he.net IPv6 tunnel
David Benfell
benfell at parts-unknown.org
Thu Aug 7 04:10:30 UTC 2014
Hi John,
On Wed, Aug 06, 2014 at 11:17:38PM -0000, John Levine wrote:
> This works for me, routing a /64 from HE through a tunnel onto my LAN.
> The IPv6 addresses are all from what HE gave me. Note that the /64
> prefix on the tunnel addresses on gif0 are different from the one for
> the addresses on my LAN.
>
> ----------------------------------------
> # ipv6
> V6NETNUM="2001:470:1f07:1126"
> ipv6_enable="YES"
>
> # v6 tunnel
> gif_interfaces="gif0"
> gifconfig_gif0="64.57.183.18 209.51.161.14"
> ipv6_ifconfig_gif0="2001:470:1f06:1126::2 2001:470:1f06:1126::1 prefixlen 128"
> ipv6_defaultrouter="2001:470:1f06:1126::1"
>
> # route on my LAN
> ipv6_gateway_enable="YES"
> rtadvd_enable="YES"
> rtadvd_interfaces="bce0" # Interfaces rtadvd sends RA packets.
>
> # all the other addresses
> ifconfig_bce0_ipv6="inet6 $V6NETNUM::2 prefixlen 64"
> ------------------------------------------------------
>
> I also have a bunch of aliases on bce0 for local v6 web sites and such, e.g.:
>
> ifconfig_bce0_aliases="$ifconfig_bce0_aliases inet6 $V6NETNUM:0:0:4945:4343 prefixlen 64" # an alias
Oh, I'm having a hard time with this. I think part of my problem is
that the necessary syntax keeps changing, and I'm not sure that the
documentation is keeping up to date. Including, importantly, the
rc.conf man page.
So one thing that seems important to say is that this is FreeBSD
10/STABLE. I see messages that some rc.conf variables above are
"obsolete." So I've tried to update them.
Here's what I've got, and in terms of results, it isn't as far as I'd
gotten. I'm including the IPv4 stuff for reasons which will be
apparent:
ifconfig_em0="inet 50.250.218.161 netmask 255.255.255.240"
ifconfig_em0_alias0="inet 50.250.218.162 netmask 255.255.255.255"
ifconfig_em0_alias1="inet 50.250.218.163 netmask 255.255.255.255"
ifconfig_em0_alias2="inet 50.250.218.164 netmask 255.255.255.255"
ifconfig_em0_alias3="inet 50.250.218.165 netmask 255.255.255.255"
ifconfig_em0_alias4="inet 50.250.218.166 netmask 255.255.255.255"
ifconfig_em0_alias5="inet 50.250.218.167 netmask 255.255.255.255"
ifconfig_em0_alias6="inet 50.250.218.168 netmask 255.255.255.255"
ifconfig_em0_alias7="inet 50.250.218.169 netmask 255.255.255.255"
ifconfig_em0_alias8="inet 50.250.218.170 netmask 255.255.255.255"
ifconfig_em0_alias9="inet 50.250.218.171 netmask 255.255.255.255"
ifconfig_em0_alias10="inet 50.250.218.172 netmask 255.255.255.255"
defaultrouter="50.250.218.174"
#ipv6_enable="YES" (apparently deprecated)
ipv6_activate_all_interfaces="YES"
# IPv6-over-IPv4 tunnel supplied by he.net; ID 258129
V6TUNNUM="2001:470:66:119"
V6NETNUM="2001:470:67:119"
V4TUNSERVER="64.62.134.130"
V4TUNCLIENT="50.250.218.161"
V6TUNSERVER="${V6TUNNUM}::1"
V6TUNCLIENT="${V6TUNNUM}::2"
ipv6_network_interfaces="em0"
#gif_interfaces="gif0" (apparently deprecated)
cloned_interfaces="gif0"
gifconfig_gif0="${V4TUNCLIENT} ${V4TUNSERVER}"
ipv6_ifconfig_gif0="inet6 ${V6TUNCLIENT} ${V6TUNSERVER} prefixlen 128"
ipv6_defaultrouter="${V6TUNSERVER}"
# I don't have a LAN, but this would route on my LAN
#ipv6_gateway_enable="YES"
#rtadvd_enable="YES"
#rtadvd_interfaces="em0" # Interfaces rtadvd sends RA
packets.
