Date: Mon, 18 Jun 2007 15:53:19 +0200 From: Henri Hennebert <hlh@restart.be> To: freebsd-net@freebsd.org Subject: ipv6 ndp proxy - advice needed... Message-ID: <46768E4F.5040205@restart.be>
next in thread | raw e-mail | index | archive | help
Hello, Here is my problem... I want to become a tunnel broker... I rent a dedicated server (called tignes) which is running 6.2-RELEASE and which has one ipv4 address and may use /64 ipv6 addresses (2001:41d0:1:2ad2::/64). The interface must be configured with a prefixlen of 56 and I can't change any routing in my ISP router! [root@tignes ~]# ifconfig rl0 rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::2e0:4cff:fede:f409%rl0 prefixlen 64 scopeid 0x1 inet 213.251.163.210 netmask 0xffffff00 broadcast 213.251.163.255 inet6 2001:41d0:1:2ad2::1 prefixlen 56 ether 00:e0:4c:de:f4:09 media: Ethernet autoselect (100baseTX <full-duplex>) status: active with the default gateway: default 2001:41d0:1:2aff:ff:ff:ff:ff UGS rl0 So far so good... I want to use this server as a ipv6 tunnel broker for my network at home. At home, my gateway (avoriaz) running 6.2-RELEASE is connected to my ISP with a ADSL connection (using mpd4). On avoriaz I create a gif interface as well as on the dedicated server: [root@avoriaz ~]# ifconfig gif0 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet 83.134.220.45 --> 213.251.163.210 inet6 fe80::230:5ff:fe12:bbbf%gif0 prefixlen 64 scopeid 0x5 inet6 2001:41d0:1:2ad2::fffe:0 --> 2001:41d0:1:2ad2::ffff:0 prefixlen 128 [root@tignes ~]# ifconfig gif0 gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 tunnel inet 213.251.163.210 --> 83.134.220.45 inet6 fe80::2e0:4cff:fede:f409%gif0 prefixlen 64 scopeid 0x4 inet6 2001:41d0:1:2ad2::ffff:0 --> 2001:41d0:1:2ad2::fffe:0 prefixlen 128 And I decide that at home my ipv6 network will be: 2001:41d0:1:2ad2::1:0/112 So I add on tignes a static route: 2001:41d0:1:2ad2::1:0/112 2001:41d0:1:2ad2::fffe:0 UGS gif0 and at home on the gateway: default 2001:41d0:1:2ad2::ffff:0 UGS gif0 The address of the gateway on my home network is: [root@avoriaz ~]# ifconfig xl0 xl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=9<RXCSUM,VLAN_MTU> inet6 fe80::204:76ff:fe9f:3324%xl0 prefixlen 64 scopeid 0x2 inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 inet6 2001:41d0:1:2ad2::1:1 prefixlen 112 ether 00:04:76:9f:33:24 media: Ethernet autoselect (100baseTX <full-duplex>) status: active and on my workstation (morzine) : [root@morzine ~]# ifconfig em0 em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=b<RXCSUM,TXCSUM,VLAN_MTU> inet6 fe80::2e0:81ff:fe70:6b68%em0 prefixlen 64 scopeid 0x1 inet 192.168.24.2 netmask 0xffffff00 broadcast 192.168.24.255 inet6 2001:41d0:1:2ad2::1:2 prefixlen 112 ether 00:e0:81:70:6b:68 media: Ethernet autoselect (100baseTX <full-duplex>) status: active maybe a schema: +-------------+ dedicated server | tignes | +-------------+ |............2001:41d0:1:2ad2::/56 | gw: 2001:41d0:1:2aff:ff:ff:ff:ff | (gif ipv6 tunnel) | | +-------------+ home gateway | avoriaz | +-------------+ |............2001:41d0:1:2ad2::1:0/112 +-------------+ home workstation | morzine | +-------------+ Now, from tignes (dedicated server) I can ping6 the world: [root@tignes ~]# ping6 www.kame.net PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1 --> 2001:200:0:8002:203:47ff:fea5:3085 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=0 hlim=53 time=272.770 ms 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=1 hlim=53 time=283.548 ms on morzine (the workstation) I can ping6 avoriaz and tignes: [root@morzine ~]# ping6 tignes6 PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1:2 --> 2001:41d0:1:2ad2::1 16 bytes from 2001:41d0:1:2ad2::1, icmp_seq=0 hlim=63 time=29.066 ms 16 bytes from 2001:41d0:1:2ad2::1, icmp_seq=1 hlim=63 time=28.472 ms If I try to ping6 the world, no answer... and on the dedicated server: [root@tignes ~]# tcpdump -i rl0 icmp6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 15:30:11.621367 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 26, length 16 15:30:11.902219 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:12.621494 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 27, length 16 15:30:12.905746 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:13.622036 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 28, length 16 15:30:13.902557 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:14.632267 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 29, length 16 15:30:14.902459 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:15.621377 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 30, length 16 15:30:15.905359 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 So tignes is not responding to neighbor solicitation. If I do: [root@tignes ~]# ifconfig rl0 inet6 2001:41d0:1:2ad2::1:2/128 alias tignes respond to neighbor solicitation and after [root@tignes ~]# ifconfig rl0 inet6 2001:41d0:1:2ad2::1:2/128 -alias for the next 60 seconds, morzine receive the responses: [root@morzine ~]# ping6 www.kame.net PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1:2 --> 2001:200:0:8002:203:47ff:fea5:3085 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=136 hlim=51 time=302.028 ms 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=137 hlim=51 time=312.177 ms The question now: How to force tignes to answer neighbor solicitation for any addresses in 2001:41d0:1:2ad2::1:0/112 ? I din't want to use a tunnel broker, I want to try it myself for the sake of it :-) Thank you for your time Henri
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46768E4F.5040205>