freebsd stable - Aug 2012 - IPv6 default route. Can't see the wood for the trees.

I'm sure this is a FAQ, but I've been staring at it too long to spot the
obvious.

BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN. 
IP4 works.

IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box.

However, while LAN clients (XP, OSX) manage to acquire addresses with 
the right prefix, the autoconfigured default route is a link-local 
address. Some bits of the internet think that's ok. Other bits don't.

Trying to ping6/traceroute6 out to (say) Google works on the BSD box, 
but not on the clients.

Do I need to be running a routing daemon, or is there some ip6 
handwaving I'm missing?

rc.conf:

(I'm not convinced that obfuscating the addresses is worth the confusion)

ipv6_gateway_enable="YES"
ip6addrctl_verbose="YES"
rtadvd_enable="YES"
rtadvd_interfaces="rl0"
ipv6_cpe_wanif="pcn0"
ipv6_defaultrouter="2001:470:1f0a:b5a::1"
gif_interfaces="gif0"
gifconfig_gif0="192.168.1.100 216.66.80.30"
ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1 
prefixlen 128"
ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64"
ifconfig_rl0_ipv6="inet6  2001:470:1f0b:b5a::3 prefixlen 64
-accept_rtadv"

-- 
JH-R

On 2012-08-27 18:49, John Hawkes-Reed wrote:
> I'm sure this is a FAQ, but I've been staring at it too long to
spot the
> obvious.
> rtadvd_interfaces="rl0"
Show also /etc/rtadvd.conf. Here's mine:

kronstadt ~# cat /etc/rtadvd.conf
vr0::rdnss="2001:470:600d:dead::1":dnssl="misaki.pl":addr="2001:470:600d:dead::":
vr2::rdnss="2001:470:600d:cafe::1":dnssl="misaki.pl":addr="2001:470:600d:cafe::":

Show also ifconfig for rl0, which should be the local interface.

On 08/27/12 18:49, John Hawkes-Reed wrote:
> BSD-box (9.1-PRE) is acting as default router/NAT gateway for local LAN.
> IP4 works.
>
> IP6 rig, per the setup on tunnelbroker.net, appears to work on the BSD box.
>
> However, while LAN clients (XP, OSX) manage to acquire addresses with
> the right prefix, the autoconfigured default route is a link-local
> address. Some bits of the internet think that's ok. Other bits
don't.
Bits of the internet does not see anything about whether your default 
gateway is link-local or not and do not care.

The default gateway on the box that I'm writing this from is link-local 
and IPv6 works quite nicely.
> Trying to ping6/traceroute6 out to (say) Google works on the BSD box,
> but not on the clients.
>
> Do I need to be running a routing daemon, or is there some ip6
> handwaving I'm missing?
If you are running pf or another firewall, you should have rules that 
allow traffic to pass through.
> rc.conf:
>
> (I'm not convinced that obfuscating the addresses is worth the
confusion)
>
> ipv6_gateway_enable="YES"
> ip6addrctl_verbose="YES"
> rtadvd_enable="YES"
> rtadvd_interfaces="rl0"
> ipv6_cpe_wanif="pcn0"
> ipv6_defaultrouter="2001:470:1f0a:b5a::1"
> gif_interfaces="gif0"
> gifconfig_gif0="192.168.1.100 216.66.80.30"
> ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2 2001:470:1f0a:b5a::1
> prefixlen 128"
> ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4 prefixlen 64"
> ifconfig_rl0_ipv6="inet6  2001:470:1f0b:b5a::3 prefixlen 64
-accept_rtadv"
It looks like you are trying to use the /64 used for your tunnel on the 
inside network. That's probably what causes the problem.

You should use the "Routed /64" on the inside. If you need more than
one
/64, you can request a /48.

I'm not exactly sure what ipv6_cpe_wanif does, but I have never needed 
it and I run a setup similar to what you describe.

-- 
Christian Laursen

> On 8/27/2012 12:27 PM, Christian Laursen wrote:
>> On 08/27/12 21:03, John Hawkes-Reed wrote:
>>> On 27/08/2012 19:06, Christian Laursen wrote:
>>>> On 08/27/12 18:49, John Hawkes-Reed wrote:
>>>>> rc.conf:
>>>>>
>>>>> (I'm not convinced that obfuscating the addresses is
worth the
>>>>> confusion)
>>>>>
>>>>> ipv6_gateway_enable="YES"
>>>>> ip6addrctl_verbose="YES"
>>>>> rtadvd_enable="YES"
>>>>> rtadvd_interfaces="rl0"
>>>>> ipv6_cpe_wanif="pcn0"
>>>>> ipv6_defaultrouter="2001:470:1f0a:b5a::1"
>>>>> gif_interfaces="gif0"
>>>>> gifconfig_gif0="192.168.1.100 216.66.80.30"
>>>>> ifconfig_gif0_ipv6="inet6 2001:470:1f0a:b5a::2
2001:470:1f0a:b5a::1
>>>>> prefixlen 128"
>>>>> ifconfig_pcn0_ipv6="inet6 2001:470:1f0b:b5a::4
prefixlen 64"
>>>>> ifconfig_rl0_ipv6="inet6  2001:470:1f0b:b5a::3
prefixlen 64
>>>>> -accept_rtadv"
>>>>
>>>> It looks like you are trying to use the /64 used for your
tunnel on the
>>>> inside network. That's probably what causes the problem.
>>>>
>>>> You should use the "Routed /64" on the inside. If you
need more than one
>>>> /64, you can request a /48.
>>>
>>> I think I am. The endpoints are ...:1f0A: and the /64 is ...:1f0B:
>>
>> Sorry, my bad.
>>
>> Are pcn0 and rl0 both connected to internal networks?
>>
>> Having the same /64 configured on both is probably bad.
>
> Why would it be?
>
>
> --
You can't have the exact same prefix on two different interfaces,
there's no way to decide where to route traffic going to that prefix
if there's two equal routes in the routing table.

-Kimmo