From owner-freebsd-net@freebsd.org Mon Aug 24 13:45:20 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 92F779C1F1A for ; Mon, 24 Aug 2015 13:45:20 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from mail.in-addr.com (mail.in-addr.com [IPv6:2a01:4f8:191:61e8::2525:2525]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 59FA0122D; Mon, 24 Aug 2015 13:45:20 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from gjp by mail.in-addr.com with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1ZTs3q-000Iul-90; Mon, 24 Aug 2015 14:45:18 +0100 Date: Mon, 24 Aug 2015 14:45:18 +0100 From: Gary Palmer To: Matthew Seaman , freebsd-net@freebsd.org Subject: Re: Routing IPv6 over tun0 (PPPoE) issue Message-ID: <20150824134518.GG13503@in-addr.com> References: <20150823150408.GE13503@in-addr.com> <55D9E8D4.1050700@FreeBSD.org> <20150823164828.GF13503@in-addr.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20150823164828.GF13503@in-addr.com> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on mail.in-addr.com); SAEximRunCond expanded to false X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Aug 2015 13:45:20 -0000 On Sun, Aug 23, 2015 at 05:48:28PM +0100, Gary Palmer wrote: > On Sun, Aug 23, 2015 at 04:37:56PM +0100, Matthew Seaman wrote: > > On 23/08/2015 16:04, Gary Palmer wrote: > > > However if I configure other IPs on other interfaces from the netblock that > > > has been delegated to me and either source the traffic from those IPs or > > > try the traceroute from another computer using IPs in that netblock, I > > > don't even see the traffic leaving tun0 with tcpdump, let alone get any > > > replies. > > > > I have a similar setup. Looks to me as if there's a problem with your > > routing internally. > > > > My routing table looks like this (excluding the ff01::, ff02:: and > > ff03:: routes and anything that's a host specific route): > > > > % netstat -rn -f inet6 | grep -vE '(UH|ff0)' > > Routing tables > > > > Internet6: > > Destination Gateway Flags Netif Expire > > ::/96 ::1 UGRS lo0 > > default fe80::203:97ff:fe19:8000%tun0 UGS tun0 > > ::ffff:0.0.0.0/96 ::1 UGRS lo0 > > 2001:8b0:151:1::/64 link#1 U em0 <<<---** > > fe80::/10 ::1 UGRS lo0 > > fe80::%em0/64 link#1 U em0 > > fe80::%re0/64 link#2 U re0 > > fe80::%lo0/64 link#3 U lo0 > > fe80::%tun0/64 link#5 U tun0 > > > > Here em0 is the interface onto my internal network, and any addresses > > from my assigned IPv6 netblock are configured on that interface or the > > network directly attached to it. You should have a route equivalent to > > the one marked with the arrow. > > > > Note that tun0 uses link-local addresses for the IPv6 tunnelling, not > > addresses from my assigned range. Depending on how your ISP has > > configured things you may need a "real" IPv6 address on your tun0 > > interface, but this should be from a distinct subnet to the block you're > > using internally. > > Hi Matthew, > > Thanks for the reply. I may have messed up manually masking the > network data so let me do it by sed this time so I don't mess up. > > aaaa:bbbb:cccc:dddd is the /64 prefix used for the connection > xxxx:yyyy:zzzz is the /48 used for internal IPs > > The tunnelbroker IPs are also configured but I've removed them as they > shouldn't be relevant. I've checked gif0 and none of the traffic is > going out that interface either. > > tun0 shows: > > tun0: flags=8051 metric 0 mtu 1492 > options=80000 > inet6 fe80::200:24ff:fec9:5bbc%tun0 prefixlen 64 scopeid 0xa > inet a.b.c.d --> e.f.g.h netmask 0xffffffff > inet6 aaaa:bbbb:cccc:dddd:200:24ff:fec9:5bbc prefixlen 64 autoconf > nd6 options=23 > Opened by PID 1038 > > vr0 shows: > > vr0: flags=8843 metric 0 mtu 1500 > options=8280b > ether 00:00:24:c9:5b:bc > inet i.j.k.l netmask 0xffffff00 broadcast i.j.k.m > inet6 fe80::200:24ff:fec9:5bbc%vr0 prefixlen 64 scopeid 0x1 > inet6 xxxx:yyyy:zzzz:1::1 prefixlen 64 > nd6 options=21 > media: Ethernet autoselect (100baseTX ) > status: active > > IPv6 routing table: > > Routing tables > > Internet6: > Destination Gateway Flags Netif Expire > ::/96 ::1 UGRS lo0 => > default fe80::230:88ff:fe16:ec4f%tun0 UG tun0 > ::1 link#9 UH lo0 > ::ffff:0.0.0.0/96 ::1 UGRS lo0 > xxxx:yyyy:zzzz:1::/64 link#1 U vr0 > xxxx:yyyy:zzzz:1::1 link#1 UHS lo0 > xxxx:yyyy:zzzz:2::/64 link#3 U vr2 > xxxx:yyyy:zzzz:2::1 link#3 UHS lo0 > aaaa:bbbb:cccc:dddd::/64 link#10 U tun0 > aaaa:bbbb:cccc:dddd:200:24ff:fec9:5bbc link#10 UHS lo0 > > traceroute from tun0 IP (first 4 hops only shown) > > traceroute6 to wfe0.ysv.freebsd.org (2001:1900:2254:206a::50:0) from aaaa:bbbb:cccc:dddd:200:24ff:fec9:5bbc, 4 hops max, 12 byte packets > 1 aaaa:bbbb::3:0:0:2 29.318 ms 29.860 ms 28.065 ms > 2 aaaa:bbbb:0:301:: 28.724 ms 29.064 ms 29.421 ms > 3 aaaa:bbbb:0:4::1 29.881 ms 29.189 ms 28.254 ms > 4 aaaa:bbbb:0:3::1 35.764 ms 36.488 ms 36.054 ms > > traceroute from vr0 IP using 'traceroute6 -s' > > traceroute6 to wfe0.ysv.freebsd.org (2001:1900:2254:206a::50:0) from xxxx:yyyy:zzzz:1::1, 4 hops max, 12 byte packets > 1 * * * > 2 * * * > > > > Hmmm.... you do have 'gateway_enable="YES"' and > > 'ipv6_gateway_enable="YES"' in your /etc/rc.conf ? > > gateway_enable="YES" > ipv6_gateway_enable="YES" > > Yes. v4 continues to work fine. OK, I guess I must have missed something in earlier testing. The packet *was* going out tun0, just not getting a reply. Turns out that the ISP doesn't set up the route for the /48 unless you do an IPv6 DHCP reqeust. Only then does traffic work when using IPs other than the ones on the PPP interface Sorry for the noise Thanks, Gary