From owner-freebsd-questions@freebsd.org Fri Jun 10 20:39:52 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A3CABAEF2EE; Fri, 10 Jun 2016 20:39:52 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail.allbsd.org (gatekeeper.allbsd.org [IPv6:2001:2f0:104:e001::32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.allbsd.org", Issuer "RapidSSL SHA256 CA - G3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 48D872A65; Fri, 10 Jun 2016 20:39:51 +0000 (UTC) (envelope-from hrs@FreeBSD.org) Received: from mail-d.allbsd.org ([IPv6:2400:402e:a012:6300:58:65ff:fe00:b0b]) (authenticated bits=56) by mail.allbsd.org (8.15.2/8.15.2) with ESMTPSA id u5AKdY5q029049 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL) (Client CN "/OU=GT07882699/OU=See+20www.rapidssl.com/resources/cps+20+28c+2915/OU=Domain+20Control+20Validated+20-+20RapidSSL+28R+29/CN=*.allbsd.org", Issuer "/C=US/O=GeoTrust+20Inc./CN=RapidSSL+20SHA256+20CA+20-+20G3"); Sat, 11 Jun 2016 05:39:45 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from alph.allbsd.org ([IPv6:2400:402e:a012:6300:16:ceff:fe34:2700]) by mail-d.allbsd.org (8.15.2/8.15.2) with ESMTPS id u5AKdXtc094944 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 11 Jun 2016 05:39:33 +0900 (JST) (envelope-from hrs@FreeBSD.org) Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0) by alph.allbsd.org (8.15.2/8.15.2) with ESMTPA id u5AKdUDd094941; Sat, 11 Jun 2016 05:39:33 +0900 (JST) (envelope-from hrs@FreeBSD.org) Date: Sat, 11 Jun 2016 05:37:59 +0900 (JST) Message-Id: <20160611.053759.1734517365141755226.hrs@allbsd.org> To: stdin@niklaas.eu Cc: freebsd-net@freebsd.org, freebsd-questions@freebsd.org Subject: Re: And what about ipv6_defaultrouter? From: Hiroki Sato In-Reply-To: <20160610191828.GE2817@box-hlm-03.niklaas.eu> References: <20160610071254.GC2817@box-hlm-03.niklaas.eu> <20160610.225031.1318863285679295699.hrs@allbsd.org> <20160610191828.GE2817@box-hlm-03.niklaas.eu> X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530 FFD7 4F2C D3D8 2793 CF2D X-Mailer: Mew version 6.7 on Emacs 24.5 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Multipart/Signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="--Security_Multipart(Sat_Jun_11_05_37_59_2016_984)--" Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.99 at gatekeeper.allbsd.org X-Virus-Status: Clean X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (mail.allbsd.org [IPv6:2001:2f0:104:e001::32]); Sat, 11 Jun 2016 05:39:47 +0900 (JST) X-Spam-Status: No, score=-96.6 required=13.0 tests=CONTENT_TYPE_PRESENT, QENCPTR1,RCVD_IN_AHBL,RCVD_IN_AHBL_PROXY,RCVD_IN_AHBL_SPAM,RCVD_IN_CHINA, RCVD_IN_CHINA_KR,RCVD_IN_TAIWAN,RDNS_NONE,SPF_SOFTFAIL,USER_IN_WHITELIST autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on gatekeeper.allbsd.org X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Jun 2016 20:39:52 -0000 ----Security_Multipart(Sat_Jun_11_05_37_59_2016_984)-- Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Niklaas Baudet von Gersdorff wrote in <20160610191828.GE2817@box-hlm-03.niklaas.eu>: st> Hiroki Sato [2016-06-10 22:50 +0900] : st> st> > A router does not accept RAs (more strictly, default route st> > information in RA) because it is a sender of RAs. However, some st> > devices such as CPE need to behave like a host for the uplink and a st> > router for the LAN. In that case, an interface on the WAN side has st> > to accept RAs and one on the LAN side has to send RAs. st> > st> > On FreeBSD, there is a knob to support it. Set the following st> > variable to rc.conf in addition to your current configuration: st> > st> > ipv6_cpe_wanif="vtnet0" st> st> Thanks a lot for pointing that out! I think I read about the variable st> somewhere but I was not sure what it actually does. Is there some place st> where I can find more detailed explanation about rc.conf and sysctl st> settings except man? Unfortunately there is no documentation other than manual page because this is a bit tricky. rc.conf(5) explains as follows: ---- ipv6_cpe_wanif (str) If the variable is set to an interface name, the ifconfig(8) options ``inet6 -no_radr accept_rtadv'' will be added to the specified interface automatically before evalu- ating ifconfig__ipv6, and two sysctl(8) variables net.inet6.ip6.rfc6204w3 and net.inet6.ip6.no_radr will be set to 1. This means the specified interface will accept ICMPv6 Router Advertisement messages on that link and add the discovered routers into the Default Router List. While the other inter- faces can still accept RA messages if the ``inet6 accept_rtadv'' option is specified, adding routes into the Default Router List will be disabled by ``inet6 no_radr'' option by default. See ifconfig(8) for more details. Note that ICMPv6 Router Advertisement messages will be accepted even when net.inet6.ip6.forwarding is 1 (packet forwarding is enabled) when net.inet6.ip6.rfc6204w3 is set to 1. Default is ``NO''. ---- -- Hiroki ----Security_Multipart(Sat_Jun_11_05_37_59_2016_984)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAldbJScACgkQTyzT2CeTzy3ZWQCghXV4n+OIhgeKSe2TOflxjj8T QCkAmwd3RS7bqAFWVunG5C3tQS62mGlt =44DZ -----END PGP SIGNATURE----- ----Security_Multipart(Sat_Jun_11_05_37_59_2016_984)----