Desktop(artyom-H97-D3H):artyom@artyom-H97-D3H:~$ ping6 fd00:7306:6bc5::1PING

1. Desktop(artyom-H97-D3H):
2. artyom@artyom-H97-D3H:~$ ping6 fd00:7306:6bc5::1
3. PING fd00:7306:6bc5::1(fd00:7306:6bc5::1) 56 data bytes
4. 64 bytes from fd00:7306:6bc5::1: icmp_seq=1 ttl=63 time=4.13 ms
5. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=2 Destination unreachable: Address unreachable
6. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=3 Destination unreachable: Address unreachable
7. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=4 Destination unreachable: Address unreachable
8. 64 bytes from fd00:7306:6bc5::1: icmp_seq=5 ttl=63 time=7.73 ms
9. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=6 Destination unreachable: Address unreachable
10. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=7 Destination unreachable: Address unreachable
11. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=8 Destination unreachable: Address unreachable
12. 64 bytes from fd00:7306:6bc5::1: icmp_seq=9 ttl=63 time=4.05 ms
13. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=10 Destination unreachable: Address unreachable
14. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=11 Destination unreachable: Address unreachable
15. From fd7a:46c:f954:0:76d4:35ff:fef8:9f90 icmp_seq=12 Destination unreachable: Address unreachable
16. 64 bytes from fd00:7306:6bc5::1: icmp_seq=13 ttl=63 time=9.09 ms
17. ^C
18. --- fd00:7306:6bc5::1 ping statistics ---
19. 13 packets transmitted, 4 received, +9 errors, 69% packet loss, time 12197ms
20. rtt min/avg/max/mdev = 4.054/6.253/9.095/2.213 ms
21.  
22.  
23. artyom@artyom-H97-D3H:~$ sudo ip -6 addr
24. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1
25. inet6 ::1/128 scope host
26. valid_lft forever preferred_lft forever
27. 2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
28. inet6 fd7a:46c:f954:0:76d4:35ff:fef8:9f90/64 scope global mngtmpaddr dynamic
29. valid_lft forever preferred_lft forever
30. inet6 2002:b035:e00d:0:76d4:35ff:fef8:9f90/64 scope global mngtmpaddr dynamic
31. valid_lft forever preferred_lft forever
32. inet6 fe80::76d4:35ff:fef8:9f90/64 scope link
33. valid_lft forever preferred_lft forever
34.  
35.  
36. artyom@artyom-H97-D3H:~$ sudo ip -6 neighbor
37. fe80::21e:6ff:fecb:1923 dev eno1 lladdr 00:1e:06:cb:19:23 router STALE
38. fe80::12fe:edff:fee5:bd00 dev eno1 lladdr 10:fe:ed:e5:bd:00 router STALE
39. fd7a:46c:f954::110 dev eno1 lladdr 00:1e:06:cb:19:23 router STALE
40. fd00:7306:6bc5::1 dev eno1 FAILED
41. 2002:b035:e00d:ff00::ff dev eno1 lladdr 00:1e:06:cb:19:23 STALE
42.  
43.  
44. artyom@artyom-H97-D3H:~$ sudo ip -6 route
45. 2002:b035:e00d::/64 dev eno1 proto kernel metric 256 mtu 1280 pref medium
46. 2002:b035:e00d:ff00::/64 via fe80::21e:6ff:fecb:1923 dev eno1 proto ra metric 1024 expires 1485sec pref medium
47. 2002:b035:e00d::/48 via fe80::12fe:edff:fee5:bd00 dev eno1 proto ra metric 1024 pref medium
48. fd7a:46c:f954::/64 dev eno1 proto kernel metric 256 mtu 1280 pref medium
49. fd7a:46c:f954::/48 via fe80::12fe:edff:fee5:bd00 dev eno1 proto ra metric 1024 pref medium
50. fe80::/64 dev eno1 proto kernel metric 256 mtu 1280 pref medium
51. default via fe80::12fe:edff:fee5:bd00 dev eno1 proto ra metric 1024 expires 65409sec mtu 1280 hoplimit 64 pref medium
52.  
