Date: Sat, 19 Aug 2006 08:41:22 -0400 From: gnn@freebsd.org To: Julien =?ISO-8859-1?Q?Abeill=E9?= <julienabeille@yahoo.fr> Cc: freebsd-net@freebsd.org Subject: Re: Re : ipv6 in ipv6 tunnel with FreeBSD 4.11 Message-ID: <m2lkpkyk25.wl%gnn@neville-neil.com> In-Reply-To: <20060819114513.39092.qmail@web26611.mail.ukl.yahoo.com> References: <m24pw9zqzm.wl%gnn@neville-neil.com> <20060819114513.39092.qmail@web26611.mail.ukl.yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At Sat, 19 Aug 2006 11:45:13 +0000 (GMT), Julien Abeill=E9 wrote: >=20 > Hi George, > =20 > thanks for your answer. A few precisions then: I do two setups in > fact, one on IMUNES network emulator (this is why I use FreeBSD > 4.11), one with 4 real machines. The one with four real machines has > no tunnel endpoint. I know it is a bit weard, but the other machines > are linux machines, and I did not want to go in compatibility > problems (if there are some?). I don't know if there are compatability issues with Linux but I doubt it as the same people developed the protocol stacks, at least initially. > On this testbed (with the real machines), I just send trafic from M3 > through the FreeBSD machine. I did not set > ipv6_gateway_enable=3D"YES", but use sysctl. I do not have a BSD here > (internet cafe) so i do not remember the exact parameter > (net.inet6.ip6.forwarding?) but i set ipv6 forwarding to one and > without tunnels I can ping from one end to the other. One question: > are the two tunnel endpoints supposed to negociate something? If > yes, I do need another endpoint. Nope, they don't need to negotiate anything, the machines are just acting as routers. You also need to have appropriate routes set. > In the IMUNES simulation, I have the 4 machines inline the same way > (M1 M2 M3 M4 ) and setup the tunnel on M2 and M3 (between b::1 and > b::2). It works but with hop count limit=3D0. I did the same setup > with 5 machines inline (M1 M2 M3 M4 M5) and a tunnel between M2 and > M4. It does not work anymore: if i send trafic through the tunnel > from M2 to M4, M3 discards the packets and sends an icmpv6 "time > exceeded..." message to M2. > =20 That is odd, but it may be that one of the machines is considering the next hop address to be link local, and not global, in which case it might set the hop limit to be 1, and then it would be decremented to 0 at the other end of the tunnel. Make sure you're not using link local addresses on your tunnel endpoints. > I will try on monday without giving an IPv6 address to the gif > interface. Indeed I followed the instructions on the FreeBSD > handbook section IPv6 for IPv6 in IPv4 tunnels. The problem is I did > not find any instructions for IPv6 in IPv6. The only thing I found > in kame was: "be careful with IPv6 in IPv6 and IPv4 in IPv4 tunnels > which often result in infinite routing in the kernel". Maybe it is > what is happening here. It could be, but I don't have a setup like that to test. You might also ask on the kame-snap@kame.net mailing list as well. Also, keep freebsd-net@freebsd.org cc'd as someone else might be able to answer this better than I. Later, George
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?m2lkpkyk25.wl%gnn>