Solved How to set IPv6 Gateway

[mahescho]

Hi,

on my Linux setup the IPv6 default gateway is set by

ip -6 route add default via xx:xx:xx::xx dev ens3

where xx:xx:xx::xx is the IPv6 address of the system itself.

Setting the gateway on FreeBSD by getting the FE80 addres by

ping6 ff02::2%vtnet0

is no option as it is a moving target at my hosters site.

How to set the default gateway?

TIA

 

[gkontos]

ipv6_defaultrouter="xx:xx:xx::xx"

 

[mahescho]

Ok, thanks, and directly on command line? Every thing I've tried didn't work.

 

[SirDice]

Ok, thanks, and directly on command line?

route -6 add default xx:xx:xx:xx:xx:xx

See route(8).

no option as it is a moving target at my hosters site.

Don't you get a proper address and route through SLAAC or DHCPv6?

 

[mahescho]

Tried this bevor and right now again:

route -6 add default xx:xx:xx:xx:xx:xx

does not work.

route -6 add default xx:xx:xx:xx:xx:xx%vtnet0

does not work also.

Don't you get a proper address and route through SLAAC or DHCPv6?

AFAIK, no, I've allays had to set it manually. I've asked support for this right now ...

 

[SirDice]

"Does not work" doesn't tell us anything. What doesn't work? Does the command give an error message? Is the route being set but doesn't function?

 

[mahescho]

"Does not work" doesn't tell us anything. What doesn't work? Does the command give an error message? Is the route being set but doesn't function?

I can set the route, no message, as usual when a command succeeded. Afterwards: No IPv6 connectivity. The only way I can get IPv6 connectivity is to check for the current router by ping6 ff02::2%vtnet0 and then set the default gateway I've found by route -6 add default xx:xx:xx:xx:xx:xx%vtnet0 where xx:xx:xx:xx:xx:xx is the FE80 address of the router determined by ping6 ff02::2%vtnet0.

BTW: I think they do not use SLAAC or DHCPv6 as I get one /48 prefix for all my hosts and the hosts are located in different network segments so SLAAC or DHCPv6 can not work for one private prefix.

 

[SirDice]

Try this if you're having trouble getting the correct gateway address: route -6 add default -iface vtnet0
Or for rc.conf:

ipv6_defaultrouter="-iface vtnet0"

 

[mahescho]

With route -6 add default -iface vtnet0 I get:

#ping6 google.de
PING6(56=40+8+8 bytes) xx:xx:xx:xx:1::1 --> 2a00:1450:4001:824::2003
ping6: sendmsg: No buffer space available
ping6: wrote google.de 16 chars, ret=-1
ping6: sendmsg: No buffer space available
ping6: wrote google.de 16 chars, ret=-1
ping6: sendmsg: No buffer space available
ping6: wrote google.de 16 chars, ret=-1
^C
--- google.de ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

 

[SirDice]

Yeah, it depends a bit on the network if that would work or not. It solved a similar issue for me in the past, so it was worth a try.

Have you asked the ISP which address you should use? The ff02::2 address would return all routers on that network segment. They may just be routing traffic to other customers. Which means you can't use them to route to the outside world (you would be routing your outgoing traffic to another customer's IPv6 network).

 

[mahescho]

I had a closer look at my Linux system and found some thing I've overseen so far. ifconfig shows the address AAAA:BBBB:CCCCDDD::1

When I use netstat -in -6 on the Linux system I get some thing like:

Kernel-IPv6-Routentabelle
Destination                    Next Hop                   Flag Met Ref Use If
AAAA:BBBB:CCCC::1/128          ::                         U    1024 1     1 ens3
AAAA:BBBB:CCCC:DDDD::/64       ::                         U    256 0     0 ens3
fe80::/64                      ::                         U    256 0     0 ens3
::/0                           2a00:12c0:1015::1          UG   1024 2229101 ens3
::/0                           ::                         !n   -1  1236319 lo
::1/128                        ::                         Un   0   3139665 lo
AAAA:BBBB:CCCC:DDDD::1/128     ::                         Un   0   3310871 lo
fe80::2f1:70ff:fe00:ce60/128   ::                         Un   0   3456566 lo
ff00::/8                       ::                         U    256 21236935 ens3
::/0                           ::                         !n   -1  1236319 lo

What is actually done to get IPv6 up is:

ip addr add AAAA:BBBB:CCCC:DDDD::1/64 dev ens3
ip -6 route add AAAA:BBBB:CCCC::1 dev ens3
ip -6 route add default via AAAA:BBBB:CCCC::1 dev ens3

A bit more information and most important more correct than I initially wrote. Perhaps this contains the missing information which helps to solve this.

