Re: IPv6 default route. Can't see the wood for the trees.

Mon, 27 Aug 2012 12:05:00 -0700 

On 27/08/2012 19:06, Christian Laursen wrote:

On 08/27/12 18:49, John Hawkes-Reed wrote:

BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN.
IP4 works.

IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD
box.

However, while LAN clients (XP, OSX) manage to acquire addresses with
the right prefix, the autoconfigured default route is a link-local
address. Some bits of the internet think that's ok. Other bits don't.


Bits of the internet does not see anything about whether your default
gateway is link-local or not and do not care.

The default gateway on the box that I'm writing this from is link-local
and IPv6 works quite nicely.


Aha. Good.




Trying to ping6/traceroute6 out to (say) Google works on the BSD box,
but not on the clients.

Do I need to be running a routing daemon, or is there some ip6
handwaving I'm missing?


If you are running pf or another firewall, you should have rules that
allow traffic to pass through.
Yep. firewall_type="OPEN" - I wondered if 'allow ip from any to any' included ipv6, and it would seem that it does. 


rc.conf:

(I'm not convinced that obfuscating the addresses is worth the confusion)

ipv6_gateway_enable="YES"
ip6addrctl_verbose="YES"
rtadvd_enable="YES"
rtadvd_interfaces="rl0"
ipv6_cpe_wanif="pcn0"
ipv6_defaultrouter="2001:470:1f0a:b5a::1"
gif_interfaces="gif0"
gifconfig_gif0="192.168.1.100 216.66.80.30"
ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1
prefixlen 128"
ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64"
ifconfig_rl0_ipv6="inet6  2001:470:1f0b:b5a::3 prefixlen 64
-accept_rtadv"


It looks like you are trying to use the /64 used for your tunnel on the
inside network. That's probably what causes the problem.

You should use the "Routed /64" on the inside. If you need more than one
/64, you can request a /48.


I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B:


I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed
it and I run a setup similar to what you describe.




--
JH-R
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[email protected]"

Reply via email to