Date: Thu, 11 Sep 2014 12:21:05 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: dan@langille.org Cc: freebsd-net@freebsd.org Subject: Re: Configuration for IPv6 over tunnel Message-ID: <20140911.122105.2066013438047221946.hrs@allbsd.org> In-Reply-To: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org> References: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help
----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)-- Content-Type: Text/Plain; charset=iso-2022-jp Content-Transfer-Encoding: 7bit Dan Langille <dan@langille.org> wrote in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>: da> IPv6 Tunnel Endpoints da> Server IPv4 Address: 209.51.x.y da> Server IPv6 Address: 2001:470:xx06:9ea::1/64 da> Client IPv4 Address: 96.245.100.201 da> Client IPv6 Address: 2001:470:xx06:9ea::2/64 da> da> Routed /64: 2001:470:xx07:9ea::/64 da> da> My /etc/rc.conf includes da> da> cloned_interfaces="gif0” da> ifconfig_gif0="tunnel 96.245.100.201 209.51.x.y mtu 1480” da> ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128" da> ifconfig_em0_ipv6="inet6 2001:470:xx07:9ea:1::1” da> ipv6_defaultrouter="2001:470:xx06:9ea::1" da> ipv6_gateway_enable=“YES" da> rtadvd_enable=“YES” The following line is enough for ifconfig_gif0_ipv6. A /128 configuration works but ugly: -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128" +ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2/64" Or, you do not need to configure a client side global address in subnet of the inter-router link if you use his endpoint as the default router. Reducing the number of global addresses on a box is healthy for packet filtering rule management: -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128" +ifconfig_gif0_ipv6="inet6 auto_linklocal" -ipv6_defaultrouter="2001:470:xx06:9ea::1" +ipv6_defaultrouter="-interface gif0" And if your box works as a router for subnet 2001:470:xx07:9ea::/64, please add subnet-router anycast address. This is mandatory in RFC: +ifconfig_em0_ipv6_alias0="inet6 2001:470:xx07:9ea::/64 anycast" I think HE's endpoint is properly configured. You can ping6 to 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1. -- Hiroki ----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)-- Content-Type: application/pgp-signature Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEABECAAYFAlQRFSEACgkQTyzT2CeTzy07LQCgoZrWd8PL/27uGob+TZs/ETto w8wAn0Qj3rSANYH41soNbyPLbbNx/bNo =oU9R -----END PGP SIGNATURE----- ----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140911.122105.2066013438047221946.hrs>