From owner-freebsd-net@FreeBSD.ORG Mon Jun 18 14:25:49 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 0D5DD16A41F for ; Mon, 18 Jun 2007 14:25:49 +0000 (UTC) (envelope-from hlh@restart.be) Received: from tignes.restart.be (tignes.restart.be [213.251.163.210]) by mx1.freebsd.org (Postfix) with ESMTP id 8CCBC13C4AD for ; Mon, 18 Jun 2007 14:25:48 +0000 (UTC) (envelope-from hlh@restart.be) Received: from restart.be (ip-83-134-220-45.dsl.scarlet.be [83.134.220.45]) by tignes.restart.be (8.13.8/8.13.8) with ESMTP id l5IDrPps098502 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Mon, 18 Jun 2007 15:53:25 +0200 (CEST) (envelope-from hlh@restart.be) Received: from morzine.restart.bel (morzine.restart.bel [192.168.24.2]) (authenticated bits=0) by restart.be (8.14.1/8.14.1) with ESMTP id l5IDrJZK036929 for ; Mon, 18 Jun 2007 15:53:20 +0200 (CEST) (envelope-from hlh@restart.be) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=restart.be; s=avoriaz; t=1182174804; bh=ad8DovoxbujEYnHndSShr2D4MEUirnzsUyxVmso Vup4=; h=DomainKey-Signature:Message-ID:Date:From:Organization: User-Agent:MIME-Version:To:Subject:Content-Type: Content-Transfer-Encoding:X-Scanned-By; b=SSWZ/zoOgmXN1Yr1ItJRDnNe KMjeaj8LSQgV53126LBHn9nOU0vxpcYRE8i99V5VNj6M42WD0O+bnXMBguZQVA== DomainKey-Signature: a=rsa-sha1; s=avoriaz; d=restart.be; c=nofws; q=dns; h=message-id:date:from:organization:user-agent:mime-version:to: subject:content-type:content-transfer-encoding:x-scanned-by; b=XZNUnBt7eahhRmLhVEjbsEuAbVi69ejtmtSMpaL64CYEaUcT1uFtLrdNCmKpRLg55 61BHn30Gn1UInTriv2ivg== Message-ID: <46768E4F.5040205@restart.be> Date: Mon, 18 Jun 2007 15:53:19 +0200 From: Henri Hennebert Organization: RestartSoft User-Agent: Thunderbird 2.0.0.4 (X11/20070616) MIME-Version: 1.0 To: freebsd-net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.61 on 192.168.24.1 Subject: ipv6 ndp proxy - advice needed... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2007 14:25:49 -0000 Hello, Here is my problem... I want to become a tunnel broker... I rent a dedicated server (called tignes) which is running 6.2-RELEASE and which has one ipv4 address and may use /64 ipv6 addresses (2001:41d0:1:2ad2::/64). The interface must be configured with a prefixlen of 56 and I can't change any routing in my ISP router! [root@tignes ~]# ifconfig rl0 rl0: flags=8843 mtu 1500 options=8 inet6 fe80::2e0:4cff:fede:f409%rl0 prefixlen 64 scopeid 0x1 inet 213.251.163.210 netmask 0xffffff00 broadcast 213.251.163.255 inet6 2001:41d0:1:2ad2::1 prefixlen 56 ether 00:e0:4c:de:f4:09 media: Ethernet autoselect (100baseTX ) status: active with the default gateway: default 2001:41d0:1:2aff:ff:ff:ff:ff UGS rl0 So far so good... I want to use this server as a ipv6 tunnel broker for my network at home. At home, my gateway (avoriaz) running 6.2-RELEASE is connected to my ISP with a ADSL connection (using mpd4). On avoriaz I create a gif interface as well as on the dedicated server: [root@avoriaz ~]# ifconfig gif0 gif0: flags=8051 mtu 1280 tunnel inet 83.134.220.45 --> 213.251.163.210 inet6 fe80::230:5ff:fe12:bbbf%gif0 prefixlen 64 scopeid 0x5 inet6 2001:41d0:1:2ad2::fffe:0 --> 2001:41d0:1:2ad2::ffff:0 prefixlen 128 [root@tignes ~]# ifconfig gif0 gif0: flags=8051 mtu 1280 tunnel inet 213.251.163.210 --> 83.134.220.45 inet6 fe80::2e0:4cff:fede:f409%gif0 prefixlen 64 scopeid 0x4 inet6 2001:41d0:1:2ad2::ffff:0 --> 2001:41d0:1:2ad2::fffe:0 prefixlen 128 And I decide that at home my ipv6 network will be: 2001:41d0:1:2ad2::1:0/112 So I add on tignes a static route: 2001:41d0:1:2ad2::1:0/112 2001:41d0:1:2ad2::fffe:0 UGS gif0 and at home on the gateway: