From owner-freebsd-net@FreeBSD.ORG  Tue Mar 12 22:50:30 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 8A7454BE
 for <freebsd-net@freebsd.org>; Tue, 12 Mar 2013 22:50:30 +0000 (UTC)
 (envelope-from schrodinger@konundrum.org)
Received: from crux.konundrum.org (crux.konundrum.org
 [IPv6:2001:41d0:1:c74c::1])
 by mx1.freebsd.org (Postfix) with ESMTP id 12F88E46
 for <freebsd-net@freebsd.org>; Tue, 12 Mar 2013 22:50:29 +0000 (UTC)
Received: from crux.konundrum.org (localhost [127.0.0.1])
 by crux.konundrum.org (Postfix) with ESMTP id 5218C1CD7F2
 for <freebsd-net@freebsd.org>; Tue, 12 Mar 2013 22:50:21 +0000 (GMT)
X-Virus-Scanned: amavisd-new at konundrum.org
Received: from crux.konundrum.org ([127.0.0.1])
 by crux.konundrum.org (crux.konundrum.org [127.0.0.1]) (amavisd-new,
 port 10024) with ESMTP id Kmm2trbFo9w7 for <freebsd-net@freebsd.org>;
 Tue, 12 Mar 2013 22:50:21 +0000 (GMT)
Received: from defiant.konundrum.org (defiant.konundrum.org
 [IPv6:2001:770:146:2::1])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by crux.konundrum.org (Postfix) with ESMTPS id 973921CD7F1
 for <freebsd-net@freebsd.org>; Tue, 12 Mar 2013 22:50:20 +0000 (GMT)
Received: from defiant.konundrum.org (localhost [127.0.0.1])
 by defiant.konundrum.org (8.14.5/8.14.5) with ESMTP id r2CMoJCN014548
 for <freebsd-net@freebsd.org>; Tue, 12 Mar 2013 22:50:19 GMT
 (envelope-from schrodinger@konundrum.org)
Received: (from schrodinger@localhost)
 by defiant.konundrum.org (8.14.5/8.14.5/Submit) id r2CMoINT014547
 for freebsd-net@freebsd.org; Tue, 12 Mar 2013 22:50:18 GMT
 (envelope-from schrodinger@konundrum.org)
X-Authentication-Warning: defiant.konundrum.org: schrodinger set sender to
 schrodinger@konundrum.org using -f
Date: Tue, 12 Mar 2013 22:50:18 +0000
From: Schrodinger <schrodinger@konundrum.org>
To: freebsd-net@freebsd.org
Subject: ipv6 default router Operation not permitted
Message-ID: <20130312225018.GA13589@defiant.konundrum.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
 protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk"
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 22:50:30 -0000


--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi,

I have a problem reaching my ipv6 default router.

# ping6 -c 1 2001:41d0:2:e7ff:ff:ff:ff:ff
PING6(56=3D40+8+8 bytes) 2001:41d0:2:e7c4::1 --> 2001:41d0:2:e7ff:ff:ff:ff:=
ff
ping6: sendmsg: Operation not permitted
ping6: wrote 2001:41d0:2:e7ff:ff:ff:ff:ff 16 chars, ret=3D-1

--- 2001:41d0:2:e7ff:ff:ff:ff:ff ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

It is the same issue as posted here :

 http://lists.freebsd.org/pipermail/freebsd-net/2012-February/031518.html

However, I believe the problem Mr Dandy was experiencing was he should
have changed his default gateway from:

 ipv6_defaultrouter=3D"2a01:4f8:61:50c0::1"

To:

 ipv6_defaultrouter=3D"fe80::1%re0"

As per Hertzner documentation.

http://wiki.hetzner.de/index.php/FreeBSD_installieren/en#Network_Configurat=
ion

I am not hosted with Hertzner but I have the same broken network
configuration and am uncertain of the Correct Fix.

I have:

::: /etc/rc.conf :::

ipv6_activate_all_interfaces=3D"YES"
ipv6_default_interface=3D"re0"
ipv6_network_interfaces=3D"auto"
ip6addrctl_policy=3D"ipv6_prefer"

ifconfig_re0_ipv6=3D"inet6 2001:41D0:2:E7c4::1 prefixlen 64"

ipv6_static_routes=3D"ovhgw default"
ipv6_route_ovhgw=3D"2001:41d0:2:e7ff:ff:ff:ff:ff -prefixlen 128 -interface =
re0"
ipv6_route_default=3D"default 2001:41d0:2:e7ff:ff:ff:ff:ff"

The default IPv6 router is _outside_ of my assigned /64 prefix, this is
why an interface route is set and is configured this way to ensure the
interface route is applied before the default IPv6 router is added to
the routing table. If I do not do this I will receive an error on boot
to say that the default gateway cannot be reached. There is also no
firewall in place on the host OS.

However this configuration does not work.

