When I run freelan in tap mode, both IPv4 and IPv6 works perfectly fine. However when I run it in tun mode, no IPv6 packets get delivered to remote peers. I've done some tracing and it looks like some internal routing issue within Freelan - built with debug enabled, I can see:
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
>$ ping -c5 9.0.0.1
PING 9.0.0.1 (9.0.0.1) 56(84) bytes of data.
64 bytes from 9.0.0.1: icmp_seq=1 ttl=64 time=3.56 ms
64 bytes from 9.0.0.1: icmp_seq=2 ttl=64 time=1.99 ms
64 bytes from 9.0.0.1: icmp_seq=3 ttl=64 time=1.91 ms
64 bytes from 9.0.0.1: icmp_seq=4 ttl=64 time=1.98 ms
64 bytes from 9.0.0.1: icmp_seq=5 ttl=64 time=1.98 ms
--- 9.0.0.1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 1.916/2.290/3.563/0.637 ms
$ ping6 -c5 2aa1::1
PING 2aa1::1(2aa1::1) 56 data bytes
--- 2aa1::1 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms
Network config on the machines appears fine.
$ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1446
inet 9.0.0.5 netmask 255.255.255.0 destination 9.0.0.0
inet6 2aa1::2 prefixlen 8 scopeid 0x0<global>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ ip -6 route | grep '2a00::/8'
2a00::/8 dev tun0 proto kernel metric 256
$ ifconfig tun0
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1446
inet 9.0.0.1 netmask 255.255.255.0 destination 9.0.0.0
inet6 2aa1::1 prefixlen 8 scopeid 0x0<global>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 5 bytes 420 (420.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 420 (420.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
$ ip -6 route | grep '2a00::/8'
2a00::/8 dev tun1 proto kernel metric 256
Doing packet dumps can see that traffic is sent out via the right interface on the sender side, but never appears on the interface on the recipent side. Have checked that IPv6 packet forwarding is enabled on both machines.
Reading configuration file at: "/etc/freelan/freelan.cfg"
2015-03-07T23:15:00.192012 [DEBUG] Opening core...
2015-03-07T23:15:00.192132 [INFORMATION] Starting FSCP server...
2015-03-07T23:15:00.192256 [IMPORTANT] Core set to listen on: 0.0.0.0:12000
2015-03-07T23:15:00.192292 [INFORMATION] Building CA store...
2015-03-07T23:15:00.192410 [DEBUG] Resolving 192.168.1.2:12000 for potential contact...
2015-03-07T23:15:00.192537 [DEBUG] Resolving 192.168.1.1:12000 for potential contact...
2015-03-07T23:15:00.192623 [INFORMATION] FSCP server started.
2015-03-07T23:15:00.193065 [IMPORTANT] Tap adapter "tun0" opened in mode tun with a MTU set to: 1446
2015-03-07T23:15:00.193120 [INFORMATION] IPv4 address: 9.0.0.5/24
2015-03-07T23:15:00.193150 [INFORMATION] IPv6 address: 2aa1::2/8
2015-03-07T23:15:00.193183 [INFORMATION] No IPv4 remote address configured. Using a default of: 9.0.0.0
2015-03-07T23:15:00.193433 [INFORMATION] Putting interface into the connected state.
2015-03-07T23:15:00.193689 [INFORMATION] Advertising the following routes: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.193734 [DEBUG] Core opened.
2015-03-07T23:15:00.193807 [INFORMATION] Using 2 thread(s).
2015-03-07T23:15:00.193831 [IMPORTANT] Execution started.
2015-03-07T23:15:00.194292 [DEBUG] Thread #0 started.
2015-03-07T23:15:00.194448 [DEBUG] No session exists with 192.168.1.2:12000 (at 192.168.1.2:12000). Contacting...
2015-03-07T23:15:00.194490 [DEBUG] Sending HELLO to 192.168.1.2:12000
2015-03-07T23:15:00.194694 [DEBUG] No session exists with 192.168.1.1:12000 (at 192.168.1.1:12000). Contacting...
2015-03-07T23:15:00.194731 [DEBUG] Sending HELLO to 192.168.1.1:12000
2015-03-07T23:15:00.195142 [DEBUG] Received HELLO_REQUEST from 192.168.1.2:12000.
