Hello,
I have multiple ISPs plugged on my OpenBSD box, each one providing its
IPv6 address space.
I used to route outgoing streams with :
net2_if = pppoe0
ovh_v6_router = "(" $net2_if fe80::230:88ff:fe04:63c9 ")"
ovh_v6_prefix = "2001:41d0:fe4b:ec00::0/56"
table <internal6> const { $ovh_v6_prefix, $free_v6_prefix, $ripe_v6_prefix }
pass out on $net_if from $ovh_v6_prefix to !<internal6> route-to $ovh_v6_router
pass out on $tun_ifs from $ovh_v6_prefix to !<internal6> route-to $ovh_v6_router
And incoming with :
pass in on $net2_if inet6 reply-to $ovh_v6_router keep state
I replaced ovh_v6_router by fe80::230:88ff:fe04:63c9%pppoe0 to let pf
load its configuration file, but this does not seems to work:
Here are incoming packets :
fremen# tcpdump -nvv -i pppoe0 host 2001:41d0:8:91a::1
tcpdump: listening on pppoe0, link-type PPP_ETHER
17:50:30.401270 2001:41d0:8:91a::1 > 2001:41d0:fe4b:ec42:240:63ff:fec9:34a0:
icmp6: echo request (id:3a19 seq:100) [icmp6 cksum ok] (len 64, hlim 55)
17:50:31.409201 2001:41d0:8:91a::1 > 2001:41d0:fe4b:ec42:240:63ff:fec9:34a0:
icmp6: echo request (id:3a19 seq:101) [icmp6 cksum ok] (len 64, hlim 55)
Here are outgoing ones :
fremen# tcpdump -nvv -i wg2 host 2001:41d0:8:91a::1
tcpdump: listening on wg2, link-type LOOP
17:51:14.753505 2001:41d0:fe4b:ec42:240:63ff:fec9:34a0 > 2001:41d0:8:91a::1:
icmp6: echo reply (id:3a19 seq:144) [icmp6 cksum ok] [flowlabel 0xe86a] (len
64, hlim 63)
17:51:15.761535 2001:41d0:fe4b:ec42:240:63ff:fec9:34a0 > 2001:41d0:8:91a::1:
icmp6: echo reply (id:3a19 seq:145) [icmp6 cksum ok] [flowlabel 0xe86a] (len
64, hlim 63)
There is a route for 2001:41d0::/32 on wg2, that's why it takes it, but
the route-to should have forced it to exit via pppoe0, isn't it ? (wg2
is in $tun_ifs)
What's the correct syntax to make route-to works with LL addresses ?
BTW, if there's a better way of handling this source-routing problem,
I'm open to suggestions
Regards,
--
Bastien
