Native IPv6 and a tunnel broker together

M

mumu

Hi, My VPS hands out a /128 single IPv6 address from an on-link /64 but I need more. Adding a tunnel broker means having 2 default gateways, but is this doable ?
 
There can be only one default gateway per routing table.
 
You are right. So I've compiled the kernel with options ROUTETABLES=5 and added 'net.fibs=5' to /boot/loader.conf and rebooted.
When using setfib, ping still reports no route to host. This is on a FreeBSD 14.1-RELEASE box..

Code: 
[root@vpn ~]# setfib 1 route -6n add default 2001:470:35:f00::1
add net default: gateway 2001:470:35:f00::1 fib 1: Invalid argument <-- this is odd, see below..
[root@vpn ~]# setfib 1 route -6n add default -iface gif0      
add net default: gateway gif0 fib 1
root@vpn ~]# setfib 1 ping6 2001:470:35:f00::1              
PING(56=40+8+8 bytes) 2001:470:35:f00::2 --> 2001:470:35:f00::1
ping6: sendmsg: No route to host
ping: wrote 2001:470:35:f00::1 16 chars, ret=-1
ping6: sendmsg: No route to host
ping: wrote 2001:470:35:f00::1 16 chars, ret=-1
ping6: sendmsg: No route to host
ping: wrote 2001:470:35:f00::1 16 chars, ret=-1
^C
--- 2001:470:35:f00::1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
[root@vpn ~]#

FIB 0,1 default routes:
Code: 
[root@vpn ~]# setfib 0 route -6n del default          
del net default fib 0
[root@vpn ~]# setfib 0 route -6n add default 2001:dee:aa10:cc01::1 <-- OK
add net default: gateway 2001:dee:aa10:cc01::1 fib 0
[root@vpn ~]# setfib 1 route -6n del default                    
del net default fib 1
[root@vpn ~]# setfib 1 route -6n add default 2001:470:35:f00::1
add net default: gateway 2001:470:35:f00::1 fib 1: Invalid argument <-- Not OK
[root@vpn ~]# setfib 1 route -6n add default -iface gif0 <-- Hmm, OK      
add net default: gateway gif0 fib 1
[root@vpn ~]#

gif0:
Code: 
[root@vpn ~]# setfib 1 ifconfig gif0
gif0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1480
        options=80000<LINKSTATE>
        tunnel inet 103.xxx.xxx.x4 --> 216.218.xxx.xx
        inet6 2001:470:35:f00::2 --> 2001:470:35:f00::1 prefixlen 128
        inet6 fe80::00bb:ffce:9999:dddd%gif0 prefixlen 64 scopeid 0x5
        inet6 2001:470:abba::1 prefixlen 48
        groups: gif
        tunnelfib: 1
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[root@vpn ~]#

netstat:
Code: 
[root@vpn ~]# setfib 1 netstat -rn6
Routing tables (fib: 1)


Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             link#2                        URS         lo0
default                           link#5                        US         gif0
::1                               link#2                        UHS         lo0
::ffff:0.0.0.0/96                 link#2                        URS         lo0
2001:470:abba::/48                link#5                        US         gif0
fe80::%lo0/10                     link#2                        URS         lo0
ff02::/16                         link#2                        URS         lo0
[root@vpn ~]#

I might be missing something..but I'll keep trying..
 
Update: Got a little further, but something is odd..

fib 1 netstat:
Code: 
[root@vpn ~]# setfib 1 netstat -rn6 | grep -Ev 'fe80|ff02'                                                                                                              
Routing tables (fib: 1)                                                                                                                                                
                                                                                                                                                                       
Internet6:                                                                                                                                                              
Destination                       Gateway                       Flags     Netif Expire                                                                                  
::/96                             link#2                        URS         lo0                                                                                        
default                           2001:470:35:f00::1            UGS        gif0 <-- Default route set, great
::1                               link#2                        UHS         lo0                                                          
::ffff:0.0.0.0/96                 link#2                        URS         lo0
2001:470:35:f00::1                link#3                        UH         gif0
2001:470:35:f00::2                link#2                        UHS         lo0
2001:470:36:f00::/64              link#3                        U          gif0
2001:470:36:f00::1                link#2                        UHS         lo0
2001:470:abba::/48                link#3                        U          gif0
2001:470:abba::1                  link#2                        UHS         lo0
[root@vpn ~]#

Now the odd part..
Code: 
[root@vpn ~]# ping -I gif0 www.quad9.net                  
PING(56=40+8+8 bytes) 2001:470:35:f00::2 --> 2620:0:871:9000::77 <-- good
16 bytes from 2620:0:871:9000::77, icmp_seq=0 hlim=52 time=242.836 ms
16 bytes from 2620:0:871:9000::77, icmp_seq=1 hlim=52 time=242.827 ms
16 bytes from 2620:0:871:9000::77, icmp_seq=2 hlim=52 time=242.780 ms
^C
--- www.quad9.net ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 242.780/242.814/242.836/0.025 ms

[root@vpn ~]# setfib 1 ping -I gif0 www.quad9.net
PING(56=40+8+8 bytes) 2001:470:35:f00::2 --> 2620:0:871:9000::77 <-- odd ?
ping: sendmsg: No route to host
ping: wrote www.quad9.net 16 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote www.quad9.net 16 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote www.quad9.net 16 chars, ret=-1
^C
--- www.quad9.net ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
[root@vpn ~]#

My /etc/rc.conf.local and gif interface output:
Code: 
#
# Hurricane Electric IPv6 Tunnel Broker
#
cloned_interfaces="gif0"
create_args_gif0="tunnel 10x.xxx.xxx.x4 216.218.xxx.xx mtu 1480 tunnelfib 1"
ifconfig_gif0_ipv6="inet6 2001:470:35:f00::2 2001:470:35:f00::1 prefixlen 128 fib 1"
ifconfig_gif0_alias0="inet6 2001:470:abba::1 prefixlen 48 fib 1"
ifconfig_gif0_alias1="inet6 2001:470:36:f00::1 prefixlen 64 fib 1"
ipv6_defaultrouter_fib1="2001:470:35:f00::1"

[root@vpn ~]# ifconfig gif0 | grep -v fe80
gif0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1480
        options=80000<LINKSTATE>
        tunnel inet 10x.xxx.xxx.x4 --> 216.218.xxx.xx
        inet6 2001:470:35:f00::2 --> 2001:470:35:f00::1 prefixlen 128
        inet6 2001:470:abba::1 prefixlen 48
        inet6 2001:470:36:f00::1 prefixlen 64
        groups: gif
        fib: 1
        tunnelfib: 1
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
[root@vpn ~]#

From the netstat output above, there is a default route. What am I missing ?
 
You must log in or register to reply here.
Back
Top