Hello,
I use IPv6 for a while on a NetBSD server but I have replaced my old
ADSL connection for a new fiber connection.
With my old ISP, my IPv6 access was done through a VPN (OpenVPN/TAP) to
a Linux server I have installed in a datacenter. Now, my new ISP
provides IPv6 and I try to route IPv6 through NetBSD. And, of course, it
doesn't run as expected.
My IPv6 network is PREFIX:a00::/56
Network configuration:
ISP
PREFIX:a00::1/56
|
+--------------------------------------------+
| |
wm2 wlan0
PREFIX:a00::3/64 PREFIX:a00::2/64
legendre (NetBSD-10) rayleigh (Linux 6.4)
lagg0 re0 lan0
PREFIX:a10::128/64 PREFIX:a01::2/64 PREFIX:a01::1/64
| | |
| +------------------------+
| DMZ
LAN
Legendre has other network interfaces, but without IPv6.
Rayleigh's IPv6 routes:
Destination Next Hop Flag Met Ref
Use If
PREFIX:a00::/64 [::] U 256 8 0 wan0
PREFIX:a01::/64 [::] U 256 9 0 lan0
PREFIX:a10::/64 PREFIX:a01::2 UG 1 4 0 lan0
...
[::]/0 PREFIX:a00::1 UGH 1024 9 0 wan0
Legendre's IPv6 routes:
default PREFIX:a00::1 UGS -
- - wm2
PREFIX:a00::/64 link#3 UC
- - - wm2
PREFIX:a00::3 link#3 UHl
- - - lo0
PREFIX:a01::/64 link#4 UC
- - - re0
PREFIX:a01::2 link#4 UHl
- - - lo0
PREFIX:a10::/64 link#12 UC
- - - lagg0
PREFIX:a10::128 link#12 UHl
- - - lo0
PREFIX:a10:d65d:64ff:feb4:9a3b d4:5d:64:b4:9a:3b UHL
- - - lagg0
PREFIX:a01::1 00:60:cf:21:a9:5a UHL
- - - re0
PREFIX:a00::1 24:d7:9c:a5:0c:74 UHL
- - - wm2
PREFIX:a00::2 50:46:5d:72:ef:a2 UHL
- - - wm2
I have configured rtadvd on legendre and all workstations on LAN side
have taken a new IPv6 autoconfigured address. For example :
- pythagore (FreeBSD) : PREFIX:a10:3a2c:4aff:fe70:14d1
- hilbert (Linux) : PREFIX:a10:d65d:64ff:feb4:9a3b
All workstations on LAN can ping another workstation on LAN, legendre
/and/ rayleigh. Thus NetBSD is able to route IPv6 from LAN to rayleigh.
Successfully pings:
- from legendre to rayleigh;
- from rayleigh to legendre;
- from a lan workstation to rayleigh;
- from rayleigh to a lan workstation;
- from rayleigh to public gateway;
- from legendre to public gateway.
But from LAN, IPv6 public network is unreachable. For example:
hilbert:[~] > ping6 www.google.fr
PING www.google.fr(par10s39-in-x03.1e100.net (2a00:1450:4007:807::2003))
56 data bytes
On legendre (NetBSD server), tcpdump on wm2 (public interface) shows:
legendre# tcpdump -i wm2 -p ip6
09:28:19.696443 IP6 PREFIX:a10:d65d:64ff:feb4:9a3b >
par10s39-in-x03.1e100.net: ICMP6, echo request, seq 16, length 64
09:28:20.720469 IP6 PREFIX:a10:d65d:64ff:feb4:9a3b >
par10s39-in-x03.1e100.net: ICMP6, echo request, seq 17, length 64
Thus, icmp packets received from lan side are sent to public interface,
but there is no answer.
Legendre uses npf. I can post here npf.conf, but I'm not sure that this
trouble comes from npf. I have tested without npf and results are similar.
Best regards,
JB
