On Thu, 2005-05-26 at 09:39 -0400, Alex Kirk wrote: > > > Google(openbsd ipv6) first hit: > > > http://rollcage.bl.echidna.id.au/IPv6/openbsd.html > > > > heh, I wrote that -years- ago, it's probably completely out of > > date and wrong now! > > > > > > Ding! We have a winner! :-) > > Seriously, I ran across this pretty quickly myself, but seeing as how this is > for 2.9 and the current version is 3.7, it's really, *really* out of date. > There's a whole new firewall, among other things...and to give you an idea of > the age of that page, there's a new release every 6 months. I'm not a total > idiot, I was just hoping for docs that aren't 4 years old. ;-)
You asked how to setup a tunnel, not anything else, and that didn't change much from what is on the above page. > As for routing tables, etc., here you go: > > schnarff.com:~$ route -n show -inet6 > Routing tables > > Internet6: > Destination Gateway Flags > default ::1 UG > default ::1 UG > default 2001:5c0:8fff:fffe::28f4 UG Remove the first two defaults. <SNIP> > gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 > physical address inet 66.92.172.50 --> 206.123.31.116 > inet6 fe80::210:4bff:fecc:1f2e%gif0 -> prefixlen 64 scopeid 0x7 > inet6 2001:5c0:8fff:fffe::28f5 -> 2001:5c0:8fff:fffe::28f4 prefixlen > 128 Try pinging 2001:5c0:8fff:fffe::28f5, 2001:5c0:8fff:fffe::28f4 etc and then try something remote, or just try something remote and see if that works. If you can't ping the ::28f4 then your tunnel is broken, use tcpdump on the IPv4 interface (fxp0 in your case) to see if you get any packets, like proto-41 unreach back from the remote side or from intermediate routers. Or if you get packets back but the kernel filters them out -> firewall issue. > Relevant pieces of tspc.conf: > > auth_method=any > userid=schnarff > password=<like I said, not a total idiot ;-)> You do have 3 default routes otherwise ;) <SNIP> > I suspect that my problem is that I have > > default ::1 UG Of course that is the issue, you are sending most traffic to yourself. > in my inet6 routing tables before anything else. The reason I haven't just > tried > "route delete -inet6 -net ::0" (or whatever the address syntax would be for a > default route, since for IPv4 it's -net 0.0.0.0) is that I'm not at the same > physical location as the box in question (which is running my mail, among > other > things), and I *really* don't want to accidentally whack my IPv4 default route Good thing about IPv6, you can destroy it and IPv4 keeps working. Alternatively when you have IPv4 and IPv6 native, like me, either of the two can die, get firewalled and it will still work ;) "route -6 delete -inet6 default", twice, should work. The reason why you have it twice though, might only be when it is on two interfaces, looks weird and is wrong either way. Greets, Jeroen
signature.asc
Description: This is a digitally signed message part
