Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Sep 2014 12:21:05 +0900 (JST)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        dan@langille.org
Cc:        freebsd-net@freebsd.org
Subject:   Re: Configuration for IPv6 over tunnel
Message-ID:  <20140911.122105.2066013438047221946.hrs@allbsd.org>
In-Reply-To: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>
References:  <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

Dan Langille <dan@langille.org> wrote
  in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>:

da> IPv6 Tunnel Endpoints
da> Server IPv4 Address:  209.51.x.y
da> Server IPv6 Address:  2001:470:xx06:9ea::1/64
da> Client IPv4 Address:  96.245.100.201
da> Client IPv6 Address:  2001:470:xx06:9ea::2/64
da>
da> Routed /64:           2001:470:xx07:9ea::/64
da>
da> My /etc/rc.conf includes
da>
da> cloned_interfaces="gif0”
da> ifconfig_gif0="tunnel 96.245.100.201 209.51.x.y mtu 1480”
da> ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
da> ifconfig_em0_ipv6="inet6 2001:470:xx07:9ea:1::1”
da> ipv6_defaultrouter="2001:470:xx06:9ea::1"
da> ipv6_gateway_enable=“YES"
da> rtadvd_enable=“YES”

 The following line is enough for ifconfig_gif0_ipv6.  A /128
 configuration works but ugly:

  -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
  +ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2/64"

 Or, you do not need to configure a client side global address in
 subnet of the inter-router link if you use his endpoint as the
 default router.  Reducing the number of global addresses on a box is
 healthy for packet filtering rule management:

  -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
  +ifconfig_gif0_ipv6="inet6 auto_linklocal"
  -ipv6_defaultrouter="2001:470:xx06:9ea::1"
  +ipv6_defaultrouter="-interface gif0"

 And if your box works as a router for subnet
 2001:470:xx07:9ea::/64, please add subnet-router anycast address.
 This is mandatory in RFC:

  +ifconfig_em0_ipv6_alias0="inet6 2001:470:xx07:9ea::/64 anycast"

 I think HE's endpoint is properly configured.  You can ping6 to
 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1.

-- Hiroki

----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEABECAAYFAlQRFSEACgkQTyzT2CeTzy07LQCgoZrWd8PL/27uGob+TZs/ETto
w8wAn0Qj3rSANYH41soNbyPLbbNx/bNo
=oU9R
-----END PGP SIGNATURE-----

----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140911.122105.2066013438047221946.hrs>