Solved: What is missing to connect to outside through HA V...

Thomasaw · 08-30-2023 04:48 AM

Hi,

I have trouble about that I cannot connect ping to the external host on IPv6 through HA VPN.
Server has 2 nic:
　nic0: IPv4 only
　nic1: IPv4 and IPv6 (dual-stack)

Ping to ipv6.google.com is OK.
Ping to the host is NG.
Ping to the IPv6 VPC Gateway is NG.
VPN is up.
BGP is up.
HA VPN belongs to the same VPC network with nic1 of the server.
Connectivity Test on Google Cloud Console, it says OK.

Does anyone have ideas which I can try?
I would offer you information as possible as I can.

regards,

Marvin_Lucero

Hi @Thomasaw ,

It seems like your HA VPN setup is working fine at a basic level because the VPN and BGP connections are up, and the Google Cloud Console connectivity test shows no problems. However, when you try to ping external hosts using IPv6 through the HA VPN, you're encountering issues.

To resolve this, you can consider checking these troubleshooting steps:

1. Make sure that the setup guiding traffic from your server through the HA VPN is correctly configured for IPv6. Double-check that IPv6 traffic is being directed through the VPN.
2. Check your firewall rules if it allows IPv6 traffic. There will be instances that IPv6 is being blocked even if the VPN is showing as established.
3. Review your network traffic using Logs Explorer. This can help identify where the problem is occurring, as error messages can isolate the causes preventing you from successfully pinging external hosts over IPv6 through the HA VPN.
4. Be aware of the MTU size. Keep in mind that IPv6 packets are larger than IPv4 packets. Confirm that your network can handle these larger packets without issues, as problems with packet size can lead to connectivity problems.

View solution in original post

Thomasaw

I would update this:

I know setting the subnet on nic1 is not good, I should set the subnet on nic0.
However, I think custom learned routing would help this trouble, and I set the routing.

It seems to success in setting from "gcloud compute routers describe" command,
but from "gcloud compute routers get-status" command, a problem happens again.
To see the output, there shows:
numLearnedRoutes: 0
and I guess Cloud Router does not get a route on custom learned routing.

Does it come from the opposite router settings?
Could anybody have any ideas?

Thank you,

Marvin_Lucero

Hi @Thomasaw ,

It seems like your HA VPN setup is working fine at a basic level because the VPN and BGP connections are up, and the Google Cloud Console connectivity test shows no problems. However, when you try to ping external hosts using IPv6 through the HA VPN, you're encountering issues.

To resolve this, you can consider checking these troubleshooting steps:

1. Make sure that the setup guiding traffic from your server through the HA VPN is correctly configured for IPv6. Double-check that IPv6 traffic is being directed through the VPN.
2. Check your firewall rules if it allows IPv6 traffic. There will be instances that IPv6 is being blocked even if the VPN is showing as established.
3. Review your network traffic using Logs Explorer. This can help identify where the problem is occurring, as error messages can isolate the causes preventing you from successfully pinging external hosts over IPv6 through the HA VPN.
4. Be aware of the MTU size. Keep in mind that IPv6 packets are larger than IPv4 packets. Confirm that your network can handle these larger packets without issues, as problems with packet size can lead to connectivity problems.

Thomasaw

@Marvin_Lucero ,

Thank you for your advice and sorry for my late reply.
I have checked them and it seems to be fine, so I wonder the opposite side may set incorreclty, now I have sent a query about that to the otherside.

Regarding to your advice, IPv6 , MTU and firewall rules are fine from Google Support, and I can see logs for sending advertisement but no receiving it.
The problem is still going but its status is not bad because we have less suspicious.

Best regards,

What is missing to connect to outside through HA VPN on IPv6?