> On 10 May 2021, at 8:05 pm, Bastien Durel <bast...@geekwu.org> wrote:
>
> Le samedi 08 mai 2021 à 12:07 +0200, Bastien Durel a écrit :
>> Le 08/05/2021 à 11:56, Stuart Henderson a écrit :
>>>>> Does it work if you use the syntax suggested in the upgrade
>>>>> notes
>>>>> for the example with "pass in on pppoe1 reply-to ..."?
>>>>>
>>>>>
>>>> For incoming connections, I tried
>>>>
>>>> pass in on pppoe0 inet6 reply-to fe80::520f:80ff:fe65:8800%pppoe0
>>>> keep state
>>>> pass in on pppoe0 inet6 reply-to fe80::520f:80ff:fe65:8800 keep
>>>> state
>
> Hello,
>
> Thanks to folks of #openbsd, I found out adding an explicit route to
> fe80::520f:80ff:fe65:8800 on pppoe0 make this work.
> Referencing fe80::520f:80ff:fe65:8800%pppoe0 in pf.conf results in a
> rule referencing fe80::520f:80ff:fe65:8800
>
> pf.conf:
> pass in on pppoe0 inet6 reply-to fe80::520f:80ff:fe65:8800%pppoe0
> pfctl -s rules:
> pass in on pppoe0 inet6 all flags S/SA reply-to fe80::520f:80ff:fe65:8800
>
> hostname.pppoe0:
> !/sbin/route add -inet6 fe80::520f:80ff:fe65:8800 -ifp pppoe0 fe80::%pppoe0
>
> This make pf able to route to the correct interface.
You're right, pf isn't very good at handling link-local v6 addresses. This is
annoying now that route-to uses addresses as it's argument if you want to move
ipv6 packets toward a host with a link local address.
In this situation the least worst way to cope with the problem for now is to
use route-to (pppoe0:0). This should work because route-to doesn't do any local
address checks on the destination address it resolves. Once it looks up the
local address as the direction to send the packet, it should put it straight
out pppoe0. ppp as a tunnel interface has no address resolution protocol, it
just encapsulates the packet it is given and sends it on its way.
route-to also takes a destination address as an argument, not a gateway
address. If dhcp6c sets up a route to some global address that you know about
(I'm not sure this is a thing but it might be), you can use that global address
as the argument to route-to and it will send it in the right direction.
dlg
> Regards,
>
> --
> Bastien
>
