I noticed in ndp.c code to add a netmask to an ipv6 address proxy was #if 0
Is this a philosophical "proxying more than 1 IPv6 address is wrong", lack of time, lack of interest? My application is bridging a single IPv6 subnet over openvpn such that xx::23:34:56 | <-> [client1] gateway <-> extif[firewall] <-vpn-> | xx::3a:bc:de xx::1 xx::2 | <-> [client2] where xx is the same in all places. I have a /64 from my virtual host provider. As ndp proxying works now, if client's address was fixed, ndp proxy at firewall would work if client's address isn't fixed (e.g. privacy) then a new ndp proxy would have to be put in place potentially overflowing tables in firewall. I haven't looked at ip6 routing in the kernel... If some knowledgeable person sees this, is there a simple answer? thanks, Geoff Steckel
