From owner-freebsd-net@FreeBSD.ORG  Thu Sep 11 03:22:08 2014
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id DE79B614
 for <freebsd-net@freebsd.org>; Thu, 11 Sep 2014 03:22:07 +0000 (UTC)
Received: from mail.allbsd.org (gatekeeper.allbsd.org
 [IPv6:2001:2f0:104:e001::32])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.allbsd.org", Issuer "RapidSSL CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id E6A9F272
 for <freebsd-net@freebsd.org>; Thu, 11 Sep 2014 03:22:06 +0000 (UTC)
Received: from alph.d.allbsd.org ([IPv6:2001:2f0:104:e010:862b:2bff:febc:8956])
 (authenticated bits=56)
 by mail.allbsd.org (8.14.9/8.14.8) with ESMTP id s8B3LeR9033292
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Thu, 11 Sep 2014 12:21:52 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Received: from localhost (localhost [IPv6:::1]) (authenticated bits=0)
 by alph.d.allbsd.org (8.14.8/8.14.8) with ESMTP id s8B3LcbC016579;
 Thu, 11 Sep 2014 12:21:40 +0900 (JST) (envelope-from hrs@FreeBSD.org)
Date: Thu, 11 Sep 2014 12:21:05 +0900 (JST)
Message-Id: <20140911.122105.2066013438047221946.hrs@allbsd.org>
To: dan@langille.org
Subject: Re: Configuration for IPv6 over tunnel
From: Hiroki Sato <hrs@FreeBSD.org>
In-Reply-To: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>
References: <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>
X-PGPkey-fingerprint: BDB3 443F A5DD B3D0 A530  FFD7 4F2C D3D8 2793 CF2D
X-Mailer: Mew version 6.6 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO)
Mime-Version: 1.0
Content-Type: Multipart/Signed; protocol="application/pgp-signature";
 micalg=pgp-sha1;
 boundary="--Security_Multipart(Thu_Sep_11_12_21_05_2014_745)--"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: clamav-milter 0.97.4 at gatekeeper.allbsd.org
X-Virus-Status: Clean
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (mail.allbsd.org [IPv6:2001:2f0:104:e001::32]);
 Thu, 11 Sep 2014 12:21:56 +0900 (JST)
X-Spam-Status: No, score=-98.0 required=13.0 tests=CONTENT_TYPE_PRESENT,
 ISO2022JP_BODY,RDNS_NONE,SPF_SOFTFAIL,USER_IN_WHITELIST autolearn=no
 version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
 gatekeeper.allbsd.org
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 11 Sep 2014 03:22:08 -0000

----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)--
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit

Dan Langille <dan@langille.org> wrote
  in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>:

da> IPv6 Tunnel Endpoints
da> Server IPv4 Address:  209.51.x.y
da> Server IPv6 Address:  2001:470:xx06:9ea::1/64
da> Client IPv4 Address:  96.245.100.201
da> Client IPv6 Address:  2001:470:xx06:9ea::2/64
da>
da> Routed /64:           2001:470:xx07:9ea::/64
da>
da> My /etc/rc.conf includes
da>
da> cloned_interfaces="gif0”
da> ifconfig_gif0="tunnel 96.245.100.201 209.51.x.y mtu 1480”
da> ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
da> ifconfig_em0_ipv6="inet6 2001:470:xx07:9ea:1::1”
da> ipv6_defaultrouter="2001:470:xx06:9ea::1"
da> ipv6_gateway_enable=“YES"
da> rtadvd_enable=“YES”

 The following line is enough for ifconfig_gif0_ipv6.  A /128
 configuration works but ugly:

  -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
  +ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2/64"

 Or, you do not need to configure a client side global address in
 subnet of the inter-router link if you use his endpoint as the
 default router.  Reducing the number of global addresses on a box is
 healthy for packet filtering rule management:

  -ifconfig_gif0_ipv6="inet6 2001:470:xx06:9ea::2 2001:470:xx06:9ea::1 prefixlen 128"
  +ifconfig_gif0_ipv6="inet6 auto_linklocal"
  -ipv6_defaultrouter="2001:470:xx06:9ea::1"
  +ipv6_defaultrouter="-interface gif0"

 And if your box works as a router for subnet
 2001:470:xx07:9ea::/64, please add subnet-router anycast address.
 This is mandatory in RFC:

  +ifconfig_em0_ipv6_alias0="inet6 2001:470:xx07:9ea::/64 anycast"

 I think HE's endpoint is properly configured.  You can ping6 to
 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1.

-- Hiroki

----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEABECAAYFAlQRFSEACgkQTyzT2CeTzy07LQCgoZrWd8PL/27uGob+TZs/ETto
w8wAn0Qj3rSANYH41soNbyPLbbNx/bNo
=oU9R
-----END PGP SIGNATURE-----

----Security_Multipart(Thu_Sep_11_12_21_05_2014_745)----