Thanks.
On Wed, Jul 11, 2018 at 1:46 PM, Dan McDonald <[email protected]> wrote: > > > > On Jul 11, 2018, at 1:14 PM, Sam Nicholson <[email protected]> wrote: > > > > What's the (an) accepted way of making an ipv6-to-4 tunnel persist > across reboots? > > This config works for me: > > > > ifconfig ip.tun0 inet6 plumb > > ifconfig ip.tun0 inet6 tsrc ${myIPV4) tdst ${remoteIPV4) up > > ifconfig ip.tun0 inet6 addif $(myIPV6) ${remoteIPV6) up > > route add -inet6 default ${remoteIPV6) > > > > > > I can create a local service, surely, and call the above from a script. > > Yeah. I do this (/etc/rc3.d/S99ipsec) for IPsec tunnels I maintain one > some SmartOS instances. SmartOS zones don't keep dladm persistent state. > > [root@danmcd-ipsec0 ~]# more /etc/rc3.d/S99ipsec > # KEBE SAYS do horrible hacks here. > > # Plumb the tunnels, as SmartOS doesn't help here at all. > dladm create-iptun -t -T ipv4 -a local=A.B.C.D -a remote=w.x.y.z kebetun0 > ifconfig kebetun0 plumb `cat /etc/hostname.kebetun0` up > dladm create-iptun -t -T ipv4 -a local=A.B.C.D -a remote=a.b.c.d jpctun0 > ifconfig jpctun0 plumb `cat /etc/hostname.jpctun0` up > > # Then, make net0 able to forward packets. > ifconfig net0 router > > # Establish routing, because the SmartOS networking won't let you. > route add E.F.G.0/24 E.F.G.1 > route add H.I.J.0/24 H.I.J.1 > > # Next, get IPsec and IKE to initiate, since we're behind the NAT here. > #ping -n E.F.G.1 > /opt/kebe/sbin/refresh-ipsec > [root@danmcd-ipsec0 ~]# > > Dan > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125 Powered by Listbox: https://www.listbox.com
