Iptables rules not working for ipv6 traffic on local network

[HugoPoi]

• The actual rules drop ARP v6 traffic for ffx2::/16
• So you can't use public ipv6 to join yunohost in the same local network as your device drop the returning traffic because the ARP v6 can't resolve the MAC address
• The packet currently dropped are the ICMPv6 TYPE=135 aka Neighbor Solicitation new name for ARP in v6
• I think the proper way is to allow ICMPv6 to go out eth0 for local prefix ffx2::/16

[HugoPoi]

Workaround sudo ip6tables -I vpnclient_out -d ff02::/16 -j ACCEPT

Maybe use some of the rules here https://unix.stackexchange.com/questions/452880/what-are-the-essential-iptables-rules-for-ipv6-to-work-properly#452905

Check this also https://en.wikipedia.org/wiki/Multicast_address

Need to check some RFCs

[ptrhere]

i did this / works for me (policy based routing)

echo "1 send_over_tun" >> /etc/iproute2/rt_tables

ip -6 route flush table send_over_tun
ip -6 route add default via $VPN_SERVER dev tun0 table send_over_tun proto static

ip -6 rule add from $MY_VPN_IP pref 1 table send_over_tun

[HugoPoi]

Is it better than asymmetric routing that can be done with my solution ?

[HugoPoi]

@ptrhere For your solution to be working, the default routes inserted by openvpn should be disable, I think.

• https://community.openvpn.net/openvpn/wiki/IgnoreRedirectGateway