Hello to all, I'm looking for possible opinions or advice regarding IPv6 setup at new VPS. Probably the most common approach is a VPS provider gives you /64 prefix length with gateway within the subnet. Works everywhere, it's also the smallest usable prefix length for use with SLAAC. However in this case, the VPS has /121 prefix length and its gateway is outside of the subnet. Something like this: VPS IP: 2001:db8:efef:aaaa:d9e:18d2:b761:0/121 GW: 2001:db8:efef::1/48
Before this OpenBSD VPS I installed another one there with Linux, where it surprisingly went without issues. Unfortunately with the BSD that setup wasn't successful. I came up with two workarounds. First I can set /48 prefix for the interface and it will work, compared to IPV4 there shouldn't be issues like with a wider mask and broadcasts and if I won't use any IP outside of the "designated" prefix, it will likely be fine. The other one is route everything via link-local address of particular gateway (eg. use address like fe80::aaaa:bbbb:cccc:dddd%vio0 which I found), it also works, but it will be sensitive for any failovers or changes on their hardware, as the link local address might change and VPS will be essentially disconnected until manual fix. Anyway I'm still curious why it was possible to set up on Linux and not on OpenBSD. I just booted CentOS live ISO at the exact same VPS and tried to debug that step-by-step without any init scripts or NetworkManager. On CentOS I can do the following steps.. $ ip -6 addr add 2001:db8:efef:aaaa:d9e:18d2:b761:0/121 dev eth0 noprefixroute $ ip -6 route add 2001:db8:efef::1 dev eth0 $ ip -6 route add default via 2001:db8:efef::1 dev eth0 Then it will work as expected, the important part is noprefixroute option at first command. This will prevent creation (and deletion) of prefix route during IP address assignment, if I omitted that, setup didn't work. On OpenBSD I tried.. $ ifconfig vio0 inet6 2001:db8:efef:aaaa:d9e:18d2:b761:0/121 $ route add -inet6 default 2001:db8:efef::1 add net default: gateway 2001:db8:efef::1: Network is unreachable Well, that sounds logical. So I tried to tell how to reach the gateway first. It should be directly accessible, so after few failed attempts and digging in man page I thought the -iface modifier with the local address of the interface as destination should do the trick. $ route add -inet6 2001:db8:efef::1 2001:db8:efef:aaaa:d9e:18d2:b761:0 -iface $ ping6 2001:db8:efef::1 PING 2001:db8:efef::1 (2001:db8:efef::1): 56 data bytes ping6: sendmsg: Invalid argument ehh.. no dice I tried a couple of other things, like adding an additional network route to /48 prefix, and experimenting with some additional flags, when adding. But it never worked. Is it impossible to achieve? Like without the equivalent of Linux noprefixroute option, there will always be an already automatically declared offending route. Or do I have some mistakes there? Thank you, Michal
