From owner-freebsd-net@FreeBSD.ORG Wed Mar 13 15:59:40 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id D86E96C2 for ; Wed, 13 Mar 2013 15:59:40 +0000 (UTC) (envelope-from schrodinger@konundrum.org) Received: from crux.konundrum.org (crux.konundrum.org [91.121.150.76]) by mx1.freebsd.org (Postfix) with ESMTP id 698B518C for ; Wed, 13 Mar 2013 15:59:40 +0000 (UTC) Received: from crux.konundrum.org (localhost [127.0.0.1]) by crux.konundrum.org (Postfix) with ESMTP id 5ADBD1CD7F4 for ; Wed, 13 Mar 2013 15:59:39 +0000 (GMT) X-Virus-Scanned: amavisd-new at konundrum.org Received: from crux.konundrum.org ([127.0.0.1]) by crux.konundrum.org (crux.konundrum.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C2xG+cOiQ32m for ; Wed, 13 Mar 2013 15:59:39 +0000 (GMT) Received: from defiant.konundrum.org (defiant.konundrum.org [IPv6:2001:770:146:2::1]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by crux.konundrum.org (Postfix) with ESMTPS id CB6361CD7F3 for ; Wed, 13 Mar 2013 15:59:38 +0000 (GMT) Received: from defiant.konundrum.org (localhost [127.0.0.1]) by defiant.konundrum.org (8.14.5/8.14.5) with ESMTP id r2DFxbJQ019725 for ; Wed, 13 Mar 2013 15:59:37 GMT (envelope-from schrodinger@konundrum.org) Received: (from schrodinger@localhost) by defiant.konundrum.org (8.14.5/8.14.5/Submit) id r2DFxb5J019724 for freebsd-net@freebsd.org; Wed, 13 Mar 2013 15:59:37 GMT (envelope-from schrodinger@konundrum.org) X-Authentication-Warning: defiant.konundrum.org: schrodinger set sender to schrodinger@konundrum.org using -f Date: Wed, 13 Mar 2013 15:59:36 +0000 From: Schrodinger To: freebsd-net@freebsd.org Subject: Re: ipv6 default router Operation not permitted Message-ID: <20130313155936.GC18992@defiant.konundrum.org> References: <20130312225018.GA13589@defiant.konundrum.org> <3ABB5AED-DEA9-42F6-82A1-FEA9E8BBBDCF@my.gd> <20130313091727.GA17859@defiant.konundrum.org> <201303131227.57751.Mark.Martinec+freebsd@ijs.si> <20130313125221.GD17859@defiant.konundrum.org> <20130313131016.GE17859@defiant.konundrum.org> <20130313135253.GA18992@defiant.konundrum.org> <5140A0CE.4030605@rewt.org.uk> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="IpbVkmxF4tDyP/Kb" Content-Disposition: inline In-Reply-To: <5140A0CE.4030605@rewt.org.uk> User-Agent: Mutt/1.5.21 (2010-09-15) X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Mar 2013 15:59:40 -0000 --IpbVkmxF4tDyP/Kb Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2013/03/13 15:52, Joe Holden wrote: > Just use router solicitation to ask for the link-local gateway, that is= =20 > the "correct" way to do it. >=20 Hi Joe, If you read some of this thread you'll note that router advertisements are being disabled by the hosting provider. While their documentation indicates the use of router advertisments this does not solve the issue that I get "Operation not permitted" when trying to ping the default gateway. Without ACCEPT_RTADV on re0 FreeBSD does not even perform NEIGHBOUR solicitation for 2001:41d0:2:e7ff:ff:ff:ff:ff - presumably because it thinks that this is not on the same link as re0. C. > Schrodinger wrote: > > Damien,=20 > >=20 > > I appreciate your replies very much, but I'm a subscriber so just reply > > to the mailing list. Thanks. > >=20 > > On 2013/03/13 14:19, Fleuriot Damien wrote: > >=20 > > [SNARF] > >=20 > >> > >> These are indeed correct, thanks for clarifying. > >> > >=20 > > I thought that's what I said in my first email ;) Sorry for any > > confusion. > >=20 > >> Find below the config I'm using on an old OVH box. > >> Said config might be outdated now (as per OVH's guide on setting up IP= v6 [1]) , however