From nobody Tue Dec 21 16:30:15 2021
X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id A75B918F18E6
	for <freebsd-net@mlmmj.nyi.freebsd.org>; Tue, 21 Dec 2021 16:30:19 +0000 (UTC)
	(envelope-from meka@tilda.center)
Received: from c3po.tilda.center (c3po.tilda.center [108.61.164.129])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4JJMPk40vnz4RF9
	for <freebsd-net@freebsd.org>; Tue, 21 Dec 2021 16:30:18 +0000 (UTC)
	(envelope-from meka@tilda.center)
Received: from tilda.center (178-220-5-137.static.isp.telekom.rs [178.220.5.137])
	by c3po.tilda.center (Postfix) with ESMTPSA id 832513D98C
	for <freebsd-net@freebsd.org>; Tue, 21 Dec 2021 17:30:15 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tilda.center;
	s=c3po; t=1640104215;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type;
	bh=JEl6xiosubFTLNKt8GJTDZt0fDDJ0D62bkDAqVyr+SU=;
	b=IO3K5JgJ8/iE/9TQ23RR2nBkZkNl5hq/dsGiza3iEMkFxm7XWzoqNbJEMS7IVAX1hQnDMk
	Pk+nxewrZ0qpDXYv+gqoq8qjgW2HrEDs/9MZMo16hq7UC/2wYPeyQklzM5F1nf66Bo/gpE
	RXB2DQV027M0j0XMsJ2Qhm7ztrdBTIU=
Date: Tue, 21 Dec 2021 17:30:15 +0100
From: Goran =?utf-8?B?TWVracSH?= <meka@tilda.center>
To: freebsd-net@freebsd.org
Subject: IPv6 with VNET jails
Message-ID: <20211221163015.l5axsxvpksbv7om5@tilda.center>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@freebsd.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="iaynhav7uvg24uys"
Content-Disposition: inline
X-Rspamd-Queue-Id: 4JJMPk40vnz4RF9
X-Spamd-Bar: /
Authentication-Results: mx1.freebsd.org;
	dkim=fail ("headers rsa verify failed") header.d=tilda.center header.s=c3po header.b=IO3K5JgJ;
	dmarc=pass (policy=reject) header.from=tilda.center;
	spf=pass (mx1.freebsd.org: domain of meka@tilda.center designates 108.61.164.129 as permitted sender) smtp.mailfrom=meka@tilda.center
X-Spamd-Result: default: False [0.66 / 15.00];
	 RCVD_VIA_SMTP_AUTH(0.00)[];
	 ARC_NA(0.00)[];
	 NEURAL_SPAM_SHORT(0.75)[0.752];
	 MID_RHS_MATCH_FROM(0.00)[];
	 FROM_HAS_DN(0.00)[];
	 TO_MATCH_ENVRCPT_ALL(0.00)[];
	 R_SPF_ALLOW(-0.20)[+mx];
	 MIME_GOOD(-0.20)[multipart/signed,text/plain];
	 TO_DN_NONE(0.00)[];
	 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
	 NEURAL_SPAM_MEDIUM(0.98)[0.978];
	 RCPT_COUNT_ONE(0.00)[1];
	 R_DKIM_REJECT(0.00)[tilda.center:s=c3po];
	 DKIM_TRACE(0.00)[tilda.center:-];
	 DMARC_POLICY_ALLOW(0.00)[tilda.center,reject];
	 NEURAL_SPAM_LONG(1.00)[1.000];
	 DMARC_POLICY_ALLOW_WITH_FAILURES(-0.50)[];
	 SIGNED_PGP(-2.00)[];
	 FROM_EQ_ENVFROM(0.00)[];
	 MIME_TRACE(0.00)[0:+,1:+,2:~];
	 R_MIXED_CHARSET(0.83)[subject];
	 ASN(0.00)[asn:20473, ipnet:108.61.164.0/22, country:US];
	 RCVD_COUNT_TWO(0.00)[2];
	 RCVD_TLS_ALL(0.00)[]
X-Spam: Yes
X-ThisMailContainsUnwantedMimeParts: N


--iaynhav7uvg24uys
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hello,

I started my research on IPv6 (read: I really don't know anything) and
I'm a bit stuck with VNET jails. I did setup HE tunnel as my ISP is not
providing IPv6 and all devices in my house are happy consumers of rtadvd
config. Router is advertized (rtadvd on my router) and solicitation is
working on laptop/desktop it's all perfect. Now I'm trying to setup IPv6 st=
ack=20
for jails. I already have VNET jails through CBSD so that part is done, but
I can't get past the host with ping. On desktop I have the following
configuration.


/etc/rc.conf:
ipv6_gateway_enable=3D"YES"
cloned_interfaces=3D"bridge0"
ifconfig_bridge0_name=3D"cbsd0"
ifconfig_cbsd0=3D"inet 172.16.0.254 netmask 255.255.255.0 description re0"
ifconfig_cbsd0_alias0=3D"inet 172.16.1.254 netmask 255.255.255.0"
ifconfig_cbsd0_ipv6=3D"inet6 -ifdisabled fd7f:ec06:9415:54a0::1 auto_linklo=
cal"
rtadvd_enable=3D"YES"
rtadvd_interfaces=3D"cbsd0"


/etc/rtadvd.conf:
cbsd0:\
    :addrs#1\
    :addr=3D"fd7f:ec06:9415:54a0::"