53. VPN server(odroid):
54. [artyom@odroid ~]$ ping -6 -c 8 fd00:7306:6bc5::1
55. PING fd00:7306:6bc5::1(fd00:7306:6bc5::1) 56 data bytes
56. 64 bytes from fd00:7306:6bc5::1: icmp_seq=1 ttl=64 time=4.76 ms
57. 64 bytes from fd00:7306:6bc5::1: icmp_seq=2 ttl=64 time=2.91 ms
58. 64 bytes from fd00:7306:6bc5::1: icmp_seq=3 ttl=64 time=6.99 ms
59. 64 bytes from fd00:7306:6bc5::1: icmp_seq=4 ttl=64 time=5.44 ms
60. 64 bytes from fd00:7306:6bc5::1: icmp_seq=5 ttl=64 time=7.38 ms
61. 64 bytes from fd00:7306:6bc5::1: icmp_seq=6 ttl=64 time=5.33 ms
62. 64 bytes from fd00:7306:6bc5::1: icmp_seq=7 ttl=64 time=3.09 ms
63. 64 bytes from fd00:7306:6bc5::1: icmp_seq=8 ttl=64 time=3.96 ms
64.  
65. --- fd00:7306:6bc5::1 ping statistics ---
66. 8 packets transmitted, 8 received, 0% packet loss, time 7010ms
67. rtt min/avg/max/mdev = 2.914/4.989/7.388/1.546 ms
68.  
69.  
70. [artyom@odroid ~]$ sudo ip -6 addr
71. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
72. inet6 ::1/128 scope host
73. valid_lft forever preferred_lft forever
74. 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
75. inet6 2002:b035:e00d:0:4cc2:9b49:6ca5:dcc3/64 scope global
76. valid_lft forever preferred_lft forever
77. inet6 fd7a:46c:f954::110/128 scope global
78. valid_lft forever preferred_lft forever
79. inet6 fd7a:46c:f954:0:996:caf:7824:6b02/64 scope global
80. valid_lft forever preferred_lft forever
81. inet6 fe80::21e:6ff:fecb:1923/64 scope link
82. valid_lft forever preferred_lft forever
83. 3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500
84. inet6 fe80::42:ff:fe81:c862/64 scope link
85. valid_lft forever preferred_lft forever
86.  
87.  
88. [artyom@odroid ~]$ sudo ip -6 neigh
89. fe80::21e:6ff:fecb:1923 dev eth0 lladdr 00:1e:06:cb:19:23 router STALE
90. fd7a:46c:f954:0:20d5:2bda:e015:2ca5 dev eth0 lladdr 34:13:e8:2f:49:ff STALE
91. fe80::8d5a:30a6:cfd8:cba0 dev docker0 lladdr 02:42:00:81:c8:62 STALE
92. fd7a:46c:f954:0:5893:a1bd:ecf0:7d66 dev eth0 lladdr 34:13:e8:2f:49:ff STALE
93. fe80::20c:e7ff:fe01:8177 dev eth0 lladdr 00:0c:e7:01:81:77 STALE
94. fe80::9410:4323:5ba9:492f dev eth0 lladdr 74:d4:35:f8:9f:90 STALE
95. fd7a:46c:f954:0:f0b1:2a30:f392:6334 dev eth0 lladdr cc:fa:00:ab:87:f0 STALE
96. fe80::34bc:b02a:489:b1ee dev eth0 lladdr 3c:83:75:ae:b5:98 STALE
97. fe80::3613:e8ff:fe2f:49ff dev eth0 lladdr 34:13:e8:2f:49:ff STALE
98. fd7a:46c:f954:0:8d4f:8602:96a5:821e dev eth0 lladdr 34:13:e8:2f:49:ff STALE
99. fd7a:46c:f954::1 dev eth0 lladdr 10:fe:ed:e5:bd:00 router STALE
100. 2002:b035:e00d::1 dev eth0 lladdr 10:fe:ed:e5:bd:00 router STALE
101. fd7a:46c:f954:0:34ca:aae5:630:d44f dev eth0 FAILED
102. fe80::42:ff:fe81:c862 dev docker0 lladdr 02:42:00:81:c8:62 STALE
103. fe80::76d4:35ff:fef8:9f90 dev eth0 lladdr 74:d4:35:f8:9f:90 STALE