that was at the time the only way to get things working p= roperly. > >> > >> rc.conf > >> =3D=3D=3D > >> #Range IPv6: 2001:41D0:2:613b::/64 > >> ipv6_enable=3D"YES" > >> ipv6_ifconfig_re0=3D"fe80::21c:c0ff:fef3:31fa/64 scopeid 0x1" > >> ipv6_ifconfig_re0_alias0=3D"2001:41d0:2:613b::dead:beef/56" > >> ipv6_defaultrouter=3D"2001:41d0:2:61ff:ff:ff:ff:ff" > >> =3D=3D=3D > >> > >=20 > > You have /56 and this is what I believe to be the incorrect way to get > > this to Just Work. I think this assume that anyone else in this /56 is > > in the same layer two segment as you....=20 > >=20 > >> routing table > >> =3D=3D=3D > > [SNARF] > >> =3D=3D=3D > >> > >> > >> > >> Notice that said config actually works: > >> =3D=3D=3D > >> $ ping6 www.google.com > >> PING6(56=3D40+8+8 bytes) 2001:41d0:2:613b::dead:beef --> 2a00:1450:400= 7:804::1014 > >> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=3D0 hlim=3D57 time=3D= 4.461 ms > >> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=3D1 hlim=3D57 time=3D= 4.462 ms > >> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=3D2 hlim=3D57 time=3D= 4.405 ms > >> ^C > >> --- www.google.com ping6 statistics --- > >> 3 packets transmitted, 3 packets received, 0.0% packet loss > >> round-trip min/avg/max/std-dev =3D 4.405/4.443/4.462/0.027 ms > >> =3D=3D=3D > >> > >> Either way, you might want to have a look at OVH's guide [1] but in my= own case, using a /56 was, at the time, the only way to get things working= in a clean way. > >> > >> [1] http://help.ovh.com/Ipv4Ipv6#link10 > >> > >=20 > > I read this, I made sure to read this and then I read it a second time. > > No where does it indicate the use of a /56. I am in the process of a > > migration from an old OVH server to a new OVH server. My old box uses > > the /56 prefix length "fix" but based on the documentation this is > > incorrect and IMO this assumes that anyone else in the /56 is in the=20 > > same segment as me and if they are using /64 - well, There Be Dragons. > >=20 > > Also from the information I have received, router advertisements may be > > turned off in the future, my host should simply Neighbour Solicit for > > the global scope unicast address of my default gateway. And as pointed > > out in previous emails without ACCEPT_RTADV for re0 - FreeBSD does not > > perform this action. > >=20 > > So again, what is the correct way ? I think this is a debate of IPv6 > > Protocol vs. IPv6 Policy vs. Network architecture. > >=20 > > I'll go and get Tina Turner. You get Masterblaster and we'll meet in > > Thunderdome. > >=20 > > C. >=20 --=20 +---------------------------------------------------------------+ Quidquid latine dictum sit, altum sonatur. MSN: schro5@hotmail.com ICQ: 112562229 GPG: http://www.konundrum.org/schro.asc --IpbVkmxF4tDyP/Kb Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iQIcBAEBCgAGBQJRQKJnAAoJEBBi7cjNKnTjYm4P/32e0AfR7Hk2lotLaCvyQRP2 anmvN28RHawkOVLpbhW85aq9M2MQ6ExFHul/9FMlxJ2FjkFJhC5DPu8sjSeZRGY3 Ov6ojqJsEyv48QiImwfz1lMYWYJ3NU6EqCOgKAXIxh+d3NGXm1phX+fNnBjrvOJi vrwA70yml8ZyfVyatf/7avoOty21hrOav2rAXbDlM4OkF0YJpm6BjmRTpj9ghTZB FhhKXWDAUa7ep997oEr/4houcjqEL7EUTD3gd5/hIOyNWZHsRVcsZnlJ5hRAQLHr K5ixUmu18P1S8YnTcR26i7gYM1oi65g+YYIkMge9UFpb0rWWrM1SlwxeCFr/laAi XNmejXJkae/aGGkhJYKCiwxw+RXOnVQAQVJKmQGj3+M+e7IB9RXrlPwyyMYGcjW+ MbOs67C9Gv/N3Wl4jCh5YCy7orZPyL7Ntog2oKd51ClknJZxEU/1eUBykIuPx8BH 9+pvB0K0PvNaxCR/3AwC/8s/Wl4pJWpH0IcAL1VgYIhoWHOt11vhAsZh1ZuygqyL zqD0Mg/eSgBZ1AVEc+EwLeliXsXdmpqtQca2CpgXjAlihxmoYgHmYgUVBuwcn6dP oMH0ku6K/rlCvbmq5PPFYnL2NupVzXTHj8mx2MV2Oh5rzFiHgruP7u4XDsenIOAe q71ABUAGD4/CZHnXH4+X =7oK4 -----END PGP SIGNATURE----- --IpbVkmxF4tDyP/Kb--