[Bug 199489] NAT with IPv6 and PF round robins between external address and link-local address
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Apr 16 22:46:32 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199489
Bug ID: 199489
Summary: NAT with IPv6 and PF round robins between external
address and link-local address
Product: Base System
Version: 10.1-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Some People
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: freebsd at monkeyspunk.net
Using NAT with IPv6 round robins each tcp session between link-local and the
actual external IP.
My setup is using openconnect attached to tun1 to allow my local private
network access over the VPN to our data centers. From the remote side I am
getting both and IPv4 and an IPv6 address (single address in both instances).
So in order for my local network to communicate with the remote side I have to
NAT everything to the address that tun1 gets assigned.
What I am observing is that every other connection using IPv6 and NAT works.
The ones that work end up using the public IPv6 IP address. The ones that
don't end up with a NAT of the link-local address.
The pf.conf rule that is triggering this behavior is:
nat on tun1 inet6 from fc00::c0a8:fa00/120 to any -> (tun1)
The expected behavior would be to ignore the link-local address. Or better yet
have (tun1:0) reference the routable IP and not link-local.
I have found a reference in the email lists to this problem with a possible
patch:
http://lists.freebsd.org/pipermail/freebsd-pf/2014-September/007441.html
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list