IPv6 default route. Can't see the wood for the trees.
hirez at libeljournal.com
Mon Aug 27 19:04:10 UTC 2012
On 27/08/2012 19:06, Christian Laursen wrote:
> On 08/27/12 18:49, John Hawkes-Reed wrote:
>> BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN.
>> IP4 works.
>> IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD
>> However, while LAN clients (XP, OSX) manage to acquire addresses with
>> the right prefix, the autoconfigured default route is a link-local
>> address. Some bits of the internet think that's ok. Other bits don't.
> Bits of the internet does not see anything about whether your default
> gateway is link-local or not and do not care.
> The default gateway on the box that I'm writing this from is link-local
> and IPv6 works quite nicely.
>> Trying to ping6/traceroute6 out to (say) Google works on the BSD box,
>> but not on the clients.
>> Do I need to be running a routing daemon, or is there some ip6
>> handwaving I'm missing?
> If you are running pf or another firewall, you should have rules that
> allow traffic to pass through.
Yep. firewall_type="OPEN" - I wondered if 'allow ip from any to any'
included ipv6, and it would seem that it does.
>> (I'm not convinced that obfuscating the addresses is worth the confusion)
>> gifconfig_gif0="192.168.1.100 220.127.116.11"
>> ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1
>> prefixlen 128"
>> ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64"
>> ifconfig_rl0_ipv6="inet6 2001:470:1f0b:b5a::3 prefixlen 64
> It looks like you are trying to use the /64 used for your tunnel on the
> inside network. That's probably what causes the problem.
> You should use the "Routed /64" on the inside. If you need more than one
> /64, you can request a /48.
I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B:
> I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed
> it and I run a setup similar to what you describe.
More information about the freebsd-stable