default 2001:41d0:1:2ad2::ffff:0 UGS gif0 The address of the gateway on my home network is: [root@avoriaz ~]# ifconfig xl0 xl0: flags=8843 mtu 1500 options=9 inet6 fe80::204:76ff:fe9f:3324%xl0 prefixlen 64 scopeid 0x2 inet 192.168.24.1 netmask 0xffffff00 broadcast 192.168.24.255 inet6 2001:41d0:1:2ad2::1:1 prefixlen 112 ether 00:04:76:9f:33:24 media: Ethernet autoselect (100baseTX ) status: active and on my workstation (morzine) : [root@morzine ~]# ifconfig em0 em0: flags=8843 mtu 1500 options=b inet6 fe80::2e0:81ff:fe70:6b68%em0 prefixlen 64 scopeid 0x1 inet 192.168.24.2 netmask 0xffffff00 broadcast 192.168.24.255 inet6 2001:41d0:1:2ad2::1:2 prefixlen 112 ether 00:e0:81:70:6b:68 media: Ethernet autoselect (100baseTX ) status: active maybe a schema: +-------------+ dedicated server | tignes | +-------------+ |............2001:41d0:1:2ad2::/56 | gw: 2001:41d0:1:2aff:ff:ff:ff:ff | (gif ipv6 tunnel) | | +-------------+ home gateway | avoriaz | +-------------+ |............2001:41d0:1:2ad2::1:0/112 +-------------+ home workstation | morzine | +-------------+ Now, from tignes (dedicated server) I can ping6 the world: [root@tignes ~]# ping6 www.kame.net PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1 --> 2001:200:0:8002:203:47ff:fea5:3085 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=0 hlim=53 time=272.770 ms 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=1 hlim=53 time=283.548 ms on morzine (the workstation) I can ping6 avoriaz and tignes: [root@morzine ~]# ping6 tignes6 PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1:2 --> 2001:41d0:1:2ad2::1 16 bytes from 2001:41d0:1:2ad2::1, icmp_seq=0 hlim=63 time=29.066 ms 16 bytes from 2001:41d0:1:2ad2::1, icmp_seq=1 hlim=63 time=28.472 ms If I try to ping6 the world, no answer... and on the dedicated server: [root@tignes ~]# tcpdump -i rl0 icmp6 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on rl0, link-type EN10MB (Ethernet), capture size 96 bytes 15:30:11.621367 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 26, length 16 15:30:11.902219 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:12.621494 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 27, length 16 15:30:12.905746 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:13.622036 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 28, length 16 15:30:13.902557 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:14.632267 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 29, length 16 15:30:14.902459 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 15:30:15.621377 IP6 2001:41d0:1:2ad2::1:2 > orange.kame.net: ICMP6, echo request, seq 30, length 16 15:30:15.905359 IP6 fe80::2d0:3ff:fe75:e000 > ff02::1:ff01:2: ICMP6, neighbor solicitation, who has 2001:41d0:1:2ad2::1:2, length 32 So tignes is not responding to neighbor solicitation. If I do: [root@tignes ~]# ifconfig rl0 inet6 2001:41d0:1:2ad2::1:2/128 alias tignes respond to neighbor solicitation and after [root@tignes ~]# ifconfig rl0 inet6 2001:41d0:1:2ad2::1:2/128 -alias for the next 60 seconds, morzine receive the responses: [root@morzine ~]# ping6 www.kame.net PING6(56=40+8+8 bytes) 2001:41d0:1:2ad2::1:2 --> 2001:200:0:8002:203:47ff:fea5:3085 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=136 hlim=51 time=302.028 ms 16 bytes from 2001:200:0:8002:203:47ff:fea5:3085, icmp_seq=137 hlim=51 time=312.177 ms The question now: How to force tignes to answer neighbor solicitation for any addresses in 2001:41d0:1:2ad2::1:0/112 ? I din't want to use a tunnel broker, I want to try it myself for the sake of it :-) Thank you for your time Henri