Hello list,
I have working IPv4 OpenBSD router. There are no problems with native IPv4 and
IPv6 traffic filtering/redirecting at all.
Now stuck with filtering IPv4 traffic encapsulated in IPv6 tunnel using gif
interface.
IPv6 interface is tun0 which has assigned unique IPv6 address, and gif0 has the
same unique IPv6 as tun0 with wrapped IPv4 into IPv6 as shows in configs.
The same configuration from the opposite side, except IPv4 and IPv6 source and
destination addresses reversed to make a tunnel.
I'm not sure if I needed to use a bridge between tun0 and gif0 to have it
working.
Looking for appropriate PF filtering rule to pass IPv4 encapsulated traffic
appearing on tun0 and blocks by "block all" PF rule for some reason.
Any ideas welcome.
=== Side-a ===
# cat /etc/hostname.gif0
# gif0
up
description 'IPv4 over IPv6 tunnel'
# tunnel [src IPv6] [dst IPv6]
tunnel dddd:cccc:bbbb:aaaa::18b5 aaaa:bbbb:cccc:dddd::a503
inet alias 10.190.0.1
dest 10.190.0.2
# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
index 44 priority 0 llprio 3
groups: tun
status: active
inet6 fe80::5054:ffc:fe04:f824%tun0 -> prefixlen 64 scopeid 0x2c
inet6 dddd:cccc:bbbb:aaaa::18b5 -> prefixlen 48
=== Side-b ===
# cat /etc/hostname.gif0
# gif0
up
description 'IPv4 over IPv6 tunnel'
# tunnel [src IPv6] [dst IPv6]
tunnel aaaa:bbbb:cccc:dddd::a503 dddd:cccc:bbbb:aaaa::18b5
inet alias 10.190.0.2
dest 10.190.0.1
# ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
index 44 priority 0 llprio 3
groups: tun
status: active
inet6 fe80::2a15:f3af:fefb:a3b0%tun0 -> prefixlen 64 scopeid 0x2c
inet6 aaaa:bbbb:cccc:dddd::a503 -> prefixlen 48
