Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Sep 2014 13:50:01 -0400
From:      Dan Langille <dan@langille.org>
To:        Hiroki Sato <hrs@FreeBSD.org>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Configuration for IPv6 over tunnel
Message-ID:  <94C9C202-EFEC-4689-A5CF-B3E6FE20F4CC@langille.org>
In-Reply-To: <20140911.122105.2066013438047221946.hrs@allbsd.org>
References:  <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org> <20140911.122105.2066013438047221946.hrs@allbsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=iso-2022-jp


On Sep 10, 2014, at 11:21 PM, Hiroki Sato <hrs@FreeBSD.org> wrote:

> Dan Langille <dan@langille.org> wrote
>  in <14E3A97C-4FCB-4A2C-B22F-3D0849CECA2D@langille.org>:
>=20
> da> IPv6 Tunnel Endpoints
> da> Server IPv4 Address:  209.51.x.y
> da> Server IPv6 Address:  2001:470:xx06:9ea::1/64
> da> Client IPv4 Address:  96.245.100.201
> da> Client IPv6 Address:  2001:470:xx06:9ea::2/64
> da>
> da> Routed /64:           2001:470:xx07:9ea::/64
> da>
> da> My /etc/rc.conf includes
> da>
> da> cloned_interfaces=3D"gif0=1B$B!I=1B(B
> da> ifconfig_gif0=3D"tunnel 96.245.100.201 209.51.x.y mtu 1480=1B$B!I=1B=
(B
> da> ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2 =
2001:470:xx06:9ea::1 prefixlen 128"
> da> ifconfig_em0_ipv6=3D"inet6 2001:470:xx07:9ea:1::1=1B$B!I=1B(B
> da> ipv6_defaultrouter=3D"2001:470:xx06:9ea::1"
> da> ipv6_gateway_enable=3D=1B$B!H=1B(BYES"
> da> rtadvd_enable=3D=1B$B!H=1B(BYES=1B$B!I=1B(B
>=20
> The following line is enough for ifconfig_gif0_ipv6.  A /128
> configuration works but ugly:
>=20
>  -ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2 =
2001:470:xx06:9ea::1 prefixlen 128"
>  +ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2/64"
>=20
> Or, you do not need to configure a client side global address in
> subnet of the inter-router link if you use his endpoint as the
> default router.  Reducing the number of global addresses on a box is
> healthy for packet filtering rule management:
>=20
>  -ifconfig_gif0_ipv6=3D"inet6 2001:470:xx06:9ea::2 =
2001:470:xx06:9ea::1 prefixlen 128"
>  +ifconfig_gif0_ipv6=3D"inet6 auto_linklocal"
>  -ipv6_defaultrouter=3D"2001:470:xx06:9ea::1"
>  +ipv6_defaultrouter=3D"-interface gif0"
>=20
> And if your box works as a router for subnet
> 2001:470:xx07:9ea::/64, please add subnet-router anycast address.
> This is mandatory in RFC:
>=20
>  +ifconfig_em0_ipv6_alias0=3D"inet6 2001:470:xx07:9ea::/64 anycast"
>=20
> I think HE's endpoint is properly configured.  You can ping6 to
> 2001:470:xx06:9ea:: from 2001:470:xx07:9ea:1::1.

I added in the anycast just now.

Before:

$ ifconfig re0
re0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu =
1500
	=
options=3D8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGI=
C,LINKSTATE>
	ether e0:cb:4e:24:f0:ff
	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
	inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2=20
	inet6 2001:470:xx07:9ea:1::1 prefixlen 64=20
	nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex,master>)
	status: active

# ifconfig re0 inet6 2001:470:xx07:9ea::/64 anycast alias

After:

$ ifconfig re0
re0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu =
1500
	=
options=3D8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGI=
C,LINKSTATE>
	ether e0:cb:4e:42:f0:ff
	inet 10.0.0.1 netmask 0xffffff00 broadcast 10.0.0.255
	inet6 fe80::e2cb:4eff:fe42:f0ff%re0 prefixlen 64 scopeid 0x2=20
	inet6 2001:470:xx07:9ea:1::1 prefixlen 64=20
	inet6 2001:470:xx07:9ea:: prefixlen 64 anycast=20
	nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
	media: Ethernet autoselect (1000baseT <full-duplex,master>)
	status: active


Then I manually configured my Macbook to have:

Router: 2001:470:xx07:9ea:1::1

IPv6 Address:  2001:470:xx07:9ea:1::1111

Prefix length: 64



$ ifconfig gif0
gif0: flags=3D8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1480
	tunnel inet 96.245.xx.yy --> 209.51.161.14
	inet6 fe80::21b:21ff:fe51:ab2d%gif0 prefixlen 64 scopeid 0xd=20
	inet6 2001:470:xx06:9ea::2 --> 2001:470:xx06:9ea::1 prefixlen =
128=20
	nd6 options=3D21<PERFORMNUD,AUTO_LINKLOCAL>
	options=3D1<ACCEPT_REV_ETHIP_VER>


Let=1B$B!G=1B(Bs see how this goes.

--Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iKYEARECAGYFAlQR4MlfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3Bl
bnBncC5maWZ0aGhvcnNlbWFuLm5ldDA3REZBQjJGRUQ3NEE5QkE0NTNGOUJCNzBB
MEIxNzE0Q0ZGQjlEM0MACgkQCgsXFM/7nTyHaACg9HINSdC4pzkuRjCfR7E3OM4t
nuIAnAvzJJvZS+KP6NVpKd5vjWxoZpt5
=omYV
-----END PGP SIGNATURE-----

--Apple-Mail=_FCF60D1E-2926-473B-9FC6-86C250078C0D--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?94C9C202-EFEC-4689-A5CF-B3E6FE20F4CC>