Date: Wed, 13 Mar 2013 16:29:25 +0000 From: Joe Holden <lists@rewt.org.uk> To: Schrodinger <schrodinger@konundrum.org> Cc: freebsd-net@freebsd.org Subject: Re: ipv6 default router Operation not permitted Message-ID: <5140A965.5090206@rewt.org.uk> In-Reply-To: <20130313155936.GC18992@defiant.konundrum.org> References: <20130312225018.GA13589@defiant.konundrum.org> <3ABB5AED-DEA9-42F6-82A1-FEA9E8BBBDCF@my.gd> <20130313091727.GA17859@defiant.konundrum.org> <201303131227.57751.Mark.Martinec%2Bfreebsd@ijs.si> <20130313125221.GD17859@defiant.konundrum.org> <B58DABE0-BB82-412D-82AB-C7C9AFD82F12@my.gd> <20130313131016.GE17859@defiant.konundrum.org> <D38E17AB-86AA-40B5-BFD6-A092DFAA1660@my.gd> <20130313135253.GA18992@defiant.konundrum.org> <5140A0CE.4030605@rewt.org.uk> <20130313155936.GC18992@defiant.konundrum.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Strange, I used this setup on an OVH machine a while ago, seemed to work - perhaps something isn't properly configured at their end properly Schrodinger wrote: > On 2013/03/13 15:52, Joe Holden wrote: >> Just use router solicitation to ask for the link-local gateway, that is >> the "correct" way to do it. >> > > Hi Joe, > > If you read some of this thread you'll note that router advertisements > are being disabled by the hosting provider. While their documentation > indicates the use of router advertisments this does not solve the issue > that I get "Operation not permitted" when trying to ping the default > gateway. > > Without ACCEPT_RTADV on re0 FreeBSD does not even perform NEIGHBOUR > solicitation for 2001:41d0:2:e7ff:ff:ff:ff:ff - presumably because it > thinks that this is not on the same link as re0. > > C. > >> Schrodinger wrote: >>> Damien, >>> >>> I appreciate your replies very much, but I'm a subscriber so just reply >>> to the mailing list. Thanks. >>> >>> On 2013/03/13 14:19, Fleuriot Damien wrote: >>> >>> [SNARF] >>> >>>> These are indeed correct, thanks for clarifying. >>>> >>> I thought that's what I said in my first email ;) Sorry for any >>> confusion. >>> >>>> Find below the config I'm using on an old OVH box. >>>> Said config might be outdated now (as per OVH's guide on setting up IPv6 [1]) , however that was at the time the only way to get things working properly. >>>> >>>> rc.conf >>>> === >>>> #Range IPv6: 2001:41D0:2:613b::/64 >>>> ipv6_enable="YES" >>>> ipv6_ifconfig_re0="fe80::21c:c0ff:fef3:31fa/64 scopeid 0x1" >>>> ipv6_ifconfig_re0_alias0="2001:41d0:2:613b::dead:beef/56" >>>> ipv6_defaultrouter="2001:41d0:2:61ff:ff:ff:ff:ff" >>>> === >>>> >>> You have /56 and this is what I believe to be the incorrect way to get >>> this to Just Work. I think this assume that anyone else in this /56 is >>> in the same layer two segment as you.... >>> >>>> routing table >>>> === >>> [SNARF] >>>> === >>>> >>>> >>>> >>>> Notice that said config actually works: >>>> === >>>> $ ping6 www.google.com >>>> PING6(56=40+8+8 bytes) 2001:41d0:2:613b::dead:beef --> 2a00:1450:4007:804::1014 >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=0 hlim=57 time=4.461 ms >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=1 hlim=57 time=4.462 ms >>>> 16 bytes from 2a00:1450:4007:804::1014, icmp_seq=2 hlim=57 time=4.405 ms >>>> ^C >>>> --- www.google.com ping6 statistics --- >>>> 3 packets transmitted, 3 packets received, 0.0% packet loss >>>> round-trip min/avg/max/std-dev = 4.405/4.443/4.462/0.027 ms >>>> === >>>> >>>> Either way, you might want to have a look at OVH's guide [1] but in my own case, using a /56 was, at the time, the only way to get things working in a clean way. >>>> >>>> [1] http://help.ovh.com/Ipv4Ipv6#link10 >>>> >>> I read this, I made sure to read this and then I read it a second time. >>> No where does it indicate the use of a /56. I am in the process of a >>> migration from an old OVH server to a new OVH server. My old box uses >>> the /56 prefix length "fix" but based on the documentation this is >>> incorrect and IMO this assumes that anyone else in the /56 is in the >>> same segment as me and if they are using /64 - well, There Be Dragons. >>> >>> Also from the information I have received, router advertisements may be >>> turned off in the future, my host should simply Neighbour Solicit for >>> the global scope unicast address of my default gateway. And as pointed >>> out in previous emails without ACCEPT_RTADV for re0 - FreeBSD does not >>> perform this action. >>> >>> So again, what is the correct way ? I think this is a debate of IPv6 >>> Protocol vs. IPv6 Policy vs. Network architecture. >>> >>> I'll go and get Tina Turner. You get Masterblaster and we'll meet in >>> Thunderdome. >>> >>> C. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5140A965.5090206>