On Thu, Mar 14, 2019 at 10:36:58AM +0100, Otto Moerbeek wrote: > Hi, > > So i have a little IPv6 problem. > > I have a machine in colocation that has IPv6. I have my home cable > modem connection that does not have it. > > So I thought: I make my own tunnel. First I tried gif(4), that worked, > but only after some fighting with mtu settings on all hosts on my home > net via rad. Performance was kinda bad. So I'm looking for an > alternative. I thougt: IPSEC should be able to do this. > > I have a flow from my locally created IPv6 net to any and vice versa. > THe flow itself works. > > There I ran into the trouble that you cannot specify a default > gateway, since my remote gw (the host in colo) it is not reachable > according to route(8). > > How does one solve the default route problem? I never really > understood how routing works in the presense of IPSEC flows. >
IPSec flows steal the traffic away before it is being sent out. You still need routes in place to get to this point though. In your case adding a dummy default route should work. Never tried but I think you should be able to use the loopback for this and add a route like 'route add -inet6 default ::1' also don't forget to enable net.inet6.ip6.forwarding -- :wq Claudio
