> On Feb 6, 2022, at 12:07 PM, Mike Fischer <fischer+o...@lavielle.com> wrote:
>
> Hi Łukasz,
>
>>> Am 06.02.2022 um 12:08 schrieb Łukasz Moskała <l...@lukaszmoskala.pl>:
>>>
>>> W dniu 6.02.2022 o 05:28, Mike Fischer pisze:
>>> OpenBSD 7.0 stable amf64
>>> My host has two ethernet interfaces, em0 and em1.
>>> Note: The host is a VM with two virtual interfaces.
>>> Both interfaces are configured like this for IPv6 in the /etc/hostname.em0
>>> and /etc/hostname.em1 files:
>>> inet6 autoconf -temporary -soii
>>> They are connected to the same LAN and each produces a unique IPv6 address
>>> using the same prefix and an EUI64 interface identifier as expected*.
>>> $ ifconfig em0|grep inet6|grep -vE '(fe80:| fd|temporary|deprecated)'
>>> inet6 2001:db8::20c:29ff:fd9c:4b7 prefixlen 64 autoconf pltime 1070
>>> vltime 7043
>>> $ ifconfig em1|grep inet6|grep -vE '(fe80:| fd|temporary|deprecated)‘
>>> inet6 2001:db8::20c:29ff:fd9c:4c1 prefixlen 64 autoconf pltime 1032
>>> vltime 7005
>>> DNS records have been set up*:
>>> $ dig +short a.example.com aaaa
>>> 2001:db8::20c:29ff:fd9c:4b7
>>> $ dig +short b.example.com aaaa
>>> 2001:db8::20c:29ff:fd9c:4c1
>>> $
>>> My httpd.conf looks like this*:
>>> ipa = "2001:db8::20c:29ff:fd9c:4b7"
>>> ipb = "2001:db8::20c:29ff:fd9c:4c1"
>>> server "a.example.com" {
>>> listen on $ipa port 80
>>> directory index index.html
>>> location "/*" {
>>> root "/htdocs/a"
>>> }
>>> }
>>> server "b.example.com" {
>>> listen on $ipb port 80
>>> directory index index.html
>>> location "/*" {
>>> root "/htdocs/b"
>>> }
>>> }
>>> /var/www/htdocs/a/index.html and /var/www/htdocs/b/index.html exist and
>>> each contains a minimal HTML page.
>>> httpd -n sees no problem.
>>> rcctl start httpd works fine.
>>> However trying to access http://a.example.com or
>>> http://[2001:db8::20c:29ff:fd9c:4b7] gets a timeout.
>>> Accessing http://b.example.com or http://[2001:db8::20c:29ff:fd9c:4c1]
>>> works fine.
>>> Trying to find the cause I checked:
>>> $ netstat -an|grep LISTEN
>>> …
>>> tcp6 0 0 2001:db8::.80 *.* LISTEN
>>> tcp6 0 0 2001:db8::.80 *.* LISTEN
>>> …
>>> $
>>> Which seems weird because only the prefix is listed not the complete IPv6
>>> addresses.
>>> Am I seeing a bug or is my expectation that both servers (virtual hosts)
>>> work wrong?
>>> *) Hostnames and IPs anonymized.
>>> Thanks!
>>> Mike
>>
>> "They are connected to the same LAN"
>> This is most likely your problem. Having two IPs on two interfaces in the
>> same subnet will usually cause problems. Most likely you also have two
>> default routes.
>
> Yes, you are right. There are 2 default routes for IPv6.
>
> Not sure why IPv6 works like this but that’s what I’m trying to learn. I am
> using this machine as a test bed for figuring out IPv6. My expectation was
> that IPv6 would work just like IPv4 in this scenario.
>
> Note: For IPv4 the same setup works fine, yielding a web server that serves
> both a.example.com and b.example.com on different IPs. The expectation would
> be that replies would be send through the same interface the request came in
> on. IPv4 has the drawback that I only have 1 public IPv4 address. So I need
> to differentiate bei port number on the Internet side of my router to map to
> the correct LAN IP.
>
> So I learned something here, which was my goal. Thanks!
>
>
>> You can work around it by putting both interfaces in diffrent rdomains, then
>> running two httpd instances, one in rdomain with first IP, second in rdomain
>> with second IP.
>
This will work. You can use PF rules to cross rdomains if you require.
> I’ll look into this (more as a way to learn more about how this works than to
> actually fill a pressing need). Thanks for the idea.
>
>
>> Or, assign both IPs statically to em0 (one with prefix /64, second with
>> prefix /128), then remove em1 - I'm 99% sure this will solve your problem.
>
> Yes. But in my experimental setup this would not be practical because the
> IPv6 prefix is dynamic. Assigning a static IPv6 address will cease to work
> when the prefix changes, at least for connections from the Internet. There
> are issues with the setup of port forwarding on my router as well. I thought
> I could get around all of these issues by using the second interface.
>
> For this experiment the goal was get a single host to serve two websites on
> separate IPv6 addresses. All this in a LAN setting where the public IPv6
> prefix is dynamic. Getting it to work short term is easy using static IPs.
> But ensuring it will work across prefix changes is more complicated. I do
> have a script that triggers on prefix changes and could be used to adjust the
> static IPs and the httpd.conf as needed. I don’t much like that solution
> though.
>
>
> Thanks for your reply!
>
>
> Mike
>
