IPv6 problems

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

IPv6 problems

list
Hi,

I have been trying to set up IPv6 on my OpenBSD machine.

It is running on stable branch. 

The interface I am trying to configure IPv6 on is "vio".

My hostname.vio0 looks like this:


dhcp

inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
provider> 64


But I just can't get it to work. It is not reachable at all. I may not
be reached and I can't reach anybody else via IPv6.


I'd appreciate any help.


Thank you for your time.


With kind regards,

Stephan

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Denis Fondras
On Tue, Aug 13, 2019 at 05:25:43PM +0200, list wrote:

> Hi,
>
> I have been trying to set up IPv6 on my OpenBSD machine.
>
> It is running on stable branch. 
>
> The interface I am trying to configure IPv6 on is "vio".
>
> My hostname.vio0 looks like this:
>
>
> dhcp
>
> inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
> provider> 64
>
>
> But I just can't get it to work. It is not reachable at all. I may not
> be reached and I can't reach anybody else via IPv6.
>
>
> I'd appreciate any help.
>

Perhaps you are missing a route ?

>
> Thank you for your time.
>
>
> With kind regards,
>
> Stephan
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Thomas Bohl-3
In reply to this post by list
Hello,

> My hostname.vio0 looks like this:
>
>
> dhcp
>
> inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
> provider> 64
>  

You most likely need to add a route. Add something like this to your
hostname file:
!route add -inet6 default fe80::1%vio0


Just in case you have the same problem. For whatever reason, after a
reboot, I have to do this in order to get IPv6 traffic flowing:
ping6 -c 10 fe80::1%vio0

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Brian Brombacher
You can also add a second line to /etc/mygate if you’re using that.

> On Aug 13, 2019, at 1:11 PM, Thomas Bohl <[hidden email]> wrote:
>
> Hello,
>
>> My hostname.vio0 looks like this:
>> dhcp
>> inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
>> provider> 64
>>
>
> You most likely need to add a route. Add something like this to your hostname file:
> !route add -inet6 default fe80::1%vio0
>
>
> Just in case you have the same problem. For whatever reason, after a reboot, I have to do this in order to get IPv6 traffic flowing:
> ping6 -c 10 fe80::1%vio0
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Jordan Geoghegan
In reply to this post by Thomas Bohl-3

On 8/13/19 10:11 AM, Thomas Bohl wrote:

> Hello,
>
>> My hostname.vio0 looks like this:
>>
>>
>> dhcp
>>
>> inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
>> provider> 64
>>
>
> You most likely need to add a route. Add something like this to your
> hostname file:
> !route add -inet6 default fe80::1%vio0
>
>
> Just in case you have the same problem. For whatever reason, after a
> reboot, I have to do this in order to get IPv6 traffic flowing:
> ping6 -c 10 fe80::1%vio0
>
or just add your gateway to your /etc/mygate file.


Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

list
Hello,

thanks alot for your suggestions! I really appreciate it.

Unluckily that didn't work out.

My hostname.vio0 now looks like this:

        inet6 alias <IP>/64

        !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio0

So with this gateway added I now don't get the "no route to host" when
trying to ping someone else on their IPv6. But I am not getting any
replies.

I somehow don't get any replies. Even with pf turned off. (pfctl -d)

I still cannot ping the issued server. Getting "no route to host" when
trying to ping it.

Which seems logical when i just added a route. Shouldn't change anything
when trying to ping from the outside.

Do you have any futher ideas ?

When doing a "ifconfig vio0" I get:

    vio0: flags=8843 mtu 1500

    lladdr <MAC address>

    index 1 priority 0 llprio 3

    groups: egress

    media: Ethernet autoselect

    status: active

    inet <IPv4 via dhcp> netmask 0xfffffc00 broadcast <IPv4 address>

    inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1

    inet6 <configured IPv6> prefixlen 64

... Hmmm it feels like I am forgetting something.


I'd appreciate any suggestions !


Kind regards,


Stephan

On 8/13/19 10:21 PM, Jordan Geoghegan wrote:

>
> On 8/13/19 10:11 AM, Thomas Bohl wrote:
>> Hello,
>>
>>> My hostname.vio0 looks like this:
>>>
>>>
>>> dhcp
>>>
>>> inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
>>> provider> 64
>>>
>>
>> You most likely need to add a route. Add something like this to your
>> hostname file:
>> !route add -inet6 default fe80::1%vio0
>>
>>
>> Just in case you have the same problem. For whatever reason, after a
>> reboot, I have to do this in order to get IPv6 traffic flowing:
>> ping6 -c 10 fe80::1%vio0
>>
> or just add your gateway to your /etc/mygate file.
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

freda_bundchen
In reply to this post by list
Hi, since your interface is vio0 your virtual service provider might
require a hard restart of your server -- separate from rebooting
from your installed OpenBSD.

