From owner-freebsd-bugs@freebsd.org Mon Nov 19 00:22:26 2018 Return-Path: Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id D29C4112C583 for ; Mon, 19 Nov 2018 00:22:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 6574477EB3 for ; Mon, 19 Nov 2018 00:22:25 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 203D5112C582; Mon, 19 Nov 2018 00:22:25 +0000 (UTC) Delivered-To: bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F051B112C581 for ; Mon, 19 Nov 2018 00:22:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 88E9677EAF for ; Mon, 19 Nov 2018 00:22:24 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id C59EA26D39 for ; Mon, 19 Nov 2018 00:22:23 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wAJ0MNak046038 for ; Mon, 19 Nov 2018 00:22:23 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wAJ0MN6t046029 for bugs@FreeBSD.org; Mon, 19 Nov 2018 00:22:23 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233283] IPv6 routing problem when using FreeBSD as a VPS at a cloud provider Date: Mon, 19 Nov 2018 00:22:23 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: kern X-Bugzilla-Version: 11.2-STABLE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: bz@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: net@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_severity cc assigned_to Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-Rspamd-Queue-Id: 6574477EB3 X-Spamd-Result: default: False [0.67 / 15.00]; local_wl_from(0.00)[freebsd.org]; NEURAL_SPAM_MEDIUM(0.29)[0.292,0]; ASN(0.00)[asn:10310, ipnet:2001:1900:2254::/48, country:US]; NEURAL_SPAM_SHORT(0.37)[0.374,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Nov 2018 00:22:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233283 Bjoern A. Zeeb changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Affects Many People |Affects Some People CC| |bz@FreeBSD.org Assignee|bugs@FreeBSD.org |net@FreeBSD.org --- Comment #4 from Bjoern A. Zeeb --- (In reply to peos42 from comment #0) I used to have such a setup with a very well known European hoster. It's idiotic IPv4 behaviour (and was exactly that there as well) and it'll eventually cause them a lot of trouble in IPv6 land as their neighbour tabl= es on the L2/3 device in front of you can easily fill up. My European one aft= er 1.5 years of silence has just updated and rolled out the new setup with a transition period years after. They never said anything but I was happy th= ey listened. The solution for any hoster is to have a fe80::1/64 as a default gateway on= all interfaces for all customers. It's a link-local address, there'll not be t= oo many of them and then, given they know the ether address of their customers route whatever network their customers get to that; no extra neighbour table addresses; their router is a lot less attackable as there's no public /64 on each interface, etc. So much more to say about all this but that's their problem and not yours. You can still make this work with FreeBSD and some "glue" and magic and I'll just braindump here what comes to my mind: (a) set your ipv6_default_interface to your external interface (b) look at ndp -an to find your routers link-local address and then set ipv6_defaultrouter=3D"fe80:....%${ipv6_default_interface}" Note this is a hack as that address can change if your hoster changes things or moves the VM around; in a more or less static setups it works; it could be "automated"; (c) I wonder if ping6 -n ff02::2% will give you answers, that sh= ould be the same address as in (b). If the address from (b) changes you might be out of luck and the best you could do is to script a "checker" which valida= tes the address every minute and updates the IPv6 default route accordingly. (d) The above assumes that calling rtsol on the interface doesn't help you = in that setup. Would be great if it would. (e) alternatively: you might be able to set the default gateway using -link= ;=20 can't remember if that works; haven't tried that in years. Try and see if you can work it out from there. I'd be curious to hear... --=20 You are receiving this mail because: You are the assignee for the bug.=