IPv6 tunnel problem

Fri Apr 15 07:03:37 UTC 2011

Hi all,

I'm having some trouble with my IPv6 tunnel lately (net/gateway6 port).

I'm running revision 220613.

The tunnel runs fine on 8.2, I can ping6 ipv6.google.com from all 
interfaces using all IPv6 addresses. Route Advertisements are sent, 
Linux Machines, Mac OS X machiens and FreeBSD 8.2/8.1 machines are all 
receiveing the advertisements and are able to ping and use the IPv6 network.

On the machines running CURRENT anyhow, route advertisements don't work. 
They arrive at the interface, but nothing happens.
If i set up an IPv6 address and route by hand, I don't get anywhere, as 
it's permanently marked as "tentative", and trying to use that address 
as source address in ping6 results in:

ping6: bind: Can't assign requested address

This brings me to my main problem: the tunnel. If I set up a tunnel on a 
CURRENT machine, the tunnel gets set up (because it's IPv4) but the IPv6 
part does not work. I'm not able to send pings (which means KEEPALIVES 
are not sent either), so it just doesn't work.

I'm using IPv6 in UDP over IPv4 tunneling, as that's what I use on the 
8.2 machine as well.

The error when trying to ping on the CURRENT machine where the tunnel 
runs( for the short period the tunnel is up) is:

ping6: sendmsg: Network is down

Route advertisements are not sent either, as again, the IPv6 address 
assigned to the interface by the tunnel is marked as tentative, so 
rtadvd refuses to work.

Something is badly broken with IPv6 and/or NDP.

More info about the systems:

Interfaces in use on the machines running CURRENT:

bge0 and em0

Interfaces on the working 8.2 machine:

fxp0 and em0

sysctls on the broken machines when in router mode:

net.inet6.ip6.forwarding: 1
net.inet6.ip6.redirect: 1
net.inet6.ip6.hlim: 64
net.inet6.ip6.maxfragpackets: 6400
net.inet6.ip6.accept_rtadv: 0
net.inet6.ip6.keepfaith: 0
net.inet6.ip6.log_interval: 5
net.inet6.ip6.hdrnestlimit: 15
net.inet6.ip6.dad_count: 1
net.inet6.ip6.auto_flowlabel: 1
net.inet6.ip6.defmcasthlim: 1
net.inet6.ip6.gifhlim: 30
net.inet6.ip6.kame_version: FreeBSD
net.inet6.ip6.use_deprecated: 1
net.inet6.ip6.rr_prune: 5
net.inet6.ip6.v6only: 1
net.inet6.ip6.rtexpire: 3600
net.inet6.ip6.rtminexpire: 10
net.inet6.ip6.rtmaxcache: 128
net.inet6.ip6.use_tempaddr: 0
net.inet6.ip6.temppltime: 86400
net.inet6.ip6.tempvltime: 604800
net.inet6.ip6.auto_linklocal: 1
net.inet6.ip6.prefer_tempaddr: 0
net.inet6.ip6.use_defaultzone: 0
net.inet6.ip6.maxfrags: 6400
net.inet6.ip6.mcast_pmtu: 0
net.inet6.ip6.mcast.loop: 1
net.inet6.ip6.mcast.maxsocksrc: 128
net.inet6.ip6.mcast.maxgrpsrc: 512
security.jail.param.ip6.saddrsel: 0
security.jail.param.ip6.: 0

on the working machine router mode:

net.inet6.ip6.forwarding: 1
net.inet6.ip6.redirect: 1
net.inet6.ip6.hlim: 64
net.inet6.ip6.maxfragpackets: 6400
net.inet6.ip6.accept_rtadv: 0
net.inet6.ip6.keepfaith: 0
net.inet6.ip6.log_interval: 5
net.inet6.ip6.hdrnestlimit: 15
net.inet6.ip6.dad_count: 1
net.inet6.ip6.auto_flowlabel: 1
net.inet6.ip6.defmcasthlim: 1
net.inet6.ip6.gifhlim: 30
net.inet6.ip6.kame_version: FreeBSD
net.inet6.ip6.use_deprecated: 1
net.inet6.ip6.rr_prune: 5
net.inet6.ip6.v6only: 1
net.inet6.ip6.rtexpire: 3600
net.inet6.ip6.rtminexpire: 10
net.inet6.ip6.rtmaxcache: 128
net.inet6.ip6.use_tempaddr: 0
net.inet6.ip6.temppltime: 86400
net.inet6.ip6.tempvltime: 604800
net.inet6.ip6.auto_linklocal: 1
net.inet6.ip6.prefer_tempaddr: 0
net.inet6.ip6.use_defaultzone: 0
net.inet6.ip6.maxfrags: 6400
net.inet6.ip6.mcast_pmtu: 0
net.inet6.ip6.mcast.loop: 1
net.inet6.ip6.mcast.maxsocksrc: 128
net.inet6.ip6.mcast.maxgrpsrc: 512

If they're not routers:

net.inet6.ip6.forwarding: 0
net.inet6.ip6.redirect: 0
net.inet6.ip6.accept_rtadv: 1

And on the interfaces

ifconfig em0 inet6 accept_rtadv

And finally I have a question:

Why is there a net.inet6.ip6.accept_rtadv sysctl?
If we have to enable/disable route advertisements per interface, this 
sysctl shouldn't be there at all.
Immagine a system (like mine) where you have multiple interfaces, and 
which acts as IPv6 router amongst other stuff.

Shouldn't you be able to deactivate route advertisements on one 
interface, which is where route advertisements are sent from, but enable 
it on the other ones, so you don't need to statically configure them? If 
there's a sysctl, you'll disable and enable route advertisements for the 
whole machine, so the per interface stuff is useless, or am I wrong?

Mat