My int_if is configured via hostname.dc0 with an inet6 entry. The lan
get's its addresses from rtadvd running on dc0 and tun1:
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0d:9d:9b:70:d2
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::20d:9dff:fe9b:70d2%bge0 prefixlen 64 scopeid 0x1
inet 85.218.10.62 netmask 0xffffff00 broadcast 85.218.10.255
dc0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:80:ad:75:17:60
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.50.1 netmask 0xffffff00 broadcast 192.168.50.255
inet6 fe80::280:adff:fe75:1760%dc0 prefixlen 64 scopeid 0x2
inet6 2001:1620:f2e1::1 prefixlen 64
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33200
priority: 0
groups: pflog
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
priority: 0
groups: gif egress
physical address inet 85.218.10.62 --> 213.144.148.74
inet6 fe80::20d:9dff:fe9b:70d2%gif0 -> prefixlen 64 scopeid 0x7
inet6 2001:1620:f00:56::2 -> 2001:1620:f00:56::1 prefixlen 128
IC1igo Ortiz de Urbina wrote:
> This may be a stupid question but as you didnt post ifconfig output I
> have to ask. Did you configure $int_if with an IPv6 address, be it
> manually, rtadvd or any other procedure?
>
> On 1/4/11, nothingness <[email protected]> wrote:
>
>> Hi all,
>>
>> I've been trying for a few days to get my ipv6 tunnel to work from my
>> lan. I've got a sixxs.net tunnel with a /48 assigned for my lan. I can
>> connect from the router to irc networks over ipv6 but I'm unable to run
>> traffic out via the gif0 for anything originating from the lan. I can
>> also connect to the router over ipv6 for ssh stuff for ex. I'm
>> completely out of ideas on what to do to get this to work, hope someone
>> will have a suggestion. Here's my pf.conf (I'm running openbsd 4.8 with
>> a generic kernel, patched to latest release):
>>
>> ext_if="bge0"
>>
>> ipv6_if="gif0"
>> ipv6_ip="2001:1620:f00:56::2"
>> ipv6_gw="2001:1620:f00:56::1"
>> ipv6_lan="2001:1620:f2e1::/64"
>> ipv6_lan2="2001:1620:f2e3::/64"
>>
>> int_if="dc0"
>> vpn1_if="tun1"
>> vpn2_if="tun2"
>> vpn3_if="tun3"
>> tcp_services="{ 179, 2027:2037, 5002, 7777, 8296, 46411 }"
>> udp_services="{ 1194, 5003, 5501, 7777, 30000, 46411 }"
>> icmp_types="echoreq"
>> ssh_ports="{ ssh , 1194 }"
>> im_ports="{ icq, msn, ircd, ircd-ssl }"
>>
>> table <ssh-violations> persist file "/etc/ssh-violations"
>> table <spamd-white> persist
>> set block-policy drop
>> set loginterface $ipv6_if
>> set skip on lo
>> set state-policy if-bound
>>
>> match out on $ext_if inet from !($ext_if) nat-to ($ext_if)
>>
>> match in on $int_if proto tcp to ($int_if) port ftp rdr-to 127.0.0.1
>> port 8021
>> match in on $int_if proto tcp to ($int_if) port http rdr-to 127.0.0.1
>> port 3128
>> match in on $ext_if proto tcp to ($ext_if) port smtp rdr-to 127.0.0.1
>> port spamd
>> block in log
>> pass out keep state
>>
>> block drop in log on $ext_if from <ssh-violations> to any
>> block drop in log on $ipv6_if from <ssh-violations> to any
>>
>> #try ipv6 routing
>> pass quick on $ipv6_if proto {ipencap, ipv6}
>> pass quick on $ext_if proto {ipencap, ipv6}
>> pass quick on $ext_if inet6
>> pass quick on $ipv6_if inet6
>>
>> pass in on $ext_if proto udp from any to any port 1194
>> pass in inet proto icmp all icmp-type $icmp_types keep state
>> pass proto 41 from any to any keep state
>> pass quick on $int_if no state
>> pass quick on $vpn1_if no state
>> pass quick on $vpn2_if no state
>> pass quick on $vpn3_if no state
>>
>> #pass quick on $vpn_if inet proto gre any
>> pass quick from 224/7 to any keep state
>>
>>
>> Cheers,
>>
>> Noth