I know you disabled pf, but once it's working, I think the rules
you need to add would be something like:

# ip6
#   man icmp6 has the types and descriptions used below
pass log on $ext_if inet6 proto icmp6 \
        to any icmp6-type \
        {133 134 135 136 137} modulate state
# rfc 4890 section 4.3
pass log inet6 proto icmp6 icmp6-type {unreach toobig} modulate state
pass log inet6 proto icmp6 icmp6-type timex code 0 modulate state
pass log inet6 proto icmp6 icmp6-type paramprob code 1 modulate state
pass log inet6 proto icmp6 icmp6-type paramprob code 2 modulate state
pass log inet6 proto icmp6 icmp6-type echoreq modulate state

For the hostname.vio0 file, all I have is
inet6 autoconf autoconfprivacy soii
inet6 alias <my ip6 address here>

You may also want to look at the Book of PF third edition which
mentions other relevant RFCs.


Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

list
Hi,

what do you mean by "a hard restart" ?

There is nothing else i can do apart from restarting my OpenBSD Box..

I think I am misunderstanding you right there.


Stephan

On 8/14/19 9:17 PM, [hidden email] wrote:

> Hi, since your interface is vio0 your virtual service provider might
> require a hard restart of your server -- separate from rebooting
> from your installed OpenBSD.
>
> I know you disabled pf, but once it's working, I think the rules
> you need to add would be something like:
>
> # ip6
> #   man icmp6 has the types and descriptions used below
> pass log on $ext_if inet6 proto icmp6 \
>         to any icmp6-type \
>         {133 134 135 136 137} modulate state
> # rfc 4890 section 4.3
> pass log inet6 proto icmp6 icmp6-type {unreach toobig} modulate state
> pass log inet6 proto icmp6 icmp6-type timex code 0 modulate state
> pass log inet6 proto icmp6 icmp6-type paramprob code 1 modulate state
> pass log inet6 proto icmp6 icmp6-type paramprob code 2 modulate state
> pass log inet6 proto icmp6 icmp6-type echoreq modulate state
>
> For the hostname.vio0 file, all I have is
> inet6 autoconf autoconfprivacy soii
> inet6 alias <my ip6 address here>
>
> You may also want to look at the Book of PF third edition which
> mentions other relevant RFCs.
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Denis Fondras
In reply to this post by list
On Wed, Aug 14, 2019 at 08:36:45PM +0200, list wrote:

> Hello,
>
> thanks alot for your suggestions! I really appreciate it.
>
> Unluckily that didn't work out.
>
> My hostname.vio0 now looks like this:
>
>         inet6 alias <IP>/64
>
>         !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio0
>

Why this LL IP as the gateway ?
I guess this would work better if it was an IP not on your own machine.

>
> So with this gateway added I now don't get the "no route to host" when
> trying to ping someone else on their IPv6. But I am not getting any
> replies.
>
> I somehow don't get any replies. Even with pf turned off. (pfctl -d)
>
> I still cannot ping the issued server. Getting "no route to host" when
> trying to ping it.
>
> Which seems logical when i just added a route. Shouldn't change anything
> when trying to ping from the outside.
>
> Do you have any futher ideas ?
>
> When doing a "ifconfig vio0" I get:
>
>     vio0: flags=8843 mtu 1500
>
>     lladdr <MAC address>
>
>     index 1 priority 0 llprio 3
>
>     groups: egress
>
>     media: Ethernet autoselect
>
>     status: active
>
>     inet <IPv4 via dhcp> netmask 0xfffffc00 broadcast <IPv4 address>
>
>     inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1
>
>     inet6 <configured IPv6> prefixlen 64
>
> .. Hmmm it feels like I am forgetting something.
>
>
> I'd appreciate any suggestions !
>
>
> Kind regards,
>
>
> Stephan
>
> On 8/13/19 10:21 PM, Jordan Geoghegan wrote:
> >
> > On 8/13/19 10:11 AM, Thomas Bohl wrote:
> >> Hello,
> >>
> >>> My hostname.vio0 looks like this:
> >>>
> >>>
> >>> dhcp
> >>>
> >>> inet6 alias <my chosen ipv6 based on the offered /64 of my hosting
> >>> provider> 64
> >>>
> >>
> >> You most likely need to add a route. Add something like this to your
> >> hostname file:
> >> !route add -inet6 default fe80::1%vio0
> >>
> >>
> >> Just in case you have the same problem. For whatever reason, after a
> >> reboot, I have to do this in order to get IPv6 traffic flowing:
> >> ping6 -c 10 fe80::1%vio0
> >>
> > or just add your gateway to your /etc/mygate file.
> >
> >
> >
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

freda_bundchen
In reply to this post by list
Hi, I just thought since the interface was vio that you're running in a virtual
environment. Providers like Vultr say "Important Note: If you add an IPv6
subnet to an existing machine, you must restart the server via the Vultr
control panel before IPv6 will work. Restarting via SSH or similar is not
sufficient. IPv6 would not work at all until the server has been restarted."

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

gwes-2
In reply to this post by list


On 8/14/19 2:36 PM, list wrote:

> My hostname.vio0 now looks like this:
>
>          inet6 alias <IP>/64
>          !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio
> When doing a "ifconfig vio0" I get:
>
>      vio0: flags=8843 mtu 1500
>
> [...]
>      inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1
>      inet6 <configured IPv6> prefixlen 64
Take the "alias" out of your inet6 line in your hostname.vio0

Since your interface is vio0 I am assuming you are running a
guest VM on a server. I am also assuming that ip4 traffic is passing.

