dslite (ipip6 tunnel with m-net) on linux

Posted on December 15, 2021 by dario

dslite (ipip6 tunnel with m-net) on linux

until i find the time (lol) to properly tell the long story, this is just a short note to whoever may find it useful.

problem

when upgrading the kernel of our flatshare’s internet-connecting server to something newer than debian’s 4.9, the ipv4 tunnel part of our dslite connection no longer worked.

solution

in wireguard, we noticed that newer linux kernel versions add another ipv6 header into the tunneled packet (where the headers sort-of work like a linked list), which technically conforms to the standard, but isn’t what m-net’s AFTR endpoint expects.

to prevent this additional layer, use encaplimit none when creating the tunnel; our tunnel creation now looks like this:

ip -6 tunnel add dslite mode ipip6 local "$ip6" remote "$aftr" encaplimit none dev br-lan

which works with newer kernels as well.