On Tue, Jun 17, 2025 at 08:09:01PM +0200, Manuel Kuklinski wrote:
> Hi!
>
> After banging my head over a problem (I can't seem to be able to
> successfully establish an IPv6 tunnel over IPv6 with gre(4)), I consulted
> chatgpt.com (I know, I know...). On there, the AI model states that
> gre(4) only supports tunneling over IPv4. After reading the man page, I
> came across the following paragraph:
>
> "The gre pseudo-device provides interfaces for tunnelling protocols
> across IPv4 and IPv6 networks using the Generic Routing Encapsulation
> (GRE) encapsulation protocol."
>
> I read this as IPv6 over IPv6 *is* possible; but at the same time, there
> is only a sysctl switch "net.inet.gre.allow", whereas other sysctl
> switches, enabling different IPv6 routing capabilities, use
> "net.inet6[...]". So?
>
> Thank you for your time and clarifying the issue...
i hope i can do better than your hallucination machine.
the net.inet.gre.allow=1 enables gre processing for both ipv4 and
ipv6.
gre(4) does support ipv6 both as the tunnel addresses and as the
tunelled traffic. i just verified it myself here:
dlg@bgp0 ~$ ifconfig gre6
gre6: flags=248051<UP,POINTOPOINT,RUNNING,MULTICAST,AUTOCONF6TEMP,AUTOCONF6>
mtu 1476
index 7 priority 0 llprio 6
encap: vnetid none txprio payload rxprio packet
groups: gre
tunnel: inet6 2001:db8:602:307:c153:217c:4841:6ec4 -->
2001:db8:602:307:2387:f6e:62ac:a02 ttl 64 nodf ecn
inet6 fe80::250:56ff:fea1:5dc3%gre6 --> prefixlen 64 scopeid 0x7
dlg@bgp1 ~$ ifconfig gre6
gre6: flags=248051<UP,POINTOPOINT,RUNNING,MULTICAST,AUTOCONF6TEMP,AUTOCONF6>
mtu 1476
index 8 priority 0 llprio 6
encap: vnetid none txprio payload rxprio packet
groups: gre
tunnel: inet6 2001:db8:602:307:2387:f6e:62ac:a02 -->
2001:db8:602:307:c153:217c:4841:6ec4 ttl 64 nodf ecn
inet6 fe80::250:56ff:fea1:aebe%gre6 --> prefixlen 64 scopeid 0x8
so if i run ping6 -c 3 fe80::250:56ff:fea1:5dc3%gre6 on bgp1 and
tcpdump on bgp0, i see this:
08:39:28.393009 2001:db8:602:307:2387:f6e:62ac:a02 >
2001:db8:602:307:c153:217c:4841:6ec4: gre fe80::250:56ff:fea1:aebe >
fe80::250:56ff:fea1:5dc3: icmp6: echo request [flowlabel 0x254]
08:39:28.393113 2001:db8:602:307:c153:217c:4841:6ec4 >
2001:db8:602:307:2387:f6e:62ac:a02: gre fe80::250:56ff:fea1:5dc3 >
fe80::250:56ff:fea1:aebe: icmp6: echo reply [flowlabel 0xe7]
08:39:29.395019 2001:db8:602:307:2387:f6e:62ac:a02 >
2001:db8:602:307:c153:217c:4841:6ec4: gre fe80::250:56ff:fea1:aebe >
fe80::250:56ff:fea1:5dc3: icmp6: echo request [flowlabel 0x254]
08:39:29.395114 2001:db8:602:307:c153:217c:4841:6ec4 >
2001:db8:602:307:2387:f6e:62ac:a02: gre fe80::250:56ff:fea1:5dc3 >
fe80::250:56ff:fea1:aebe: icmp6: echo reply [flowlabel 0xe7]
08:39:30.394720 2001:db8:602:307:2387:f6e:62ac:a02 >
2001:db8:602:307:c153:217c:4841:6ec4: gre fe80::250:56ff:fea1:aebe >
fe80::250:56ff:fea1:5dc3: icmp6: echo request [flowlabel 0x254]
08:39:30.394835 2001:db8:602:307:c153:217c:4841:6ec4 >
2001:db8:602:307:2387:f6e:62ac:a02: gre fe80::250:56ff:fea1:5dc3 >
fe80::250:56ff:fea1:aebe: icmp6: echo reply [flowlabel 0xe7]
the tunnel addresses must be local ips on each of the endpoints. tcpdump
is your friend.
cheers,
dlg
