From owner-freebsd-net@freebsd.org Sun Aug 23 15:38:06 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 558239C0B5C for ; Sun, 23 Aug 2015 15:38:06 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id EBBCD6B6 for ; Sun, 23 Aug 2015 15:38:05 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local ([192.168.100.2]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.15.2/8.15.2) with ESMTPSA id t7NFc14Z032650 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 23 Aug 2015 16:38:01 +0100 (BST) (envelope-from matthew@FreeBSD.org) Authentication-Results: smtp.infracaninophile.co.uk; dmarc=none header.from=FreeBSD.org DKIM-Filter: OpenDKIM Filter v2.10.3 smtp.infracaninophile.co.uk t7NFc14Z032650 Authentication-Results: smtp.infracaninophile.co.uk/t7NFc14Z032650; dkim=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host [192.168.100.2] claimed to be liminal.local Subject: Re: Routing IPv6 over tun0 (PPPoE) issue To: freebsd-net@freebsd.org References: <20150823150408.GE13503@in-addr.com> From: Matthew Seaman X-Enigmail-Draft-Status: N1110 Message-ID: <55D9E8D4.1050700@FreeBSD.org> Date: Sun, 23 Aug 2015 16:37:56 +0100 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Thunderbird/38.2.0 MIME-Version: 1.0 In-Reply-To: <20150823150408.GE13503@in-addr.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="L5mkpI2m91wKkft7VHfXbmJSnd9csOWrT" X-Virus-Scanned: clamav-milter 0.98.7 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00 autolearn=ham autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Aug 2015 15:38:06 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --L5mkpI2m91wKkft7VHfXbmJSnd9csOWrT Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 23/08/2015 16:04, Gary Palmer wrote: > However if I configure other IPs on other interfaces from the netblock = that > has been delegated to me and either source the traffic from those IPs o= r > try the traceroute from another computer using IPs in that netblock, I > don't even see the traffic leaving tun0 with tcpdump, let alone get any= > replies. I have a similar setup. Looks to me as if there's a problem with your routing internally. My routing table looks like this (excluding the ff01::, ff02:: and ff03:: routes and anything that's a host specific route): % netstat -rn -f inet6 | grep -vE '(UH|ff0)' Routing tables Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 default fe80::203:97ff:fe19:8000%tun0 UGS tun0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2001:8b0:151:1::/64 link#1 U em0 <<<---** fe80::/10 ::1 UGRS lo0 fe80::%em0/64 link#1 U em0 fe80::%re0/64 link#2 U re0 fe80::%lo0/64 link#3 U lo0 fe80::%tun0/64 link#5 U tun0 Here em0 is the interface onto my internal network, and any addresses from my assigned IPv6 netblock are configured on that interface or the network directly attached to it. You should have a route equivalent to the one marked with the arrow. Note that tun0 uses link-local addresses for the IPv6 tunnelling, not addresses from my assigned range. Depending on how your ISP has configured things you may need a "real" IPv6 address on your tun0 interface, but this should be from a distinct subnet to the block you're using internally. Hmmm.... you do have 'gateway_enable=3D"YES"' and 'ipv6_gateway_enable=3D"YES"' in your /etc/rc.conf ? Cheers, Matthew --L5mkpI2m91wKkft7VHfXbmJSnd9csOWrT Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2 iQJ8BAEBCgBmBQJV2ejUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2NTNBNjhCOTEzQTRFNkNGM0UxRTEzMjZC QjIzQUY1MThFMUE0MDEzAAoJELsjr1GOGkAT9aQQAJAL3zDc8KXv40CbuDb6AxtH Al7/6HwLxVbshiWJr1q0HbsDHW9PHsfxAL2J8ER9qVdZmc5dm/EG80GKMNb8v+IG ecilWPN+fP4H/FurC/Nxsz1ihSo+Zo8Hf9zn8GHOuJrnP1s9lx7NSixhDt/2/8Gg T3W3JJhrJXovYfD4+cs3DVlEOT8xnDsHZRt4rdOXWpK6IXJF86HxINDORnx01AcM yyyEwcsNOrfog3+hA+6QHGELe9oqaPEJeTl0ZEWsq9CKkj5HQNzsnd1KcnaJjfku UpSR9G7QPOv0e8htRgtXHzsr0oyRaYCkhmwmrC5n7oe0UTrWMxqLdMmdLiHyVzsQ i9dplUDvv5xAcqPIeccVQfS08aOELDji8ldt9zOgiT0jE/omUg247RJ9N9w6ODHb uVZgq1IrZnwfKbXtsYnrtMoMKvvO8yZzy25sAEbqRjpBrzjGd5554qbudrrr2n9U GlfGAmuEnHsEP6WU+50wr7f3YAY+1/+8aLvAaI04eTFN0dOPsy8Fom4iacE96QEn Mlgyi2laxnC0F2nv7tIBxDf0bs3zC74KyuZHsFCTmmxSLl8Sn7rnmKikznjLitxp x5nhXV8fEikVkPW7I+BJjYO0FKrkjY0NQZHWOkKs4gaTEnKzIxaAJMjtHwszMN7/ EBI6nmYzxdXdJBp+VgIB =gsIB -----END PGP SIGNATURE----- --L5mkpI2m91wKkft7VHfXbmJSnd9csOWrT--