On Fri, Mar 15, 2019 at 04:15:55PM +1000, David Gwynne wrote:
>
>
> > On 14 Mar 2019, at 19:36, Otto Moerbeek <[email protected]> wrote:
> >
> > Hi,
> >
> > So i have a little IPv6 problem.
> >
> > I have a machine in colocation that has IPv6. I have my home cable
> > modem connection that does not have it.
> >
> > So I thought: I make my own tunnel. First I tried gif(4), that worked,
> > but only after some fighting with mtu settings on all hosts on my home
> > net via rad. Performance was kinda bad. So I'm looking for an
> > alternative. I thougt: IPSEC should be able to do this.
> >
> > I have a flow from my locally created IPv6 net to any and vice versa.
> > THe flow itself works.
> >
> > There I ran into the trouble that you cannot specify a default
> > gateway, since my remote gw (the host in colo) it is not reachable
> > according to route(8).
> >
> > How does one solve the default route problem? I never really
> > understood how routing works in the presense of IPSEC flows.
>
> Can you elaborate on what gif and slow meant? Also, you should be able to use
> gif with whatever MTU you want, even 1500 on the gif interface and fragments
> over the internet. You could also try gre, but I doubt it would be different
> to gif in terms of performance and support for MTU/fragmentation.
>
> If you want ipsec and routes, you would still use tunnel and get IPsec to
> protect it. Or you could trick someone into making something like Cisco's vti
> a thing in OpenBSD.
>
> dlg
gif tunnel:
ifconfig gif0 inet6 2a02:898:216:3::2 2a02:898:216:3::1 prefixlen 128
and viceversa on th eother end.
So gif tunnel with default options. With that it showed an an mtu of
1280 in ifconfig so I assumed that would be the max. I have a
200 Mb/s cable connection. Downloading IPv4 I reach that. With IPV6
often it would be 10% of that. Plus it would only work reliably if the
hosts in my net use an mtu of 1280 (manually or via rad).
I now have a ipsec tunnel and that does 55 Mb/s (APU2 on both
ends) without any need for config on the hosts in my local net.
-Otto
