Re: [Solved, I think] IPv6 default route. Can't see the wood for the trees.
On 28/08/2012 02:23, Mark Andrews wrote: In message <503bcb0a.6000...@freebsd.org>, Doug Barton writes: On 8/27/2012 12:27 PM, Christian Laursen wrote: On 08/27/12 21:03, John Hawkes-Reed wrote: On 27/08/2012 19:06, Christian Laursen wrote: On 08/27/12 18:49, John Hawkes-Reed wrote: rc.conf: (I'm not convinced that obfuscating the addresses is worth the confusion) ipv6_gateway_enable="YES" ip6addrctl_verbose="YES" rtadvd_enable="YES" rtadvd_interfaces="rl0" ipv6_cpe_wanif="pcn0" ipv6_defaultrouter="2001:470:1f0a:b5a::1" gif_interfaces="gif0" gifconfig_gif0="192.168.1.100 216.66.80.30" ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 prefixlen 128" ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: Sorry, my bad. Are pcn0 and rl0 both connected to internal networks? Having the same /64 configured on both is probably bad. Why would it be? Unless you bridge the two interface, yes. Which interface do you start ND on? For the OP, here is my ipv6 configuration. tx0 is the internal net and is running with ULA as well as the /64 from HE. sis0 is the external cable connection. gif0 is the tunneled connection back to HE. sft0 sends 6to4 reply traffic directly it is out bound only. % ifconfig -a inet6 tx0: flags=28943 mtu 1500 inet6 fe80::2e0:29ff:fe19:c02d%tx0 prefixlen 64 scopeid 0x1 inet6 2001:470:1f00:820:2e0:29ff:fe19:c02d prefixlen 64 inet6 2001:470:1f00:820:: prefixlen 64 anycast inet6 fd92:7065:b8e:0:2e0:29ff:fe19:c02d prefixlen 64 inet6 fd92:7065:b8e:: prefixlen 64 anycast sis0: flags=8843 mtu 1500 inet6 fe80::209:5bff:fe1e:e13e%sis0 prefixlen 64 scopeid 0x2 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gif0: flags=8051 mtu 1280 tunnel inet 211.30.172.21 --> 64.71.128.82 inet6 fe80::2e0:29ff:fe19:c02d%gif0 prefixlen 64 scopeid 0x8 inet6 2001:470:1f00:::5a1 --> 2001:470:1f00:::5a0 prefixlen 128 stf0: flags=1001 mtu 1280 inet6 2002:d31e:ac15:: prefixlen 16 anycast Not hand-configuring the external i/f seems to be the fix. In that I have spent a cheerful few hours chopping stuff from rc.conf and rebooting, and that appeared to toggle the failure. Thank you all for your patience. -- JH-R ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
> On 8/27/2012 12:27 PM, Christian Laursen wrote: >> On 08/27/12 21:03, John Hawkes-Reed wrote: >>> On 27/08/2012 19:06, Christian Laursen wrote: On 08/27/12 18:49, John Hawkes-Reed wrote: > rc.conf: > > (I'm not convinced that obfuscating the addresses is worth the > confusion) > > ipv6_gateway_enable="YES" > ip6addrctl_verbose="YES" > rtadvd_enable="YES" > rtadvd_interfaces="rl0" > ipv6_cpe_wanif="pcn0" > ipv6_defaultrouter="2001:470:1f0a:b5a::1" > gif_interfaces="gif0" > gifconfig_gif0="192.168.1.100 216.66.80.30" > ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 > prefixlen 128" > ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" > ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 > -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. >>> >>> I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: >> >> Sorry, my bad. >> >> Are pcn0 and rl0 both connected to internal networks? >> >> Having the same /64 configured on both is probably bad. > > Why would it be? > > > -- You can't have the exact same prefix on two different interfaces, there's no way to decide where to route traffic going to that prefix if there's two equal routes in the routing table. -Kimmo ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
In message <503bcb0a.6000...@freebsd.org>, Doug Barton writes: > On 8/27/2012 12:27 PM, Christian Laursen wrote: > > On 08/27/12 21:03, John Hawkes-Reed wrote: > >> On 27/08/2012 19:06, Christian Laursen wrote: > >>> On 08/27/12 18:49, John Hawkes-Reed wrote: > rc.conf: > > (I'm not convinced that obfuscating the addresses is worth the > confusion) > > ipv6_gateway_enable="YES" > ip6addrctl_verbose="YES" > rtadvd_enable="YES" > rtadvd_interfaces="rl0" > ipv6_cpe_wanif="pcn0" > ipv6_defaultrouter="2001:470:1f0a:b5a::1" > gif_interfaces="gif0" > gifconfig_gif0="192.168.1.100 216.66.80.30" > ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 > prefixlen 128" > ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" > ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 > -accept_rtadv" > >>> > >>> It looks like you are trying to use the /64 used for your tunnel on the > >>> inside network. That's probably what causes the problem. > >>> > >>> You should use the "Routed /64" on the inside. If you need more than one > >>> /64, you can request a /48. > >> > >> I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: > > > > Sorry, my bad. > > > > Are pcn0 and rl0 both connected to internal networks? > > > > Having the same /64 configured on both is probably bad. > > Why would it be? Unless you bridge the two interface, yes. Which interface do you start ND on? For the OP, here is my ipv6 configuration. tx0 is the internal net and is running with ULA