2015-03-07T23:15:00.195883 [DEBUG] Received HELLO_RESPONSE from 192.168.1.2:12000 at 192.168.1.2:12000. Latency: 00:00:00.000663
2015-03-07T23:15:00.196176 [DEBUG] Received PRESENTATION from 192.168.1.2:12000: C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected].
2015-03-07T23:15:00.196539 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=Wellington CA/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.196814 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.196950 [INFORMATION] Accepting PRESENTATION from 192.168.1.2:12000 (C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected]): first presentation.
2015-03-07T23:15:00.197015 [DEBUG] Sending SESSION_REQUEST to 192.168.1.2:12000.
2015-03-07T23:15:00.197468 [TRACE] Sending session request message to 192.168.1.2:12000 (next_session_number: 0, local_host_identifier: e1a8a88580b5d54052ae81b65d8512098d22968c32a256ec5ff7d4183fa7d9c2)
2015-03-07T23:15:00.202409 [DEBUG] Received HELLO_RESPONSE from 192.168.1.1:12000 at 192.168.1.1:12000. Latency: 00:00:00.007007
2015-03-07T23:15:00.202804 [DEBUG] Received PRESENTATION from 192.168.1.1:12000: C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=management/name=VPN/[email protected].
2015-03-07T23:15:00.202964 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=Wellington CA/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.203148 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=management/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.203210 [INFORMATION] Accepting PRESENTATION from 192.168.1.1:12000 (C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=management/name=VPN/[email protected]): first presentation.
2015-03-07T23:15:00.203246 [DEBUG] Sending SESSION_REQUEST to 192.168.1.1:12000.
2015-03-07T23:15:00.203628 [TRACE] Sending session request message to 192.168.1.1:12000 (next_session_number: 0, local_host_identifier: 6fdeec09ee5c01263b631ada804f5a391f3875dc1b21ac7565ceb13b26bc8119)
2015-03-07T23:15:00.204577 [DEBUG] Thread #1 started.
2015-03-07T23:15:00.204724 [DEBUG] Received PRESENTATION from 192.168.1.2:12000: C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected].
2015-03-07T23:15:00.204877 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=Wellington CA/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.205060 [INFORMATION] C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected] is valid.
2015-03-07T23:15:00.205121 [INFORMATION] Accepting PRESENTATION from 192.168.1.2:12000 (C=NZ, ST=NZ, L=Wellington, O=Wellington, OU=Example, CN=buildhost/name=VPN/[email protected]): same presentation.
2015-03-07T23:15:00.205158 [DEBUG] Sending SESSION_REQUEST to 192.168.1.2:12000.
2015-03-07T23:15:00.206191 [TRACE] Sending session request message to 192.168.1.2:12000 (next_session_number: 0, local_host_identifier: e1a8a88580b5d54052ae81b65d8512098d22968c32a256ec5ff7d4183fa7d9c2)
2015-03-07T23:15:00.208378 [DEBUG] Received SESSION_REQUEST from 192.168.1.2:12000 (default: accept).
2015-03-07T23:15:00.208414 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-07T23:15:00.208454 [DEBUG] Elliptic curve capabilities: secp384r1
2015-03-07T23:15:00.208498 [TRACE] Received a SESSION_REQUEST from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_secp384r1. No current session exist: preparing one and sending it.
2015-03-07T23:15:00.213091 [TRACE] Sending session message to 192.168.1.2:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.215400 [DEBUG] Received SESSION_REQUEST from 192.168.1.1:12000 (default: accept).
2015-03-07T23:15:00.215437 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-07T23:15:00.215461 [DEBUG] Elliptic curve capabilities: secp384r1
2015-03-07T23:15:00.215497 [TRACE] Received a SESSION_REQUEST from 192.168.1.1:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_secp384r1. No current session exist: preparing one and sending it.
2015-03-07T23:15:00.219811 [TRACE] Sending session message to 192.168.1.1:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.221963 [DEBUG] Received SESSION_REQUEST from 192.168.1.2:12000 (default: accept).
2015-03-07T23:15:00.221999 [DEBUG] Cipher suites capabilities: ecdhe_rsa_aes256_gcm_sha384 ecdhe_rsa_aes128_gcm_sha256
2015-03-07T23:15:00.222055 [DEBUG] Elliptic curve capabilities: secp384r1
2015-03-07T23:15:00.222157 [TRACE] Received a SESSION_REQUEST from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384_secp384r1. No current session exist: preparing one and sending it.
