Date: Wed, 31 Jul 2019 14:57:01 +0200 From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Viktor Dukhovni <viktor@dukhovni.org>, freebsd-net@freebsd.org Subject: Re: Preferring internal IPv6 source address over gif tunnel IP? Message-ID: <228a86f5-8c93-be6e-3847-896c89d430dc@plan-b.pwste.edu.pl> In-Reply-To: <20190731120705.GC24255@straasha.imrryr.org> References: <20190731120705.GC24255@straasha.imrryr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --PczUBOGNFEvpyi4slqFcTrTGqNOq9OAnS Content-Type: multipart/mixed; boundary="w8hs3posPVBiwINpQHyBwh6igtE8MSeJn"; protected-headers="v1" From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> To: Viktor Dukhovni <viktor@dukhovni.org>, freebsd-net@freebsd.org Message-ID: <228a86f5-8c93-be6e-3847-896c89d430dc@plan-b.pwste.edu.pl> Subject: Re: Preferring internal IPv6 source address over gif tunnel IP? References: <20190731120705.GC24255@straasha.imrryr.org> In-Reply-To: <20190731120705.GC24255@straasha.imrryr.org> --w8hs3posPVBiwINpQHyBwh6igtE8MSeJn Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable W dniu 31.07.2019 o=C2=A014:07, Viktor Dukhovni pisze: >=20 > My FreeBSD machine is also my router, and for lack IPv6 support by > Verizon, now uses a "gif" tunnel via Hurricane Electric. >=20 > HE provides me with two prefixes: >=20 > 1. Point to point tunnel /128: >=20 > cloned_interfaces=3D"gif0" > create_args_gif0=3D"tunnel <my-public-ipv4> <their-tunnel-ipv4>" > ifconfig_gif0_ipv6=3D"inet6 <tunnel-prefix>::2 <tunnel-prefix>::1 pref= ixlen 128" > ipv6_defaultrouter=3D"<tunnel-prefix>::1" >=20 > 2. A /64 for my network: >=20 > ipv6_network_interfaces=3D"igb1" > ifconfig_igb1_ipv6=3D"inet6 <my-network>::1 prefixlen 64" >=20 > They support DNS reverse resolution delegation for "my-network" > (the /64), but not the point-to-point "tunnel-prefix" (the /128). >=20 > Since a bunch of my traffic is SMTP, I need reverse resolution for > outgoing IPv6, which means that I need the outgoing sources address > to be <my-network>::1, not <tunnel-prefix>::2, even though the > routing table lists "gif0" as the interface with the default route. >=20 > Is it possible to configure my system to use the internal /64 address > as the default source address of outgoing IPv6 packets? >=20 > If it would help, I can assign the "<my-network>::1" address to the > external physical network interface (same one that has the tunnel > v4 address) or the loopback interface... RFC3484 section4 hints > at such possibilities (https://tools.ietf.org/html/rfc3484#page-9): >=20 > It is RECOMMENDED that the candidate source addresses be the set of > unicast addresses assigned to the interface that will be used to sen= d > to the destination. (The "outgoing" interface.) On routers, the > candidate set MAY include unicast addresses assigned to any interfac= e > that forwards packets, subject to the restrictions described below. >=20 > Discussion: The Neighbor Discovery Redirect mechanism [14] > requires that routers verify that the source address of a packet > identifies a neighbor before generating a Redirect, so it is > advantageous for hosts to choose source addresses assigned to the= > outgoing interface. Implementations that wish to support the use= > of global source addresses assigned to a loopback interface shoul= d > behave as if the loopback interface originates and forwards the > packet. >=20 > Or could I assign an explicit non-global scope to the tunnel address? > Or ... (whatever works). Any help much appreciated. >=20 Setting source address for MTA will be sufficient in this case. For example Sendmail requires ClientPortOptions to be set in .mc config file:= CLIENT_OPTIONS(`Family=3Dinet6, Addr=3D<my-network>::1') --=20 Marek Zarychta --w8hs3posPVBiwINpQHyBwh6igtE8MSeJn-- --PczUBOGNFEvpyi4slqFcTrTGqNOq9OAnS Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEMOqvKm6wKvS1/ZeCdZ/s//1SjSwFAl1BkCMACgkQdZ/s//1S jSwxMAgAqIEAH+7Ggtzbd66G5RYHDqBYH9CfdXb/wYVKjAeChyo8To6Afe7WqCVe cc0k1wjPCqk3P19s6hM47kp8/DRy+jM+MnpmLl6NgLbGVBf1/SqsbR3q7MuS++6Q doHdLgCGtspEBACwWQ3J6jQ1SiRVdt1iN1ncsz1vgGUJ5JFaXAf0St8NpLxyWaSK 81pRwNAX049A01bknwXDOIh/XH8CEhsl13lmv31O52093onz3LzwkPVFaq4jUfe1 pOIn8go/zN1TfsjmFzKY4GitScyFz/7YU0U5ZMDRbIH3CTTtS9FH7oFYw8A02c5i HZ5AKKVU0z5MgQK3vBtpXlIau/Wd2g== =xeAT -----END PGP SIGNATURE----- --PczUBOGNFEvpyi4slqFcTrTGqNOq9OAnS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?228a86f5-8c93-be6e-3847-896c89d430dc>