as well as the /64 from HE. sis0 is the external cable connection. gif0 is the tunneled connection back to HE. sft0 sends 6to4 reply traffic directly it is out bound only. % ifconfig -a inet6 tx0: flags=28943 mtu 1500 inet6 fe80::2e0:29ff:fe19:c02d%tx0 prefixlen 64 scopeid 0x1 inet6 2001:470:1f00:820:2e0:29ff:fe19:c02d prefixlen 64 inet6 2001:470:1f00:820:: prefixlen 64 anycast inet6 fd92:7065:b8e:0:2e0:29ff:fe19:c02d prefixlen 64 inet6 fd92:7065:b8e:: prefixlen 64 anycast sis0: flags=8843 mtu 1500 inet6 fe80::209:5bff:fe1e:e13e%sis0 prefixlen 64 scopeid 0x2 lo0: flags=8049 mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 gif0: flags=8051 mtu 1280 tunnel inet 211.30.172.21 --> 64.71.128.82 inet6 fe80::2e0:29ff:fe19:c02d%gif0 prefixlen 64 scopeid 0x8 inet6 2001:470:1f00:::5a1 --> 2001:470:1f00:::5a0 prefixlen 128 stf0: flags=1001 mtu 1280 inet6 2002:d31e:ac15:: prefixlen 16 anycast % -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 8/27/2012 12:27 PM, Christian Laursen wrote: > On 08/27/12 21:03, John Hawkes-Reed wrote: >> On 27/08/2012 19:06, Christian Laursen wrote: >>> On 08/27/12 18:49, John Hawkes-Reed wrote: rc.conf: (I'm not convinced that obfuscating the addresses is worth the confusion) ipv6_gateway_enable="YES" ip6addrctl_verbose="YES" rtadvd_enable="YES" rtadvd_interfaces="rl0" ipv6_cpe_wanif="pcn0" ipv6_defaultrouter="2001:470:1f0a:b5a::1" gif_interfaces="gif0" gifconfig_gif0="192.168.1.100 216.66.80.30" ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 prefixlen 128" ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" >>> >>> It looks like you are trying to use the /64 used for your tunnel on the >>> inside network. That's probably what causes the problem. >>> >>> You should use the "Routed /64" on the inside. If you need more than one >>> /64, you can request a /48. >> >> I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: > > Sorry, my bad. > > Are pcn0 and rl0 both connected to internal networks? > > Having the same /64 configured on both is probably bad. Why would it be? -- I am only one, but I am one. I cannot do everything, but I can do something. And I will not let what I cannot do interfere with what I can do. -- Edward Everett Hale, (1822 - 1909) ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 08/27/12 21:03, John Hawkes-Reed wrote: On 27/08/2012 19:06, Christian Laursen wrote: On 08/27/12 18:49, John Hawkes-Reed wrote: rc.conf: (I'm not convinced that obfuscating the addresses is worth the confusion) ipv6_gateway_enable="YES" ip6addrctl_verbose="YES" rtadvd_enable="YES" rtadvd_interfaces="rl0" ipv6_cpe_wanif="pcn0" ipv6_defaultrouter="2001:470:1f0a:b5a::1" gif_interfaces="gif0" gifconfig_gif0="192.168.1.100 216.66.80.30" ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 prefixlen 128" ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: Sorry, my bad. Are pcn0 and rl0 both connected to internal networks? Having the same /64 configured on both is probably bad. -- Christian Laursen ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 27/08/2012 19:06, Christian Laursen wrote: On 08/27/12 18:49, John Hawkes-Reed wrote: BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. IP4 works. IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box. However, while LAN clients (XP, OSX) manage to acquire addresses with the right prefix, the autoconfigured default route is a link-local address. Some bits of the internet think that's ok. Other bits don't. Bits of the internet does not see anything about whether your default gateway is link-local or not and do not care. The default gateway on the box that I'm writing this from is link-local and IPv6 works quite nicely. Aha. Good. Trying to ping6/traceroute6 out to (say) Google works on the BSD box, but not on the clients. Do I need to be running a routing daemon, or is there some ip6 handwaving I'm missing? If you are running pf or another firewall, you should have rules that allow traffic to pass through. Yep. firewall_type="OPEN" - I wondered if 'allow ip from any to any' included ipv6, and it would seem that it does. rc.conf: (I'm not convinced that obfuscating the addresses is worth the confusion) ipv6_gateway_enable="YES" ip6addrctl_verbose="YES" rtadvd_enable="YES" rtadvd_interfaces="rl0" ipv6_cpe_wanif="pcn0" ipv6_defaultrouter="2001:470:1f0a:b5a::1" gif_interfaces="gif0" gifconfig_gif0="192.168.1.100 216.66.80.30" ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 prefixlen 128" ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B: I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed it and I run a setup similar to what you describe. -- JH-R ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 08/27/12 18:49, John Hawkes-Reed wrote: BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. IP4 works. IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box. However, while LAN clients (XP, OSX) manage to acquire addresses with the right prefix, the autoconfigured default route is a