From owner-freebsd-stable@FreeBSD.ORG Mon Aug 27 19:04:10 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B5420106566C for ; Mon, 27 Aug 2012 19:04:10 +0000 (UTC) (envelope-from hirez@libeljournal.com) Received: from outbound-queue-1.mail.thdo.gradwell.net (outbound-queue-1.mail.thdo.gradwell.net [212.11.70.34]) by mx1.freebsd.org (Postfix) with ESMTP id 49C9C8FC18 for ; Mon, 27 Aug 2012 19:04:09 +0000 (UTC) Received: from outbound-edge-2.mail.thdo.gradwell.net (bonnie.gradwell.net [212.11.70.2]) by outbound-queue-1.mail.thdo.gradwell.net (Postfix) with ESMTP id 26D2E21D45 for ; Mon, 27 Aug 2012 20:04:09 +0100 (BST) Received: from cpc2-chap5-0-0-cust256.aztw.cable.virginmedia.com (HELO propellor.libeljournal.com) (77.103.165.1) (smtp-auth username hirez, mechanism cram-md5) by outbound-edge-2.mail.thdo.gradwell.net (qpsmtpd/0.83) with (AES256-SHA encrypted) ESMTPSA; Mon, 27 Aug 2012 20:45:05 +0100 Received: from propellor.libeljournal.com (localhost [127.0.0.1]) by propellor.libeljournal.com (Postfix) with ESMTP id 23A0A170BD for ; Mon, 27 Aug 2012 20:04:07 +0100 (BST) X-Virus-Scanned: amavisd-new at libeljournal.com Received: from propellor.libeljournal.com ([127.0.0.1]) by propellor.libeljournal.com (propellor.libeljournal.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id V1Rm4LA65Rwd for ; Mon, 27 Aug 2012 20:03:58 +0100 (BST) Received: from [172.16.0.10] (twister.libeljournal.com [172.16.0.10]) by propellor.libeljournal.com (Postfix) with ESMTPA id 988E817082 for ; Mon, 27 Aug 2012 20:03:58 +0100 (BST) Message-ID: <503BC497.3060206@libeljournal.com> Date: Mon, 27 Aug 2012 20:03:51 +0100 From: John Hawkes-Reed User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20120713 Thunderbird/14.0 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <503BA51E.4030103@libeljournal.com> <503BB721.9000108@borderworlds.dk> In-Reply-To: <503BB721.9000108@borderworlds.dk> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Gradwell-MongoId: 503bce41.14c71-46b0-2 X-Gradwell-Auth-Method: smtpauth X-Gradwell-Auth-Credentials: hirez Subject: Re: IPv6 default route. Can't see the wood for the trees. X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 27 Aug 2012 19:04:10 -0000 On 27/08/2012 19:06, Christian Laursen wrote: > On 08/27/12 18:49, John Hawkes-Reed wrote: >> BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. >> IP4 works. >> >> IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD >> box. >> >> However, while LAN clients (XP, OSX) manage to acquire addresses with >> the right prefix, the autoconfigured default route is a link-local >> address. Some bits of the internet think that's ok. Other bits don't. > > Bits of the internet does not see anything about whether your default > gateway is link-local or not and do not care. > > The default gateway on the box that I'm writing this from is link-local > and IPv6 works quite nicely. Aha. Good. > >> Trying to ping6/traceroute6 out to (say) Google works on the BSD box, >> but not on the clients. >> >> Do I need to be running a routing daemon, or is there some ip6 >> handwaving I'm missing? > > If you are running pf or another firewall, you should have rules that > allow traffic to pass through. Yep. firewall_type="OPEN" - I wondered if 'allow ip from any to any' included ipv6, and it would seem that it does. >> rc.conf: >> >> (I'm not convinced that obfuscating the addresses is worth the confusion) >> >> ipv6_gateway_enable="YES" >> ip6addrctl_verbose="YES" >> rtadvd_enable="YES" >> rtadvd_interfaces="rl0" >> ipv6_cpe_wanif="pcn0" >> ipv6_defaultrouter="2001:470:1f0a:b5a::1" >> gif_interfaces="gif0" >> gifconfig_gif0="192.168.1.100 216.66.80.30" >> ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 >> prefixlen 128" >> ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" >> ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 >> -accept_rtadv" > > It looks like you are trying to use the /64 used for your tunnel on the > inside network. That's probably what causes the problem. > > You should use the "Routed /64" on the inside. If you need more than one > /64, you can request a /48. I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: > I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed > it and I run a setup similar to what you describe. -- JH-R