Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Aug 2014 21:10:23 -0700
From:      David Benfell <benfell@parts-unknown.org>
To:        John Levine <johnl@iecc.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: he.net IPv6 tunnel
Message-ID:  <20140807041023.GA1656@home.parts-unknown.org>
In-Reply-To: <20140806231738.13354.qmail@joyce.lan>
References:  <20140804105020.GD94656@home.parts-unknown.org> <20140806231738.13354.qmail@joyce.lan>
next in thread | previous in thread | raw e-mail | index | archive | help 

--gKMricLos+KVdGMg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi John,

On Wed, Aug 06, 2014 at 11:17:38PM -0000, John Levine wrote:
> This works for me, routing a /64 from HE through a tunnel onto my LAN.
> The IPv6 addresses are all from what HE gave me.  Note that the /64
> prefix on the tunnel addresses on gif0 are different from the one for
> the addresses on my LAN.
>=20
> ----------------------------------------
> # ipv6
> V6NETNUM=3D"2001:470:1f07:1126"
> ipv6_enable=3D"YES"
>=20
> # v6 tunnel
> gif_interfaces=3D"gif0"
> gifconfig_gif0=3D"64.57.183.18 209.51.161.14"
> ipv6_ifconfig_gif0=3D"2001:470:1f06:1126::2 2001:470:1f06:1126::1 prefixl=
en 128"
> ipv6_defaultrouter=3D"2001:470:1f06:1126::1"
>=20
> # route on my LAN
> ipv6_gateway_enable=3D"YES"
> rtadvd_enable=3D"YES"
> rtadvd_interfaces=3D"bce0"		# Interfaces rtadvd sends RA packets.
>=20
> # all the other addresses
> ifconfig_bce0_ipv6=3D"inet6 $V6NETNUM::2 prefixlen 64"
> ------------------------------------------------------
>=20
> I also have a bunch of aliases on bce0 for local v6 web sites and such, e=
=2Eg.:
>=20
> ifconfig_bce0_aliases=3D"$ifconfig_bce0_aliases inet6 $V6NETNUM:0:0:4945:=
4343 prefixlen 64" # an alias

Oh, I'm having a hard time with this. I think part of my problem is
that the necessary syntax keeps changing, and I'm not sure that the
documentation is keeping up to date. Including, importantly, the
rc.conf man page.

So one thing that seems important to say is that this is FreeBSD
10/STABLE. I see messages that some rc.conf variables above are
"obsolete." So I've tried to update them.

Here's what I've got, and in terms of results, it isn't as far as I'd
gotten. I'm including the IPv4 stuff for reasons which will be
apparent:

ifconfig_em0=3D"inet 50.250.218.161 netmask 255.255.255.240"
ifconfig_em0_alias0=3D"inet 50.250.218.162 netmask 255.255.255.255"
ifconfig_em0_alias1=3D"inet 50.250.218.163 netmask 255.255.255.255"
ifconfig_em0_alias2=3D"inet 50.250.218.164 netmask 255.255.255.255"
ifconfig_em0_alias3=3D"inet 50.250.218.165 netmask 255.255.255.255"
ifconfig_em0_alias4=3D"inet 50.250.218.166 netmask 255.255.255.255"
ifconfig_em0_alias5=3D"inet 50.250.218.167 netmask 255.255.255.255"
ifconfig_em0_alias6=3D"inet 50.250.218.168 netmask 255.255.255.255"
ifconfig_em0_alias7=3D"inet 50.250.218.169 netmask 255.255.255.255"
ifconfig_em0_alias8=3D"inet 50.250.218.170 netmask 255.255.255.255"
ifconfig_em0_alias9=3D"inet 50.250.218.171 netmask 255.255.255.255"
ifconfig_em0_alias10=3D"inet 50.250.218.172 netmask 255.255.255.255"
defaultrouter=3D"50.250.218.174"
#ipv6_enable=3D"YES" (apparently deprecated)
ipv6_activate_all_interfaces=3D"YES"
# IPv6-over-IPv4 tunnel supplied by he.net; ID 258129
V6TUNNUM=3D"2001:470:66:119"
V6NETNUM=3D"2001:470:67:119"
V4TUNSERVER=3D"64.62.134.130"
V4TUNCLIENT=3D"50.250.218.161"
V6TUNSERVER=3D"${V6TUNNUM}::1"
V6TUNCLIENT=3D"${V6TUNNUM}::2"
ipv6_network_interfaces=3D"em0"
#gif_interfaces=3D"gif0" (apparently deprecated)
cloned_interfaces=3D"gif0"
gifconfig_gif0=3D"${V4TUNCLIENT} ${V4TUNSERVER}"
ipv6_ifconfig_gif0=3D"inet6 ${V6TUNCLIENT} ${V6TUNSERVER} prefixlen 128"
ipv6_defaultrouter=3D"${V6TUNSERVER}"
# I don't have a LAN, but this would route on my LAN
#ipv6_gateway_enable=3D"YES"
#rtadvd_enable=3D"YES"
#rtadvd_interfaces=3D"em0"                # Interfaces rtadvd sends RA
packets.
# all the other addresses
ifconfig_em0_ipv6=3D"inet6 ${V6NETNUM}::2 prefixlen 64"
#ifconfig_em0_alias11=3D"inet6 ${V6NETNUM}::3 prefixlen 64"
#ifconfig_em0_alias12=3D"inet6 ${V6NETNUM}::4 prefixlen 64"
#ifconfig_em0_alias13=3D"inet6 ${V6NETNUM}::5 prefixlen 64"
#ifconfig_em0_alias14=3D"inet6 ${V6NETNUM}::6 prefixlen 64"
#ifconfig_em0_alias15=3D"inet6 ${V6NETNUM}::7 prefixlen 64"
#ifconfig_em0_alias16=3D"inet6 ${V6NETNUM}::8 prefixlen 64"
#ifconfig_em0_alias17=3D"inet6 ${V6NETNUM}::9 prefixlen 64"
#ifconfig_em0_alias18=3D"inet6 ${V6NETNUM}::10 prefixlen 64"
#ifconfig_em0_alias19=3D"inet6 ${V6NETNUM}::11 prefixlen 64"
#ifconfig_em0_alias20=3D"inet6 ${V6NETNUM}::12 prefixlen 64"
#ifconfig_em0_alias21=3D"inet6 ${V6NETNUM}::13 prefixlen 64"
#ifconfig_em0_alias22=3D"inet6 ${V6NETNUM}::14 prefixlen 64"

Here are the examples in the rc.conf man page:

ifconfig_ed0_ipv6=3D"inet6 2001:db8:1::1 prefixlen 64"
ifconfig_ed0_alias0=3D"inet6 2001:db8:2::1 prefixlen 64"

Notice that the original interface address assignment variable has
_ipv6 on the end of it, but the alias assignment variables do not.
(Smells boobytrap, moves on.) Since the IPv6 alias assignment variable
is the same as the IPv4 alias assignment variable, I figure I need to
pick up the numbering where the IPv4 aliases left off.

Also, it seems weird to me that aliases in IPv4 should be fully
netmasked while the prefixlen in IPv6 is the same as the original. But
this is all magic to me anyway.

The aliases seem to be extremely problematic, which is why I've
commented them out. With your suggested syntax, they didn't appear at
all. When I tried the documented syntax, I lost the route, and I
haven't been able to get it back. Ack!!!!

With what's above:

home% ifconfig -a
em0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
        options=3D4019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,T=
SO4,VLAN_HWTSO>
        ether 44:39:c4:3a:d7:ea
        inet 50.250.218.161 netmask 0xfffffff0 broadcast
50.250.218.175=20
        inet6 fe80::4639:c4ff:fe3a:d7ea%em0 prefixlen 64 scopeid 0x1=20
        inet6 2001:470:67:119::2 prefixlen 64=20
        inet 50.250.218.162 netmask 0xffffffff broadcast
50.250.218.162=20
        inet 50.250.218.163 netmask 0xffffffff broadcast
50.250.218.163=20
        inet 50.250.218.164 netmask 0xffffffff broadcast
50.250.218.164=20
        inet 50.250.218.165 netmask 0xffffffff broadcast
50.250.218.165=20
        inet 50.250.218.166 netmask 0xffffffff broadcast
50.250.218.166=20
        inet 50.250.218.167 netmask 0xffffffff broadcast
50.250.218.167=20
        inet 50.250.218.168 netmask 0xffffffff broadcast
50.250.218.168=20
        inet 50.250.218.169 netmask 0xffffffff broadcast
50.250.218.169=20
        inet 50.250.218.170 netmask 0xffffffff broadcast
50.250.218.170=20
        inet 50.250.218.171 netmask 0xffffffff broadcast
50.250.218.171=20
        inet 50.250.218.172 netmask 0xffffffff broadcast
50.250.218.172=20
        nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=3D600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128=20
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2=20
        inet 127.0.0.1 netmask 0xff000000=20
        nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
gif0: flags=3D8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1280
        inet6 fe80::4639:c4ff:fe3a:d7ea%gif0 prefixlen 64 scopeid 0x3=20
        nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
home% ping6 2001:470:67:119::2
PING6(56=3D40+8+8 bytes) 2001:470:67:119::2 --> 2001:470:67:119::2
16 bytes from 2001:470:67:119::2, icmp_seq=3D0 hlim=3D64 time=3D0.084 ms
16 bytes from 2001:470:67:119::2, icmp_seq=3D1 hlim=3D64 time=3D0.038 ms
16 bytes from 2001:470:67:119::2, icmp_seq=3D2 hlim=3D64 time=3D0.043 ms
^C
--- 2001:470:67:119::2 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev =3D 0.038/0.055/0.084/0.021 ms

I have an IPv6 address associated with em0. But I lost the tunnel:

home% ping6 2001:470:66:119::2
ping6: UDP connect: No route to host

This is also apparent from the ifconfig output. It shows endpoints
when it's working. And for that brief moment when I had it working, I
was able to ping out.

Is the feeding of the preferred (non-deprecated) variables different
=66rom the obsolete (deprecated) variables?

Thanks!
--=20
David Benfell <benfell@parts-unknown.org>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.

--gKMricLos+KVdGMg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJT4vwuAAoJEBV64x4SNmAr36AQAIiovyKV/czoOwoSxGcFHx7Y
HkrADSSETvwlmLEVbL+D3InUKwoLToUHIpGQLFStkp+ArDNDF4yhvfX9RN/XLk9z
6nBGq7lJCrP/ocYm9sdNApQWYPMl21AYqY6nYReS9WFNlbvYI28LjSN4BL2K/V1R
u5cPPX7g8CUeIZeRf00GJ1RDEEYYWET4hYRGImW/m4ubml+RWvSQHWW7UN31EzvP
XjSVIAClTDDomZ9iOzZ6w+efnHlO8qKfjYNv+CILNGGrRvq7llICcaW9kzrgHcww
ulrJzkUc0bzA0Eh6nAwqFzW3B9HUMNjVZUw+QAiHuMZm/BqRYnZyewDzuUi32/3G
IpDmj4wfMmYuHAQ3fhp2aSepA8SI4RSAWBdhv4NqYttsTMSxlKVHhcKDMxYVALMY
5TFsYISQ7YyEK1nC2o40mi35j69vn2hid8hANPAwcPf4BYZbxgVD6zF8usTn6HvF
QSmeMY8vM/87UQYFyejm/HDu/Bi6Tj4oqjs/J0cOoW4u/XOMZ38Fp/9iIlNtTh7d
APO9LVcmNfeNNDLTK5HXsZKXUmVs5peYQMiuBuluwOiENZ9jHvF4ik1RLdJln1g1
yy+SGUyvCSFoGY/ISDbAYrI/htW6M44dKE0eDKIBTAMJCHVT0I+1oVsBCELHc0RG
dbVBfvxhQWy5T4b7fzNs
=AmDH
-----END PGP SIGNATURE-----

--gKMricLos+KVdGMg--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140807041023.GA1656>