I've tried to replicate this and tried to add the routes with:

# route add -inet6 AAAA:BBBB:CCCC::1%vtnet0
route: AAAA:BBBB:CCCC::1%vtnet0: hostname nor servname provided, or not known
# route add -inet6 default AAAA:BBBB:CCCC::1%vtnet0
route: AAAA:BBBB:CCCC::1%vtnet0: hostname nor servname provided, or not known

 

[SirDice]

If I try to translate that to a FreeBSD config you'd get something like this:

ifconfig_vtnet0="AAAA:BBBB:CCCC:DDDD::1 prefixlen 64"            # ip addr add AAAA:BBBB:CCCC:DDDD::1/64 dev ens3
ipv6_static_routes="isp1" 
ipv6_route_isp1="AAAA:BBBB:CCCC::1 -iface vtnet0"                # ip -6 route add AAAA:BBBB:CCCC::1 dev ens3
ipv6_defaultrouter="AAAA:BBBB:CCCC::1"                           # ip -6 route add default via AAAA:BBBB:CCCC::1 dev ens3

From the top of my head (I'm not able to test this obviously) this should do the same thing.

 

[mahescho]

Now I've tried the following, without success:

route add -inet6 AAAA:BBBB:CCCC::1 -iface vtnet0
route add -inet6 default AAAA:BBBB:CCCC::1

Now the output of netstat -rn -6 look very similar to the output on Linux.

 

[SirDice]

Haven't seen it mentioned but make sure your firewall rules are correct for IPv6 too.

I think it's time to start looking with tcpdump(1) and see what happens if you try to ping the AAAA:BBBB:CCCC::1 address with the current configuration. You should be able to see a bunch of ICMPv6 NDP messages (IPv6's equivalent of IPv4 ARP). Or perhaps you can see why it isn't working.

 

[mahescho]

Lets try an other approach first. When I use the FE80 setup and traceroute to a destination I get:

traceroute6 -n google.de
traceroute6 to google.de (2a00:1450:4001:824::2003) from AAAA:BBBB:CCCC:159:1::1, 64 hops max, 12 byte packets
 1  AAAA:BBBB:CCCC:200::1  1.334 ms  0.681 ms  0.562 ms
 2  AAAA:BBBB:CCCC::3  1.598 ms  1.431 ms  1.476 ms
 3  2001:2000:3080:d08::1  0.701 ms  0.775 ms  0.701 ms
 4  2001:2000:3080:1340::2  1.411 ms  1.099 ms
    2001:2000:3080:107c::2  1.192 ms
 5  2a00:1450:8000:223::1:1  1.184 ms  1.107 ms  1.165 ms
 6  2a00:1450:4001:824::2003  1.011 ms
    2001:4860:0:1::1952  1.453 ms
    2001:4860:0:1::692  2.209 ms

I've found this thread: https://lists.freebsd.org/pipermail/freebsd-net/2017-May/047955.html - perhaps I can get this rolling by using different netmasks ... what do you think?

 

[mahescho]

Got it working ... like this:

ifconfig_vtnet0_ipv6="inet6 AAAA:BBBB:CCCC:159:1::1 prefixlen 48"
ifconfig_vtnet0_ipv6_alias0="inet6 AAAA:BBBB:CCCC:159:2::1 prefixlen 48"
ipv6_route_isp1="AAAA:BBBB:CCCC::1 -iface vtnet0"
ipv6_defaultrouter="AAAA:BBBB:CCCC::1"

Most interesting:

https://lists.freebsd.org/pipermail/freebsd-net/2017-May/047957.html

FreeBSD's IPv6 NDP implementation can not find GWs layer 2 address,
since its IPv6 address is not considered as neighbor. You need to
configure IPv6 address on the vtnet0 interface from the same prefix as
GWs address. Or use link-local addresses.

SirDice: Thanks for pushing me in the right direction