Date: Mon, 19 Nov 2018 00:22:23 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 233283] IPv6 routing problem when using FreeBSD as a VPS at a cloud provider Message-ID: <bug-233283-227-4tHP3plSwO@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-233283-227@https.bugs.freebsd.org/bugzilla/> References: <bug-233283-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D233283 Bjoern A. Zeeb <bz@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|Affects Many People |Affects Some People CC| |bz@FreeBSD.org Assignee|bugs@FreeBSD.org |net@FreeBSD.org --- Comment #4 from Bjoern A. Zeeb <bz@FreeBSD.org> --- (In reply to peos42 from comment #0) I used to have such a setup with a very well known European hoster. It's idiotic IPv4 behaviour (and was exactly that there as well) and it'll eventually cause them a lot of trouble in IPv6 land as their neighbour tabl= es on the L2/3 device in front of you can easily fill up. My European one aft= er 1.5 years of silence has just updated and rolled out the new setup with a transition period years after. They never said anything but I was happy th= ey listened. The solution for any hoster is to have a fe80::1/64 as a default gateway on= all interfaces for all customers. It's a link-local address, there'll not be t= oo many of them and then, given they know the ether address of their customers route whatever network their customers get to that; no extra neighbour table addresses; their router is a lot less attackable as there's no public /64 on each interface, etc. So much more to say about all this but that's their problem and not yours. You can still make this work with FreeBSD and some "glue" and magic and I'll just braindump here what comes to my mind: (a) set your ipv6_default_interface to your external interface (b) look at ndp -an to find your routers link-local address and then set ipv6_defaultrouter=3D"fe80:....%${ipv6_default_interface}" Note this is a hack as that address can change if your hoster changes things or moves the VM around; in a more or less static setups it works; it could be "automated"; (c) I wonder if ping6 -n ff02::2%<interface> will give you answers, that sh= ould be the same address as in (b). If the address from (b) changes you might be out of luck and the best you could do is to script a "checker" which valida= tes the address every minute and updates the IPv6 default route accordingly. (d) The above assumes that calling rtsol on the interface doesn't help you = in that setup. Would be great if it would. (e) alternatively: you might be able to set the default gateway using -link= ;=20 can't remember if that works; haven't tried that in years. Try and see if you can work it out from there. I'd be curious to hear... --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-233283-227-4tHP3plSwO>