104. fe80::a7cc:bbb:98b5:a7e2 dev eth0 lladdr 34:13:e8:2f:49:ff STALE
105. fe80::12fe:edff:fee5:bd00 dev eth0 lladdr 10:fe:ed:e5:bd:00 router STALE
106. fe80::48e6:cf19:e734:4880 dev eth0 lladdr 74:2f:68:ec:1d:01 STALE
107. fd7a:46c:f954:f954::1 dev eth0 FAILED
108. fd7a:46c:f954:0:60c5:9e48:d302:d5b5 dev eth0 lladdr 74:d4:35:f8:9f:90 STALE
109. fd7a:46c:f954::100 dev eth0 FAILED
110. fd7a:46c:f954:0:2151:3c65:99b:1f77 dev eth0 lladdr 74:d4:35:f8:9f:90 STALE
111. fd7a:46c:f954:0:4c17:c11c:b800:d1cd dev eth0 lladdr cc:fa:00:ab:87:f0 STALE
112. fd7a:46c:f954:0:c8a5:968f:89b7:8108 dev eth0 lladdr cc:fa:00:ab:87:f0 STALE
113. fd7a:46c:f954:0:76d4:35ff:fef8:9f90 dev eth0 lladdr 74:d4:35:f8:9f:90 REACHABLE
114. fd7a:46c:f954:0:cdc3:336:9ca:4862 dev eth0 lladdr 74:d4:35:f8:9f:90 STALE
115. fd7a:46c:f954:0:bda2:eeef:57f2:29ef dev eth0 lladdr cc:fa:00:ab:87:f0 STALE
116. 2002:b035:e00d:0:76d4:35ff:fef8:9f90 dev eth0 lladdr 74:d4:35:f8:9f:90 STALE
117. fd7a:46c:f954:0:f417:a266:1ad7:c9c0 dev eth0 FAILED
118. fe80::cefa:ff:feab:87f0 dev eth0 lladdr cc:fa:00:ab:87:f0 STALE
119.  
120.  
121. [artyom@odroid ~]$ sudo ip -6 route
122. 2002:b035:e00d::/64 dev eth0 proto kernel metric 202 mtu 1280
123. 2002:b035:e00d::/64 dev eth0 proto kernel metric 256
124. fd7a:46c:f954::110 dev eth0 proto kernel metric 256
125. fd7a:46c:f954::/64 dev eth0 proto kernel metric 202 mtu 1280
126. fd7a:46c:f954::/64 dev eth0 proto kernel metric 256
127. fe80::/64 dev eth0 proto kernel metric 256
128. fe80::/64 dev docker0 proto kernel metric 256
129. default via fe80::12fe:edff:fee5:bd00 dev eth0 metric 202 mtu 1280
130.  
131.  
132. [artyom@odroid ~]$ sudo swanctl -v
133. strongSwan swanctl 5.5.2
134.  
135.  
136. [artyom@odroid ~]$ sudo swanctl -l
137. work: #2, ESTABLISHED, IKEv2, ba05118e41b6b0ee_i cbab7f3248286584_r*
138. local 'CN=vpn.h31.ishere.ru' @ 192.168.1.110[4500]
139. remote 'work' @ 195.209.231.150[4500] [192.168.1.120 fd00:7306:6bc5::1]
140. AES_GCM_16-256/PRF_HMAC_SHA2_256/MODP_2048
141. established 571s ago, reauth in 9350s
142. work: #2, reqid 2, INSTALLED, TUNNEL-in-UDP, ESP:AES_CTR-128/HMAC_SHA1_96
143. installed 571s ago, rekeying in 1997s, expires in 3029s
144. in c6a67c89, 3818 bytes, 30 packets, 32s ago
145. out cf1bac8f, 2496 bytes, 24 packets, 32s ago
146. local 192.168.1.110/32 192.168.1.200/32 ::/0
147. remote 192.168.1.120/32 fd00:7306:6bc5::1/128
148.  
149.  
150. [artyom@odroid ~]$ sudo swanctl -L
151. work: IKEv2, reauthentication every 10260s, no rekeying
152. local: %any
153. remote: %any
154. local public key authentication:
155. id: CN=vpn.h31.ishere.ru
156. certs: CN=vpn.h31.ishere.ru
157. remote public key authentication:
158. id: work
159. work: TUNNEL, rekeying every 3060s
160. local: 192.168.1.0/24 ::/0
161. remote: dynamic
162.  
163.  