# all the other addresses
ifconfig_em0_ipv6="inet6 ${V6NETNUM}::2 prefixlen 64"
#ifconfig_em0_alias11="inet6 ${V6NETNUM}::3 prefixlen 64"
#ifconfig_em0_alias12="inet6 ${V6NETNUM}::4 prefixlen 64"
#ifconfig_em0_alias13="inet6 ${V6NETNUM}::5 prefixlen 64"
#ifconfig_em0_alias14="inet6 ${V6NETNUM}::6 prefixlen 64"
#ifconfig_em0_alias15="inet6 ${V6NETNUM}::7 prefixlen 64"
#ifconfig_em0_alias16="inet6 ${V6NETNUM}::8 prefixlen 64"
#ifconfig_em0_alias17="inet6 ${V6NETNUM}::9 prefixlen 64"
#ifconfig_em0_alias18="inet6 ${V6NETNUM}::10 prefixlen 64"
#ifconfig_em0_alias19="inet6 ${V6NETNUM}::11 prefixlen 64"
#ifconfig_em0_alias20="inet6 ${V6NETNUM}::12 prefixlen 64"
#ifconfig_em0_alias21="inet6 ${V6NETNUM}::13 prefixlen 64"
#ifconfig_em0_alias22="inet6 ${V6NETNUM}::14 prefixlen 64"
Here are the examples in the rc.conf man page:
ifconfig_ed0_ipv6="inet6 2001:db8:1::1 prefixlen 64"
ifconfig_ed0_alias0="inet6 2001:db8:2::1 prefixlen 64"
Notice that the original interface address assignment variable has
_ipv6 on the end of it, but the alias assignment variables do not.
(Smells boobytrap, moves on.) Since the IPv6 alias assignment variable
is the same as the IPv4 alias assignment variable, I figure I need to
pick up the numbering where the IPv4 aliases left off.
Also, it seems weird to me that aliases in IPv4 should be fully
netmasked while the prefixlen in IPv6 is the same as the original. But
this is all magic to me anyway.
The aliases seem to be extremely problematic, which is why I've
commented them out. With your suggested syntax, they didn't appear at
all. When I tried the documented syntax, I lost the route, and I
haven't been able to get it back. Ack!!!!
With what's above:
home% ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
1500
options=4019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO>
ether 44:39:c4:3a:d7:ea
inet 50.250.218.161 netmask 0xfffffff0 broadcast
50.250.218.175
inet6 fe80::4639:c4ff:fe3a:d7ea%em0 prefixlen 64 scopeid 0x1
inet6 2001:470:67:119::2 prefixlen 64
inet 50.250.218.162 netmask 0xffffffff broadcast
50.250.218.162
inet 50.250.218.163 netmask 0xffffffff broadcast
50.250.218.163
inet 50.250.218.164 netmask 0xffffffff broadcast
50.250.218.164
inet 50.250.218.165 netmask 0xffffffff broadcast
50.250.218.165
inet 50.250.218.166 netmask 0xffffffff broadcast
50.250.218.166
inet 50.250.218.167 netmask 0xffffffff broadcast
50.250.218.167
inet 50.250.218.168 netmask 0xffffffff broadcast
50.250.218.168
inet 50.250.218.169 netmask 0xffffffff broadcast
50.250.218.169
inet 50.250.218.170 netmask 0xffffffff broadcast
50.250.218.170
inet 50.250.218.171 netmask 0xffffffff broadcast
50.250.218.171
inet 50.250.218.172 netmask 0xffffffff broadcast
50.250.218.172
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
gif0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1280
inet6 fe80::4639:c4ff:fe3a:d7ea%gif0 prefixlen 64 scopeid 0x3
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
home% ping6 2001:470:67:119::2
PING6(56=40+8+8 bytes) 2001:470:67:119::2 --> 2001:470:67:119::2
16 bytes from 2001:470:67:119::2, icmp_seq=0 hlim=64 time=0.084 ms
16 bytes from 2001:470:67:119::2, icmp_seq=1 hlim=64 time=0.038 ms
16 bytes from 2001:470:67:119::2, icmp_seq=2 hlim=64 time=0.043 ms
^C
--- 2001:470:67:119::2 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.038/0.055/0.084/0.021 ms
I have an IPv6 address associated with em0. But I lost the tunnel:
home% ping6 2001:470:66:119::2
ping6: UDP connect: No route to host
This is also apparent from the ifconfig output. It shows endpoints
when it's working. And for that brief moment when I had it working, I
was able to ping out.
Is the feeding of the preferred (non-deprecated) variables different
from the obsolete (deprecated) variables?
Thanks!
--
David Benfell <benfell at parts-unknown.org>
See https://parts-unknown.org/node/2 if you don't understand the
attachment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140806/53df4ccf/attachment-0001.sig>
More information about the freebsd-questions
mailing list