Configuration for IPv6 over tunnel

Dan Langille dan at langille.org
Thu Sep 11 17:50:28 UTC 2014 

On Sep 10, 2014, at 11:21 PM, Hiroki Sato <hrs at FreeBSD.org> wrote:

> Dan Langille <dan at langille.org> wrote
>  in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D at langille.org>:
> 
> da> IPv6 Tunnel Endpoints
> da> Server IPv4 Address:  209.51.x.y
> da> Server IPv6 Address:  2001:470:xx06:9ea::1/64
> da> Client IPv4 Address:  96.245.100.201
> da> Client IPv6 Address:  2001:470:xx06:9ea::2/64
> da>
> da> Routed /64:           2001:470:xx07:9ea::/64
> da>
> da> My /etc/rc.conf includes
> da>
> da> cloned_interfaces="gif0”
> da> ifconfig_gif0="tunnel 96.245.100.201 209.51.x.y mtu 1480”
> da> ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
> da> ifconfig_em0_ipv6="inet6 2001:470:xx07:9ea:1::1”
> da> ipv6_defaultrouter="2001:470:xx06:9ea::1"
> da> ipv6_gateway_enable=“YES"
> da> rtadvd_enable=“YES”
> 
> The following line is enough for ifconfig_gif0_ipv6.  A /128
> configuration works but ugly:
> 
>  -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
>  +ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2/64"
> 
> Or, you do not need to configure a client side global address in
> subnet of the inter-router link if you use his endpoint as the
> default router.  Reducing the number of global addresses on a box is
> healthy for packet filtering rule management:
> 
>  -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
>  +ifconfig_gif0_ipv6="inet6 auto_linklocal"
>  -ipv6_defaultrouter="2001:470:xx06:9ea::1"
>  +ipv6_defaultrouter="-interface gif0"
> 
> And if your box works as a router for subnet
> 2001:470:xx07:9ea::/64, please add subnet-router anycast address.
> This is mandatory in RFC:
> 
>  +ifconfig_em0_ipv6_alias0="inet6 2001:470:xx07:9ea::/64 anycast"
> 
> I think HE's endpoint is properly configured.  You can ping6 to
> 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1.

I added in the anycast just now.

Before:

$ ifconfig re0
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether e0:cb:4e:24:f0:ff
	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
	inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2 
	inet6 2001:470:xx07:9ea:1::1 prefixlen 64 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex,master>)
	status: active

# ifconfig re0 inet6 2001:470:xx07:9ea::/64 anycast alias

After:

$ ifconfig re0
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
	ether e0:cb:4e:42:f0:ff
	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
	inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2 
	inet6 2001:470:xx07:9ea:1::1 prefixlen 64 
	inet6 2001:470:xx07:9ea:: prefixlen 64 anycast 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex,master>)
	status: active


Then I manually configured my Macbook to have:

Router: 2001:470:xx07:9ea:1::1

IPv6 Address:  2001:470:xx07:9ea:1::1111

Prefix length: 64



$ ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1480
	tunnel inet 96.245.xx.yy --> 209.51.161.14
	inet6 fe80::21b:21ff:fe51:ab2d%gif0 prefixlen 64 scopeid 0xd 
	inet6 2001:470:xx06:9ea::2 --> 2001:470:xx06:9ea::1 prefixlen 128 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	options=1<ACCEPT_REV_ETHIP_VER>


Let’s see how this goes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 333 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20140911/d715a07b/attachment.sig>

More information about the freebsd-net mailing list