164. [artyom@odroid ~]$ cat /etc/ipsec.conf
165. # ipsec.conf - strongSwan IPsec configuration file
166.  
167. # basic configuration
168.  
169. config setup
170. # strictcrlpolicy=yes
171. # uniqueids = no
172.  
173. # Add connections here.
174.  
175. conn %default
176. keyexchange=ikev2
177. ike=aes256gcm16-sha256-modp2048,aes256-aes128-sha256-sha1-modp2048-modp4096-modp1024!
178. esp=aes128ctr-sha1-sha256-modp2048!
179. fragmentation=yes
180. dpdaction=clear
181. dpddelay=35s
182. dpdtimeout=300s
183.  
184. # left - local (server) side
185. left=%any
186. leftauth=pubkey
187. leftcert=vpn.h31.ishere.ru.crt
188. leftsendcert=always
189. leftsubnet=0.0.0.0/0,::/0
190. leftfirewall = yes
191.  
192. # right - remote (client) side
193. right=%any
194. rightdns=
195. rightauth=pubkey
196. rightsourceip=%dhcp
197.  
198. conn work
199. rightid=work
200. rightcert=work.crt
201. leftsubnet=192.168.1.1/24,::/0
202. rightsourceip=%dhcp,fd00:7306:6bc5::1
203. auto=add
204.  
205.  
206. Work(artyom-MSI):
207. artyom@artyom-MSI:~$ sudo ipsec statusall
208. Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.0-72-generic, x86_64):
209. uptime: 5 hours, since Apr 29 16:14:46 2017
210. malloc: sbrk 2703360, mmap 0, used 407152, free 2296208
211. worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 12
212. loaded plugins: charon test-vectors aes rc2 sha1 sha2 md4 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
213. Listening IP addresses:
214. 192.168.1.75
215. 10.140.20.1
216. Connections:
217. ikev2-rw: %any...vpn.h31.ishere.ru IKEv1/2
218. ikev2-rw: local: [work] uses public key authentication
219. ikev2-rw: cert: "CN=work"
220. ikev2-rw: remote: [vpn.h31.ishere.ru] uses public key authentication
221. ikev2-rw: child: dynamic === 192.168.1.110/32 192.168.1.200/32 ::/0 TUNNEL
222. Security Associations (1 up, 0 connecting):
223. ikev2-rw[7]: ESTABLISHED 13 minutes ago, 192.168.1.75[work]...176.53.224.13[CN=vpn.h31.ishere.ru]
224. ikev2-rw[7]: IKEv2 SPIs: eeb0b6418e1105ba_i* 84652848327fabcb_r, public key reauthentication in 2 hours
225. ikev2-rw[7]: IKE proposal: AES_GCM_16_256/PRF_HMAC_SHA2_256/MODP_2048
226. ikev2-rw{12}: INSTALLED, TUNNEL, reqid 7, ESP in UDP SPIs: cf1bac8f_i c6a67c89_o
227. ikev2-rw{12}: AES_CTR_128/HMAC_SHA1_96, 12733 bytes_i (135 pkts, 0s ago), 12639 bytes_o (98 pkts, 20s ago), rekeying in 32 minutes
228. ikev2-rw{12}: 192.168.1.120/32 fd00:7306:6bc5::1/128 === 192.168.1.110/32 192.168.1.200/32 ::/0
229.  
230. artyom@artyom-MSI:~$ cat /etc/ipsec.conf
231. # ipsec.conf - strongSwan IPsec configuration file
232.  
233. # basic configuration
234.  
235. config setup
236. # strictcrlpolicy=yes
237. # uniqueids = no
238.  
239. # Add connections here.
240.  
241. conn ikev2-rw
242. right=vpn.h31.ishere.ru
243. dpdaction=restart
244. dpddelay=0
245. rightid=%vpn.h31.ishere.ru
246. rightsubnet=192.168.1.110/32,192.168.1.200/32,::/0
247. rightauth=pubkey
248. rightfirewall=yes
249. leftid=work
250. leftsourceip=%config4,%config6
251. leftauth=pubkey
252. leftfirewall=yes
253. leftcert=work.crt
254. ike=aes256gcm16-sha256-modp2048!
255. esp=aes128ctr-sha1-sha256-modp2048!
256. auto=start
257. closeaction=restart