Inside jail dhcpcd is getting IPv4 and IPv6 addresses
dhcpcd-9.4.1 starting
DUID 00:01:00:01:29:3e:0f:56:00:a0:98:c7:f7:f4
eth0: waiting for carrier
eth0: carrier acquired
eth0: IAID 98:c7:f7:f4
eth0: adding address fe80::ad6b:eea1:3ccb:d886
eth0: rebinding lease of 172.16.0.110
eth0: probing address 172.16.0.110/24
eth0: soliciting an IPv6 router
eth0: Router Advertisement from fe80::5a9c:fcff:fe10:ff90
eth0: adding address fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e/64
eth0: adding route to fd7f:ec06:9415:54a0::/64
eth0: adding default route via fe80::5a9c:fcff:fe10:ff90
eth0: leased 172.16.0.110 for 459 seconds
eth0: adding route to 172.16.0.0/24
eth0: adding default route via 172.16.0.254
forked to background, child pid 14445


Inside jail ifconfig (eth0 is epair device)
lo0: flags=3D8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
	options=3D680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
	inet 127.0.0.1 netmask 0xff000000
	groups: lo
	nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=3D0<> metric 0 mtu 33160
	groups: pflog
eth0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=3D8<VLAN_MTU>
	ether 00:a0:98:c7:f7:f4
	hwaddr 02:45:96:40:d1:0b
	inet6 fe80::ad6b:eea1:3ccb:d886%eth0 prefixlen 64 scopeid 0x3
	inet6 fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e prefixlen 64 autoconf
	inet 172.16.0.110 netmask 0xffffff00 broadcast 172.16.0.255
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
	status: active
	nd6 options=3D1<PERFORMNUD>


Inside jail netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            172.16.0.254       UG         eth0
127.0.0.1          link#1             UH          lo0
172.16.0.0/24      link#3             U          eth0
172.16.0.110       link#3             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     N=
etif Expire
::/96                             ::1                           UGRS       =
 lo0
default                           fe80::5a9c:fcff:fe10:ff90%eth0 UG        =
eth0
::1                               link#1                        UHS        =
 lo0
::ffff:0.0.0.0/96                 ::1                           UGRS       =
 lo0
fd7f:ec06:9415:54a0::/64          link#3                        U          =
eth0
fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e link#3                  UHS        =
 lo0
fe80::/10                         ::1                           UGRS       =
 lo0
fe80::%lo0/64                     link#1                        U          =
 lo0
fe80::1%lo0                       link#1                        UHS        =
 lo0
fe80::%eth0/64                    link#3                        U          =
eth0
fe80::ad6b:eea1:3ccb:d886%eth0    link#3                        UHS        =
 lo0
ff02::/16                         ::1                           UGRS       =
 lo0

Inside jail ping -c 1 fd7f:ec06:9415:54a0::1
PING6(56=3D40+8+8 bytes) fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e --> fd7f:e=
c06:9415:54a0::1
16 bytes from fd7f:ec06:9415:54a0::1, icmp_seq=3D0 hlim=3D64 time=3D0.076 ms

--- fd7f:ec06:9415:54a0::1 ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev =3D 0.076/0.076/0.076/0.000 ms


Inside jail ping <host's routable IPv6 address>
PING6(56=3D40+8+8 bytes) fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e --> <host'=
s routable IPv6 address>
16 bytes from <host's routable IPv6 address>, icmp_seq=3D0 hlim=3D64 time=
=3D0.127 ms

--- <host's routable IPv6 address> ping6 statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev =3D 0.127/0.127/0.127/0.000 ms


Inside jail ping -6 -c 1 google.com
PING6(56=3D40+8+8 bytes) fd7f:ec06:9415:54a0:87d8:f1d6:6e4e:f70e --> 2a00:1=
450:400d:806::200e

--- google.com ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


My assumption is that addresses starting with fd are something like
192.168.0.0/24, for example. How wrong am I and what am I doing wrong?

Regards,
meka

--iaynhav7uvg24uys
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEE1WIFkXy2ZeMKjjKEWj1TknovrLYFAmHCARMACgkQWj1Tknov
rLY60g//es/xNwAwOTW/gUxcZbdk3h5Nr1ioqlWnaKvAb2rAomywgH0DxV5QhJhG
9QZHrTFpaFWuk6KHypl2KPGvNptjsGkoIcyZFzYGiXPKu8iaUx6XR3oVB0ttqrgd
px4YLWrah9Kiv7t3gKuzKUIKVBuhP2imc72DZ/t8uUIprwUvXaPFfrsvURq9ryWY
6pC2+PeiZPFd1bgJijusmHstSEp98ZzEsBYvprRwWPU/JoxjUJEfoq7F13zmaIBL
hgN4vGkHlN2zbWWn+e7PRQbOQMRoji6jifO6KrJlqQBfgIebeEBbM0khuV6ghSH5
Ffp323BpgAgNeizmmQ4GbTXS3pr7PaFWEuSgSk2agHczEmFzVYTYnJcoktKx+/sA
LLYgiynokfICFumR/iS4RD+MLXhW1DAw+hCcUsocvoatkQ/Cg0/wB5X3lV+/unFD
rzqe3ISNCsQlxXAmtfueUWHpnDdjUBmKCLitffBvjZ1jzpfgrAqpIkeWqv+NNwgD
dF1Q/22Wrpnf3yGimWRGFK/zKQUY5CkdqKRIS9Qio29adB60fIAwskICexzJPe/W
5fIsgboZxxlj6ly0OvxOEsrrKuuvkMuqGTbe9npGD9Gq+lRlW3CJb/Yyln3w5W2+
gjycbF+Wphlfo2DLSnvihrXd7edyEsjgnwYk+afZER5H1Q9wCIA=
=209u
-----END PGP SIGNATURE-----

--iaynhav7uvg24uys--