From owner-freebsd-stable@FreeBSD.ORG Mon Aug 27 18:06:34 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3DDE1106566B for ; Mon, 27 Aug 2012 18:06:34 +0000 (UTC) (envelope-from xi@borderworlds.dk) Received: from kazon.borderworlds.dk (kazon.borderworlds.dk [IPv6:2a01:4f8:101:4201::1:1]) by mx1.freebsd.org (Postfix) with ESMTP id CAC068FC12 for ; Mon, 27 Aug 2012 18:06:33 +0000 (UTC) Received: from talaxian.borderworlds.dk (localhost [127.0.0.1]) by kazon.borderworlds.dk (Postfix) with ESMTP id 1A4B55C34 for ; Mon, 27 Aug 2012 20:06:26 +0200 (CEST) Message-ID: <503BB721.9000108@borderworlds.dk> Date: Mon, 27 Aug 2012 20:06:25 +0200 From: Christian Laursen Organization: The Border Worlds User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:14.0) Gecko/20120727 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <503BA51E.4030103@libeljournal.com> In-Reply-To: <503BA51E.4030103@libeljournal.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: IPv6 default route. Can't see the wood for the trees. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 18:06:34 -0000 On 08/27/12 18:49, John Hawkes-Reed wrote: > BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. > IP4 works. > > IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box. > > However, while LAN clients (XP, OSX) manage to acquire addresses with > the right prefix, the autoconfigured default route is a link-local > address. Some bits of the internet think that's ok. Other bits don't. Bits of the internet does not see anything about whether your default gateway is link-local or not and do not care. The default gateway on the box that I'm writing this from is link-local and IPv6 works quite nicely. > Trying to ping6/traceroute6 out to (say) Google works on the BSD box, > but not on the clients. > > Do I need to be running a routing daemon, or is there some ip6 > handwaving I'm missing? If you are running pf or another firewall, you should have rules that allow traffic to pass through. > rc.conf: > > (I'm not convinced that obfuscating the addresses is worth the confusion) > > ipv6_gateway_enable="YES" > ip6addrctl_verbose="YES" > rtadvd_enable="YES" > rtadvd_interfaces="rl0" > ipv6_cpe_wanif="pcn0" > ipv6_defaultrouter="2001:470:1f0a:b5a::1" > gif_interfaces="gif0" > gifconfig_gif0="192.168.1.100 216.66.80.30" > ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 > prefixlen 128" > ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" > ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed it and I run a setup similar to what you describe. -- Christian Laursen