link-local address. Some bits of the internet think that's ok. Other bits don't. Bits of the internet does not see anything about whether your default gateway is link-local or not and do not care. The default gateway on the box that I'm writing this from is link-local and IPv6 works quite nicely. Trying to ping6/traceroute6 out to (say) Google works on the BSD box, but not on the clients. Do I need to be running a routing daemon, or is there some ip6 handwaving I'm missing? If you are running pf or another firewall, you should have rules that allow traffic to pass through. rc.conf: (I'm not convinced that obfuscating the addresses is worth the confusion) ipv6_gateway_enable="YES" ip6addrctl_verbose="YES" rtadvd_enable="YES" rtadvd_interfaces="rl0" ipv6_cpe_wanif="pcn0" ipv6_defaultrouter="2001:470:1f0a:b5a::1" gif_interfaces="gif0" gifconfig_gif0="192.168.1.100 216.66.80.30" ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 prefixlen 128" ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" It looks like you are trying to use the /64 used for your tunnel on the inside network. That's probably what causes the problem. You should use the "Routed /64" on the inside. If you need more than one /64, you can request a /48. I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed it and I run a setup similar to what you describe. -- Christian Laursen ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 2012-08-27 19:22, John Hawkes-Reed wrote: The man page seemed to suggest that the defaults should work: Try this option for each interface. Given that it's present in my config, it must've been necessary to use for a one reason or other. addr(str) The address filled into Prefix field. Since “:” is used for termcap(5) file format as well as IPv6 numeric address, the field MUST be quoted by doublequote character. Sorry I couldn't be much help. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 27/08/2012 17:56, Stanisław Halik wrote: On 2012-08-27 18:49, John Hawkes-Reed wrote: I'm sure this is a FAQ, but I've been staring at it too long to spot the obvious. rtadvd_interfaces="rl0" Show also /etc/rtadvd.conf. Here's mine: kronstadt ~# cat /etc/rtadvd.conf vr0::rdnss="2001:470:600d:dead::1":dnssl="misaki.pl":addr="2001:470:600d:dead::": vr2::rdnss="2001:470:600d:cafe::1":dnssl="misaki.pl":addr="2001:470:600d:cafe::": The man page seemed to suggest that the defaults should work: # rtadvctl -v show rl0: flags= status= mtu 1500 DefaultLifetime: 30m MinAdvInterval/MaxAdvInterval: 3m20s/10m AdvLinkMTU: , Flags: , Preference: medium ReachableTime: 0s, RetransTimer: 0s, CurHopLimit: 64 AdvIfPrefixes: yes Next RA send: Mon Aug 27 18:24:48 2012 Last RA sent: Mon Aug 27 18:17:28 2012 Prefixes (1): 2001:470:1f0b:b5a::/64 (KERNEL, vltime=30d, pltime=7d, flags=LA) Show also ifconfig for rl0, which should be the local interface. rl0: flags=8843 metric 0 mtu 1500 options=8 ether 00:20:18:8c:4e:8c inet 172.16.0.2 netmask 0xff00 broadcast 172.16.0.255 inet6 fe80::220:18ff:fe8c:4e8c%rl0 prefixlen 64 scopeid 0x3 inet6 2001:470:1f0b:b5a::3 prefixlen 64 nd6 options=21 media: Ethernet autoselect (100baseTX ) status: active -- JH-R ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: IPv6 default route. Can't see the wood for the trees.
On 2012-08-27 18:49, John Hawkes-Reed wrote: I'm sure this is a FAQ, but I've been staring at it too long to spot the obvious. rtadvd_interfaces="rl0" Show also /etc/rtadvd.conf. Here's mine: kronstadt ~# cat /etc/rtadvd.conf vr0::rdnss="2001:470:600d:dead::1":dnssl="misaki.pl":addr="2001:470:600d:dead::": vr2::rdnss="2001:470:600d:cafe::1":dnssl="misaki.pl":addr="2001:470:600d:cafe::": Show also ifconfig for rl0, which should be the local interface. ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
IPv6 default route. Can't see the wood for the trees.
I'm sure this is a FAQ, but I've been staring at it too long to spot the obvious. BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. IP4 works. IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box. However, while LAN clients (XP, OSX) manage to acquire addresses with the right prefix, the autoconfigured default route is a link-local address. Some bits of the internet think that's ok. Other bits don't. Trying to ping6/traceroute6 out to (say) Google works on the BSD box, but not on the clients. Do I need to be running a routing daemon, or is there some ip6 handwaving I'm missing? rc.conf: (I'm not convinced that obfuscating the addresses is worth the confusion) ipv6_gateway_enable="YES" ip6addrctl_verbose="YES" rtadvd_enable="YES" rtadvd_interfaces="rl0" ipv6_cpe_wanif="pcn0" ipv6_defaultrouter="2001:470:1f0a:b5a::1" gif_interfaces="gif0" gifconfig_gif0="192.168.1.100 216.66.80.30" ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 prefixlen 128" ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64" ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv" -- JH-R ___ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"