From owner-freebsd-net@FreeBSD.ORG Thu Sep 11 17:50:28 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 203EF8FC; Thu, 11 Sep 2014 17:50:28 +0000 (UTC) Received: from nyi.unixathome.org (nyi.unixathome.org [64.147.113.42]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "nyi.unixathome.org", Issuer "StartCom Class 2 Primary Intermediate Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B685BD98; Thu, 11 Sep 2014 17:50:27 +0000 (UTC) Received: from nyi.unixathome.org (localhost [127.0.0.1]) by nyi.unixathome.org (Postfix) with ESMTP id 78CB55082E; Thu, 11 Sep 2014 17:50:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at unixathome.org Received: from nyi.unixathome.org ([127.0.0.1]) by nyi.unixathome.org (nyi.unixathome.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WaA53bVauDfU; Thu, 11 Sep 2014 17:50:10 +0000 (UTC) Received: from smtp-auth.unixathome.org (smtp-auth.unixathome.org [10.4.7.7]) (Authenticated sender: hidden) by nyi.unixathome.org (Postfix) with ESMTPSA id E49DF50823 ; Thu, 11 Sep 2014 17:50:09 +0000 (UTC) Content-Type: multipart/signed; boundary="Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D"; protocol="application/pgp-signature"; micalg=pgp-sha1 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: Configuration for IPv6 over tunnel From: Dan Langille In-Reply-To: <20140911.122105.2066013438047221946.hrs@allbsd.org> Date: Thu, 11 Sep 2014 13:50:01 -0400 Message-Id: <94C9C202-EFEC-4689-A5CF-B3E6FE20F4CC@langille.org> References: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org> <20140911.122105.2066013438047221946.hrs@allbsd.org> To: Hiroki Sato X-Mailer: Apple Mail (2.1878.6) Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Sep 2014 17:50:28 -0000 --Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=iso-2022-jp On Sep 10, 2014, at 11:21 PM, Hiroki Sato wrote: > Dan Langille wrote > in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>: >=20 > da> IPv6 Tunnel Endpoints > da> Server IPv4 Address: 209.51.x.y > da> Server IPv6 Address: 2001:470:xx06:9ea::1/64 > da> Client IPv4 Address: 96.245.100.201 > da> Client IPv6 Address: 2001:470:xx06:9ea::2/64 > da> > da> Routed /64: 2001:470:xx07:9ea::/64 > da> > da> My /etc/rc.conf includes > da> > da> cloned_interfaces=3D"gif0=1B$B!I=1B(B > da> ifconfig_gif0=3D"tunnel 96.245.100.201 209.51.x.y mtu 1480=1B$B!I=1B= (B > da> ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2 = 2001:470:xx06:9ea::1 prefixlen 128" > da> ifconfig_em0_ipv6=3D"inet6 2001:470:xx07:9ea:1::1=1B$B!I=1B(B > da> ipv6_defaultrouter=3D"2001:470:xx06:9ea::1" > da> ipv6_gateway_enable=3D=1B$B!H=1B(BYES" > da> rtadvd_enable=3D=1B$B!H=1B(BYES=1B$B!I=1B(B >=20 > The following line is enough for ifconfig_gif0_ipv6. A /128 > configuration works but ugly: >=20 > -ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2 = 2001:470:xx06:9ea::1 prefixlen 128" > +ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2/64" >=20 > Or, you do not need to configure a client side global address in > subnet of the inter-router link if you use his endpoint as the > default router. Reducing the number of global addresses on a box is > healthy for packet filtering rule management: >=20 > -ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2 = 2001:470:xx06:9ea::1 prefixlen 128" > +ifconfig_gif0_ipv6=3D"inet6 auto_linklocal" > -ipv6_defaultrouter=3D"2001:470:xx06:9ea::1" > +ipv6_defaultrouter=3D"-interface gif0" >=20 > And if your box works as a router for subnet > 2001:470:xx07:9ea::/64, please add subnet-router anycast address. > This is mandatory in RFC: >=20 > +ifconfig_em0_ipv6_alias0=3D"inet6 2001:470:xx07:9ea::/64 anycast" >=20 > I think HE's endpoint is properly configured. You can ping6 to > 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1. I added in the anycast just now. Before: $ ifconfig re0 re0: flags=3D8843 metric 0 mtu = 1500 = options=3D8209b ether e0:cb:4e:24:f0:ff inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2=20 inet6 2001:470:xx07:9ea:1::1 prefixlen 64=20 nd6 options=3D21 media: Ethernet autoselect (1000baseT ) status: active # ifconfig re0 inet6 2001:470:xx07:9ea::/64 anycast alias After: $ ifconfig re0 re0: flags=3D8843 metric 0 mtu = 1500 = options=3D8209b ether e0:cb:4e:42:f0:ff inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255 inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2=20 inet6 2001:470:xx07:9ea:1::1 prefixlen 64=20 inet6 2001:470:xx07:9ea:: prefixlen 64 anycast=20 nd6 options=3D21 media: Ethernet autoselect (1000baseT ) status: active Then I manually configured my Macbook to have: Router: 2001:470:xx07:9ea:1::1 IPv6 Address: 2001:470:xx07:9ea:1::1111 Prefix length: 64 $ ifconfig gif0 gif0: flags=3D8051 metric 0 mtu 1480 tunnel inet 96.245.xx.yy --> 209.51.161.14 inet6 fe80::21b:21ff:fe51:ab2d%gif0 prefixlen 64 scopeid 0xd=20 inet6 2001:470:xx06:9ea::2 --> 2001:470:xx06:9ea::1 prefixlen = 128=20 nd6 options=3D21 options=3D1 Let=1B$B!G=1B(Bs see how this goes. --Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP using GPGMail -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iKYEARECAGYFAlQR4MlfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl bnBncC5maWZ0aGhvcnNlbWFuLm5ldDA3REZBQjJGRUQ3NEE5QkE0NTNGOUJCNzBB MEIxNzE0Q0ZGQjlEM0MACgkQCgsXFM/7nTyHaACg9HINSdC4pzkuRjCfR7E3OM4t nuIAnAvzJJvZS+KP6NVpKd5vjWxoZpt5 =omYV -----END PGP SIGNATURE----- --Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D--