB:BBBB:BBBB:BBBB:BBBB:BBBB:BBBB:BBBB]
     session-id 1
     source-port 5000
     tunnel-id 1
 }

ROUTER B

 bridge br10 {
     address 10.0.200.2/24
     aging 300
     bridged-conntrack disable
     hello-time 2
     max-age 20
     priority 32768
     promiscuous disable
     stp false
 }
- 省略 -
l2tpv3 l2tpeth0 
 bridge-group {
     bridge br10
 }
 destination-port 5000
 encapsulation udp
 local-ip [IPv6 BBBB:BBBB:BBBB:BBBB:BBBB:BBBB:BBBB:BBBB]
 mtu 1420
 peer-session-id 1
 peer-tunnel-id 1
 remote-ip [IPv6 AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA:AAAA]
 session-id 2
 source-port 5000
 tunnel-id 2

トラブルシュート

OSPFでの経路交換が行われない問題

UDPパケットを確認

tcpdump -i [NIC]udp

OSPFの通信状況を確認

tcpdump -i [NIC] -n “ip[9] == 89”

参考文献

https://isid.ai/dev/2016/10/19/1100/

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up