# ping6 -c 1 2001:41d0:2:e7ff:ff:ff:ff:ff
PING6(56=3D40+8+8 bytes) 2001:41d0:2:e7c4::1 --> 2001:41d0:2:e7ff:ff:ff:ff:=
ff
ping6: sendmsg: Operation not permitted
ping6: wrote 2001:41d0:2:e7ff:ff:ff:ff:ff 16 chars, ret=3D-1

--- 2001:41d0:2:e7ff:ff:ff:ff:ff ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

If I do=20

 # ifconfig re0 inet6 accept_rtadv

It works :

# ping6 -c 1 2001:41d0:2:e7ff:ff:ff:ff:ff
PING6(56=3D40+8+8 bytes) 2001:41d0:2:e7c4::1 --> 2001:41d0:2:e7ff:ff:ff:ff:=
ff
16 bytes from 2001:41d0:2:e7ff:ff:ff:ff:ff, icmp_seq=3D0 hlim=3D64 time=3D4=
=2E935 ms

--- 2001:41d0:2:e7ff:ff:ff:ff:ff ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev =3D 4.935/4.935/4.935/0.000 ms


Alternatively, knowing the Linklayer Address of my default gateway, I
could set a static ndp pair :

 # ifconfig re0 inet6 -accept_rtadv
 # ndp -s 2001:41d0:2:e7ff:ff:ff:ff:ff 00:05:73:a0:00:00

And it works:

# ping6 -c 1 2001:41d0:2:e7ff:ff:ff:ff:ff
PING6(56=3D40+8+8 bytes) 2001:41d0:2:e7c4::1 --> 2001:41d0:2:e7ff:ff:ff:ff:=
ff
16 bytes from 2001:41d0:2:e7ff:ff:ff:ff:ff, icmp_seq=3D0 hlim=3D64 time=3D3=
=2E582 ms

--- 2001:41d0:2:e7ff:ff:ff:ff:ff ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev =3D 3.582/3.582/3.582/0.000 ms

If I do :

 # ndp -d 2001:41d0:2:e7ff:ff:ff:ff:ff

It stops working again :

# ping6 -c 1 2001:41d0:2:e7ff:ff:ff:ff:ff
PING6(56=3D40+8+8 bytes) 2001:41d0:2:e7c4::1 --> 2001:41d0:2:e7ff:ff:ff:ff:=
ff
ping6: sendmsg: Operation not permitted
ping6: wrote 2001:41d0:2:e7ff:ff:ff:ff:ff 16 chars, ret=3D-1

--- 2001:41d0:2:e7ff:ff:ff:ff:ff ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

It seems the simple solution is to have re0 ACCEPT_RTADV but I am told
that my default gateway does not perform router advertisements.=20

In my own networks I have a static default route for inet6 and I am not
required to set any interfaces ACCEPT_RTADV.

Can anybody shed some light on the correct configuration?

Who is at fault here ?

 - Me
 - Hosting
 - FreeBSD
 - The universe

Cheers,
C.
--=20
+---------------------------------------------------------------+
Quidquid latine dictum sit, altum sonatur.
ICQ: 112562229
GPG: http://www.konundrum.org/schro.asc

--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (FreeBSD)

iQIcBAEBCgAGBQJRP7EpAAoJEBBi7cjNKnTjLS4QAK5XpcmF463QWWvzPp8pH48t
6QXEwBE2FK0BL2LkWykd32Bu6LRCu25rahGP99RDsUCy1pm5rD+j69ubll0YNn6I
WcGjfVYokx2MYX7lZbMslIkOk+Vh3KnA1GQdvRSulS/tk9UAM2YAhXKA5TbOmZgM
uppGPc1FHcFV1UZDj4BaLXDWWrQMgftedv0uUBeL9pfkBtBoCmMAnPnVt6gpLxWZ
0dtuxz4wk2MxzCT/gpXolaTZZtoI/6Jnu2Y6+aTE4sK8jQmg4/UTAGipZjBDRdJf
oI7/x7kEqNl/HbnWrlgurWPSxIFgYdN4u+AljYrq5MKcReVcyQirEt0gTBejr99L
fWj/+6XtnW5AYYBtQHHP1fLb5NTz+El3RLUrtCduQcmZq6czoaWXUaMnKP5QCTv0
h7KT95nQeGJnLtiXZVewnoCezllJg8RNPwi8XSkV+AsYFLKw45IEReGVJMWk4SER
6+MEs7iOgap0YcDShitnxcaLauFMp+MKDLWh0g3DSAgjwbSttpshtHAnD1QDxPpG
pNZA7QHgg25/++OjbmLp96zuC4zbVJXtvMYRPgiv0p8fMVJR2f83k7QZOb/MwKWc
nU+LRs+AMEgQUXLi0YY9RRlwOjVBGLVlE7aetGCZacQT0ruMcFJEDZ/NQlM4O/WO
AvnLOpThE9B0mkuvwQFF
=RWxT
-----END PGP SIGNATURE-----

--qDbXVdCdHGoSgWSk--