2015-03-07T23:15:00.222198 [TRACE] Sending session message to 192.168.1.2:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.224525 [DEBUG] Received SESSION from 192.168.1.1:12000 (default: accept).
2015-03-07T23:15:00.224560 [DEBUG] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.224581 [DEBUG] Elliptic curve: secp384r1
2015-03-07T23:15:00.226277 [TRACE] Session established with 192.168.1.1:12000. Sending acknowledgement session message back.
2015-03-07T23:15:00.226376 [TRACE] Sending session message to 192.168.1.1:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.229530 [IMPORTANT] Session established with 192.168.1.1:12000.
2015-03-07T23:15:00.229596 [INFORMATION] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.229648 [INFORMATION] Elliptic curve: secp384r1
2015-03-07T23:15:00.229873 [DEBUG] Sending routes request to 192.168.1.1:12000.
2015-03-07T23:15:00.229941 [DEBUG] Received SESSION from 192.168.1.2:12000 (default: accept).
2015-03-07T23:15:00.229996 [DEBUG] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.230217 [DEBUG] Elliptic curve: secp384r1
2015-03-07T23:15:00.230134 [INFORMATION] Added system route: eth0 - 192.168.1.1/32 - metric 0
2015-03-07T23:15:00.231768 [TRACE] Session established with 192.168.1.2:12000. Sending acknowledgement session message back.
2015-03-07T23:15:00.231818 [TRACE] Sending session message to 192.168.1.2:12000 (session number: 0, cipher suite: ecdhe_rsa_aes256_gcm_sha384, elliptic curve: secp384r1).
2015-03-07T23:15:00.234185 [IMPORTANT] Session established with 192.168.1.2:12000.
2015-03-07T23:15:00.234224 [INFORMATION] Cipher suite: ecdhe_rsa_aes256_gcm_sha384
2015-03-07T23:15:00.234259 [INFORMATION] Elliptic curve: secp384r1
2015-03-07T23:15:00.234417 [DEBUG] Sending routes request to 192.168.1.2:12000.
2015-03-07T23:15:00.234546 [TRACE] Received a SESSION from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-07T23:15:00.234596 [TRACE] Received a SESSION from 192.168.1.1:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-07T23:15:00.234823 [TRACE] Received a SESSION from 192.168.1.2:12000 with session number 0 and cipher suite ecdhe_rsa_aes256_gcm_sha384. A session currently exists and has the same number and cipher suite. Ignoring.
2015-03-07T23:15:00.234844 [INFORMATION] Added system route: lo - 192.168.1.2/32 - metric 0
2015-03-07T23:15:00.235285 [DEBUG] Received routes request from 192.168.1.1:12000. Replying with version 0: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.235333 [DEBUG] Sending routes to 192.168.1.1:12000: version 0 (9.0.0.5/32, 2aa1::2/128).
2015-03-07T23:15:00.235430 [DEBUG] Received routes request from 192.168.1.2:12000. Replying with version 0: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.235471 [DEBUG] Sending routes to 192.168.1.2:12000: version 0 (9.0.0.5/32, 2aa1::2/128).
2015-03-07T23:15:00.237421 [INFORMATION] Received routes from 192.168.1.1:12000 (version 0) were applied: 9.0.0.1/32, 2aa1::1/128
2015-03-07T23:15:00.237562 [WARNING] Received system routes from 192.168.1.1:12000 (version 0) but none matched the system route acceptance policy (none, limit 1): 9.0.0.1/32, 2aa1::1/128
2015-03-07T23:15:00.237802 [INFORMATION] Received routes from 192.168.1.2:12000 (version 0) were applied: 9.0.0.5/32, 2aa1::2/128
2015-03-07T23:15:00.238002 [WARNING] Received system routes from 192.168.1.2:12000 (version 0) but none matched the system route acceptance policy (none, limit 1): 9.0.0.5/32, 2aa1::2/128
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 84 byte(s) on tun0
Routing 84 byte(s) of data from tap_adapter(tun0) to endpoint(192.168.1.1:12000)
Routing 84 byte(s) of data from endpoint(192.168.1.1:12000) to tap_adapter(tun0)
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.
Read 104 byte(s) on tun0
Routing 104 byte(s) of data from tap_adapter(tun0): no route.