On 15/07/2012 00:10, Alex Smith wrote:
>
> On 14 Jul 2012, at 19:31, Phil Stewart <phil.stewart@???> wrote:
>> An initial disclaimer: I firewall port 22 by country of origin, so pretty much all email originating from address blocks allocated to China, Russia, and a couple of others are blocked
> 25 or 22?
>
Ooops! Yes, I do mean port 25. Port 22 is of course somewhat more
heavily locked down ;-)
--
Phil
From bitfolk@??? Tue Jul 17 10:46:51 2012
Received: from ra.tolien.co.uk ([2001:ba8:1f1:f07a::2])
by mail.bitfolk.com with esmtp (Exim 4.72)
(envelope-from <bitfolk@???>) id 1Sr5Ip-0005pn-0b
for users@???; Tue, 17 Jul 2012 10:46:51 +0000
Received: from camulus.tolien.co.uk
(cpc5-ersk3-2-0-cust76.14-1.cable.virginmedia.com [82.0.24.77])
by ra.tolien.co.uk (Postfix) with ESMTPA id ED220110149
for <users@???>; Tue, 17 Jul 2012 10:46:44 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
by camulus.tolien.co.uk (Postfix) with ESMTP id B5B0E2034F8
for <users@???>; Tue, 17 Jul 2012 11:46:44 +0100 (BST)
X-Virus-Scanned: Debian amavisd-new at camulus.tolien.co.uk
Received: from camulus.tolien.co.uk ([127.0.0.1])
by localhost (camulus.tolien.co.uk [127.0.0.1]) (amavisd-new,
port 10024) with ESMTP id vToKlYnNBFeP for <users@???>;
Tue, 17 Jul 2012 11:46:43 +0100 (BST)
Received: by camulus.tolien.co.uk (Postfix, from userid 33)
id A0A862054E1; Tue, 17 Jul 2012 11:46:43 +0100 (BST)
To: <users@???>
X-PHP-Originating-Script: 0:main.inc
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
format=flowed
Content-Transfer-Encoding: 7bit
Date: Tue, 17 Jul 2012 11:46:43 +0100
From: Stuart Swindells <bitfolk@???>
Message-ID: <1517ac1d07ffc56889537bd5282a3890@???>
X-Sender: bitfolk@???
User-Agent: Roundcube Webmail/0.7.2
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Tue,
17 Jul 2012 10:46:51 +0000
X-SA-Exim-Connect-IP: 2001:ba8:1f1:f07a::2
X-SA-Exim-Mail-From: bitfolk@???
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
spamd0.lon.bitfolk.com
X-Spam-Level:
X-Spam-ASN:
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT
shortcircuit=ham autolearn=disabled version=3.3.1
X-Spam-Report: * -0.0 SHORTCIRCUIT Not all rules were run,
due to a shortcircuited rule
* -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP
X-SA-Exim-Version: 4.2.1 (built Mon, 22 Mar 2010 06:51:10 +0000)
X-SA-Exim-Scanned: Yes (on mail.bitfolk.com)
Subject: [bitfolk] IPv6 VPN with tinc
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/users>,
<mailto:users-request@lists.bitfolk.com?subject=unsubscribe>
List-Archive: <http://lists.bitfolk.com/lurker/list/users.html>
List-Post: <mailto:users@lists.bitfolk.com>
List-Help: <mailto:users-request@lists.bitfolk.com?subject=help>
List-Subscribe: <https://lists.bitfolk.com/mailman/listinfo/users>,
<mailto:users-request@lists.bitfolk.com?subject=subscribe>
X-List-Received-Date: Tue, 17 Jul 2012 10:46:51 -0000
I tried following the guide at
https://tools.bitfolk.com/wiki/IPv6/VPNs
to set up a tunnel between my VPS and a machine at home (both running
Debian testing), the plan being to give out v6 addresses to the machines
at home.
I have a /56 assigned to my VPS (2001:ba8:1f1:a00/56), and the VPS's
eth0 has 2001:ba8:1f1:a00::2 assigned to it as well as an IP from the
original /64 (2001:ba8:1f1:f07a::2). The IPv6 on there seems to work
fine (I can ping ipv6.google.com etc.).
The two ends are assigned IPs in 2001:ba8:1f1:a01::/64 - the VPS has
::1, the machine at the other end ::2.
When I start tinc on both machines, I can ping the other endpoint IPs
(i.e. ::2 from the VPS, ::1 from the machine at home) as well as the
VPS's other IPs (i.e. I can ping the IP from the original /64 from
home), but the machine at home can't get to anything beyond the VPS.
On the VPS (ra):
tinc.conf
Name = ra
ConnectTo = camulus
Interface = camulus
Device = /dev/net/tun
DeviceType = tap
BindToAddress = 85.119.82.221
Port = 655
Mode = switch
tinc-up
#!/bin/sh
ip address add 2001:ba8:1f1:a01::1/64 dev $INTERFACE
ip link set dev $INTERFACE promisc on
ip link set dev $INTERFACE up
exit 0
On camulus:
Name = camulus
ConnectTo = ra
Interface = ra
Device = /dev/net/tun
DeviceType = tap
BindToAddress = 192.168.1.13
Port = 655
Mode = switch
tinc-up
#!/bin/sh
ip -6 addr add 2001:ba8:1f1:a01::2/64 dev $INTERFACE
ip link set dev $INTERFACE promisc on
ip link set dev $INTERFACE up
ip -6 route add default via 2001:ba8:1f1:a01::1 dev $INTERFACE
exit 0
On both:
hosts/camulus
Port 655
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
hosts/ra
Address = 85.119.82.221
Port = 655
-----BEGIN RSA PUBLIC KEY-----
-----END RSA PUBLIC KEY-----
What am I missing?
Cheers,
Stuart
From chris@??? Tue Jul 17 11:21:53 2012
Received: from equinox.loggytronic.net ([85.119.82.64])
by mail.bitfolk.com with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
(Exim 4.72) (envelope-from <chris@???>)
id 1Sr5qj-0007GF-GF
for users@???; Tue, 17 Jul 2012 11:21:53 +0000
Received: from [143.53.47.14] by equinox.loggytronic.net with esmtpsa
(TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72)
(envelope-from <chris@???>) id 1Sr5qY-0007le-VT
for users@???; Tue, 17 Jul 2012 12:21:43 +0100
Message-ID: <50054AC9.3090902@???>
Date: Tue, 17 Jul 2012 12:21:45 +0100
From: Chris Tallon <chris@???>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:13.0) Gecko/20120615 Thunderbird/13.0.1
MIME-Version: 1.0
To: users@???
References: <1517ac1d07ffc56889537bd5282a3890@???>
In-Reply-To: <1517ac1d07ffc56889537bd5282a3890@???>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanner: Scanned by ClamAV on mail.bitfolk.com at Tue,
17 Jul 2012 11:21:53 +0000
X-SA-Exim-Connect-IP: 85.119.82.64
X-SA-Exim-Mail-From: chris@???
X-SA-Exim-Scanned: No (on mail.bitfolk.com); SAEximRunCond expanded to false
Subject: Re: [bitfolk] IPv6 VPN with tinc
X-BeenThere: users@???
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Users of BitFolk hosting <users.lists.bitfolk.com>
List-Unsubscribe: <https://lists.bitfolk.com/mailman/options/use
