Date: Thu, 11 Sep 2014 13:50:01 -0400 From: Dan Langille <dan@langille.org> To: Hiroki Sato <hrs@FreeBSD.org> Cc: freebsd-net@freebsd.org Subject: Re: Configuration for IPv6 over tunnel Message-ID: <94C9C202-EFEC-4689-A5CF-B3E6FE20F4CC@langille.org> In-Reply-To: <20140911.122105.2066013438047221946.hrs@allbsd.org> References: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org> <20140911.122105.2066013438047221946.hrs@allbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sep 10, 2014, at 11:21 PM, Hiroki Sato <hrs@FreeBSD.org> wrote: > Dan Langille <dan@langille.org> wrote > in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>: > > da> IPv6 Tunnel Endpoints > da> Server IPv4 Address: 209.51.x.y > da> Server IPv6 Address: 2001:470:xx06:9ea::1/64 > da> Client IPv4 Address: 96.245.100.201 > da> Client IPv6 Address: 2001:470:xx06:9ea::2/64 > da> > da> Routed /64: 2001:470:xx07:9ea::/64 > da> > da> My /etc/rc.conf includes > da> > da> cloned_interfaces="gif0” > da> ifconfig_gif0="tunnel 96.245.100.201 209.51.x.y mtu 1480” > da> ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128" > da> ifconfig_em0_ipv6="inet6 2001:470:xx07:9ea:1::1” > da> ipv6_defaultrouter="2001:470:xx06:9ea::1" > da> ipv6_gateway_enable=“YES" > da> rtadvd_enable=“YES” > > The following line is enough for ifconfig_gif0_ipv6. A /128 > configuration works but ugly: > > -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128" > +ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2/64" > > Or, you do not need to configure a client side global address in > subnet of the inter-router link if you use his endpoint as the > default router. Reducing the number of global addresses on a box is > healthy for packet filtering rule management: > > -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128" > +ifconfig_gif0_ipv6="inet6 auto_linklocal" > -ipv6_defaultrouter="2001:470:xx06:9ea::1" > +ipv6_defaultrouter="-interface gif0" > > And if your box works as a router for subnet > 2001:470:xx07:9ea::/64, please add subnet-router anycast address. > This is mandatory in RFC: > > +ifconfig_em0_ipv6_alias0="inet6 2001:470:xx07:9ea::/64 anycast" > > I think HE's endpoint is properly configured. You can ping6 to > 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1. I added in the anycast just now. Before: $ ifconfig re0 re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether e0:cb:4e:24:f0:ff inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2 inet6 2001:470:xx07:9ea:1::1 prefixlen 64 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex,master>) status: active # ifconfig re0 inet6 2001:470:xx07:9ea::/64 anycast alias After: $ ifconfig re0 re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> ether e0:cb:4e:42:f0:ff inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2 inet6 2001:470:xx07:9ea:1::1 prefixlen 64 inet6 2001:470:xx07:9ea:: prefixlen 64 anycast nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> media: Ethernet autoselect (1000baseT <full-duplex,master>) status: active Then I manually configured my Macbook to have: Router: 2001:470:xx07:9ea:1::1 IPv6 Address: 2001:470:xx07:9ea:1::1111 Prefix length: 64 $ ifconfig gif0 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1480 tunnel inet 96.245.xx.yy --> 209.51.161.14 inet6 fe80::21b:21ff:fe51:ab2d%gif0 prefixlen 64 scopeid 0xd inet6 2001:470:xx06:9ea::2 --> 2001:470:xx06:9ea::1 prefixlen 128 nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> options=1<ACCEPT_REV_ETHIP_VER> Let’s see how this goes. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iKYEARECAGYFAlQR4MlfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDA3REZBQjJGRUQ3NEE5QkE0NTNGOUJCNzBB MEIxNzE0Q0ZGQjlEM0MACgkQCgsXFM/7nTyHaACg9HINSdC4pzkuRjCfR7E3OM4t nuIAnAvzJJvZS+KP6NVpKd5vjWxoZpt5 =omYV -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94C9C202-EFEC-4689-A5CF-B3E6FE20F4CC>