Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 Aug 2015 17:48:28 +0100
From:      Gary Palmer <gpalmer@freebsd.org>
To:        Matthew Seaman <matthew@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Routing IPv6 over tun0 (PPPoE) issue
Message-ID:  <20150823164828.GF13503@in-addr.com>
In-Reply-To: <55D9E8D4.1050700@FreeBSD.org>
References:  <20150823150408.GE13503@in-addr.com> <55D9E8D4.1050700@FreeBSD.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 23, 2015 at 04:37:56PM +0100, Matthew Seaman wrote:
> On 23/08/2015 16:04, Gary Palmer wrote:
> > However if I configure other IPs on other interfaces from the netblock that
> > has been delegated to me and either source the traffic from those IPs or
> > try the traceroute from another computer using IPs in that netblock, I
> > don't even see the traffic leaving tun0 with tcpdump, let alone get any
> > replies.
> 
> I have a similar setup.  Looks to me as if there's a problem with your
> routing internally.
> 
> My routing table looks like this (excluding the ff01::, ff02:: and
> ff03:: routes and anything that's a host specific route):
> 
> % netstat -rn -f inet6 | grep -vE '(UH|ff0)'
> Routing tables
> 
> Internet6:
> Destination         Gateway                       Flags  Netif Expire
> ::/96               ::1                           UGRS    lo0
> default             fe80::203:97ff:fe19:8000%tun0 UGS    tun0
> ::ffff:0.0.0.0/96   ::1                           UGRS    lo0
> 2001:8b0:151:1::/64 link#1                        U       em0  <<<---**
> fe80::/10           ::1                           UGRS    lo0
> fe80::%em0/64       link#1                        U       em0
> fe80::%re0/64       link#2                        U       re0
> fe80::%lo0/64       link#3                        U       lo0
> fe80::%tun0/64      link#5                        U      tun0
> 
> Here em0 is the interface onto my internal network, and any addresses
> from my assigned IPv6 netblock are configured on that interface or the
> network directly attached to it. You should have a route equivalent to
> the one marked with the arrow.
> 
> Note that tun0 uses link-local addresses for the IPv6 tunnelling, not
> addresses from my assigned range.  Depending on how your ISP has
> configured things you may need a "real" IPv6 address on your tun0
> interface, but this should be from a distinct subnet to the block you're
> using internally.

Hi Matthew,

Thanks for the reply.  I may have messed up manually masking the
network data so let me do it by sed this time so I don't mess up.

aaaa:bbbb:cccc:dddd is the /64 prefix used for the connection
xxxx:yyyy:zzzz is the /48 used for internal IPs

The tunnelbroker IPs are also configured but I've removed them as they
shouldn't be relevant.  I've checked gif0 and none of the traffic is
going out that interface either.

tun0 shows:

tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1492
        options=80000<LINKSTATE>
        inet6 fe80::200:24ff:fec9:5bbc%tun0 prefixlen 64 scopeid 0xa 
        inet a.b.c.d --> e.f.g.h netmask 0xffffffff 
        inet6 aaaa:bbbb:cccc:dddd:200:24ff:fec9:5bbc prefixlen 64 autoconf 
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        Opened by PID 1038

vr0 shows:

vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC,LINKSTATE>
        ether 00:00:24:c9:5b:bc
        inet i.j.k.l netmask 0xffffff00 broadcast i.j.k.m
        inet6 fe80::200:24ff:fec9:5bbc%vr0 prefixlen 64 scopeid 0x1 
        inet6 xxxx:yyyy:zzzz:1::1 prefixlen 64 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active

IPv6 routing table:

Routing tables

Internet6:
Destination                       Gateway                       Flags      Netif Expire
::/96                             ::1                           UGRS        lo0 =>
default                           fe80::230:88ff:fe16:ec4f%tun0 UG         tun0
::1                               link#9                        UH          lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
xxxx:yyyy:zzzz:1::/64             link#1                        U           vr0
xxxx:yyyy:zzzz:1::1               link#1                        UHS         lo0
xxxx:yyyy:zzzz:2::/64             link#3                        U           vr2
xxxx:yyyy:zzzz:2::1               link#3                        UHS         lo0
aaaa:bbbb:cccc:dddd::/64             link#10                       U          tun0
aaaa:bbbb:cccc:dddd:200:24ff:fec9:5bbc link#10                       UHS         lo0

traceroute from tun0 IP (first 4 hops only shown)

traceroute6 to wfe0.ysv.freebsd.org (2001:1900:2254:206a::50:0) from aaaa:bbbb:cccc:dddd:200:24ff:fec9:5bbc, 4 hops max, 12 byte packets
 1  aaaa:bbbb::3:0:0:2  29.318 ms  29.860 ms  28.065 ms
 2  aaaa:bbbb:0:301::  28.724 ms  29.064 ms  29.421 ms
 3  aaaa:bbbb:0:4::1  29.881 ms  29.189 ms  28.254 ms
 4  aaaa:bbbb:0:3::1  35.764 ms  36.488 ms  36.054 ms

traceroute from vr0 IP using 'traceroute6 -s' 

traceroute6 to wfe0.ysv.freebsd.org (2001:1900:2254:206a::50:0) from xxxx:yyyy:zzzz:1::1, 4 hops max, 12 byte packets
 1  * * *
 2  * * *


> Hmmm.... you do have 'gateway_enable="YES"' and
> 'ipv6_gateway_enable="YES"' in your /etc/rc.conf ?

gateway_enable="YES"
ipv6_gateway_enable="YES"

Yes.  v4 continues to work fine.

Thanks,

Gary



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150823164828.GF13503>