IPv6 default route. Can't see the wood for the trees.

Christian Laursen xi at borderworlds.dk
Mon Aug 27 18:06:34 UTC 2012

On 08/27/12 18:49, John Hawkes-Reed wrote:
> BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN.
> IP4 works.
> IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box.
> However, while LAN clients (XP, OSX) manage to acquire addresses with
> the right prefix, the autoconfigured default route is a link-local
> address. Some bits of the internet think that's ok. Other bits don't.

Bits of the internet does not see anything about whether your default 
gateway is link-local or not and do not care.

The default gateway on the box that I'm writing this from is link-local 
and IPv6 works quite nicely.

> Trying to ping6/traceroute6 out to (say) Google works on the BSD box,
> but not on the clients.
> Do I need to be running a routing daemon, or is there some ip6
> handwaving I'm missing?

If you are running pf or another firewall, you should have rules that 
allow traffic to pass through.

> rc.conf:
> (I'm not convinced that obfuscating the addresses is worth the confusion)
> ipv6_gateway_enable="YES"
> ip6addrctl_verbose="YES"
> rtadvd_enable="YES"
> rtadvd_interfaces="rl0"
> ipv6_cpe_wanif="pcn0"
> ipv6_defaultrouter="2001:470:1f0a:b5a::1"
> gif_interfaces="gif0"
> gifconfig_gif0=""
> ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1
> prefixlen 128"
> ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64"
> ifconfig_rl0_ipv6="inet6  2001:470:1f0b:b5a::3 prefixlen 64 -accept_rtadv"

It looks like you are trying to use the /64 used for your tunnel on the 
inside network. That's probably what causes the problem.

You should use the "Routed /64" on the inside. If you need more than one 
/64, you can request a /48.

I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed 
it and I run a setup similar to what you describe.

Christian Laursen

More information about the freebsd-stable mailing list