Your VM server should be sending you Route Advertisement messages.
You shouldn't have to set any route yourself. Doing so will confuse
things mightily.

Can you ping your own ipv6 address? If not something is really strange.

If you say
# tcpdump -ni -s 1500 icmp6

You should eventually see (lines wrapped)

13:17:46.508540 fe80::669e:f3ff:feec:fc7f > ff02::1:
       icmp6: router advertisement [class 0xe0]
Along with

13:17:19.309191 your_gateway_ip6 > 2xxx0::1:
       icmp6: neighbor sol: who has 2xxx0::1
13:17:19.311828 2xxx0::1 > 2xxx0::2:
       icmp6: neighbor adv: tgt is 2xxx0::1 [class 0xe0]

  It may take up to 20 minutes to see these messages.

If you never see any route advertisements your server isn't configured
to give you inet6 service.

Who are you trying to ping? Someone on your /64 or someone outside?
You must see neighbor solicitation msgs if you try to ping someone
on your /64. You must see them for your gateway if you try to ping
someone outside. Keep the tcpdump running and do the pings from
another virtual terminal.

If you say
# ndp -a

You should see

Neighbor                             Linklayer Address   Netif Expire   
S Flags
your_gateway                         64:9e:f3:ec:fc:7f    vio0 4s        D R
your_hostname                        52:54:00:27:22:43    vio0 permanent R l
fe80::669e:f3ff:feec:fc7f%vio0       64:9e:f3:ec:fc:7f    vio0 23h58m18s S R
fe80::bd8b:afb3:be72:bd06%vio0       52:54:00:27:22:43    vio0 permanent R l

If you say
# netstat -s
Among a ***lot*** of other statistics you should see something like
ip6:
         1312572 total packets received <<<
         907754 packets for this host <<<
         1107139 packets sent from this host <<<
.....
icmp6:
         640 calls to icmp6_error
         Output packet histogram:
                 unreach: 640
                 echo reply: 1328
                 multicast listener report: 6
                 neighbor solicitation: 137965
                 neighbor advertisement: 137761
....
         Input packet histogram:
                 echo: 1328
                 router advertisement: 56998 <<<<
                 neighbor solicitation: 137770 <<<<
                 neighbor advertisement: 137956 <<<<

.....

The netstat -s output should show nonzero in the marked lines.

If you CAN ping hosts on your /64 and you CAN'T ping anyone else
if you CAN ping your gateway as a last resort set your default
ipv6 route via that host.

If things still don't work, excerpts of netstat -s
and the output from ndp -an and tcpdump -ni icmp6 should be informative.

geoff steckel


Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

gwes-2
In reply to this post by freda_bundchen
On 8/14/19 4:45 PM, [hidden email] wrote:
> Hi, I just thought since the interface was vio that you're running in a virtual
> environment. Providers like Vultr say "Important Note: If you add an IPv6
> subnet to an existing machine, you must restart the server via the Vultr
> control panel before IPv6 will work. Restarting via SSH or similar is not
> sufficient. IPv6 would not work at all until the server has been restarted."
>
If the provider says anything like this and the VM hasn't been hard reset
via the VM host all bets are off

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

list
In reply to this post by gwes-2
Hey,

thanks for the answers,

so ..

I firstly got rid of the alias and the manual routes.

1.) "Can you ping your own IPv6 address ?"

Yes i can. Works as expected.

2.) "tcpdump -ni vio0 -s 1500 icmp6"

results in alot of "neigbor sol".

3.) "Who are you trying to ping?"

I have a /64 for myself so I tried to ping google.com for example.

4.) "You must see them for your gateway"

This i do not. When trying to ping google I see the echo requests for
the IPv6 of google but not for my gateway. I haven't configured a
gateway for IPv6 at all. That could be the problem ? Do I have to do that ?

5.) "ndp -a"

I am missing the entry for my gateway completely.

6.) "netstat -s"

Looks fine. No zeros.

So I guess it has to do with my gateway that I haven't configured
anywhere to act as one.

When trying to add the gateway (which i learnt from looking at the
tcpdump output) manually i get "network is unreachable".

Hmm... 

Can you pull anything from that ?


Regards,

Stephan

On 8/14/19 11:05 PM, gwes wrote:

>
>
> On 8/14/19 2:36 PM, list wrote:
>> My hostname.vio0 now looks like this:
>>
>>          inet6 alias <IP>/64
>>          !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio
>> When doing a "ifconfig vio0" I get:
>>
>>      vio0: flags=8843 mtu 1500
>>
>> [...]
>>      inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1
>>      inet6 <configured IPv6> prefixlen 64
> Take the "alias" out of your inet6 line in your hostname.vio0
>
> Since your interface is vio0 I am assuming you are running a
> guest VM on a server. I am also assuming that ip4 traffic is passing.
>
> Your VM server should be sending you Route Advertisement messages.
> You shouldn't have to set any route yourself. Doing so will confuse
> things mightily.
>
> Can you ping your own ipv6 address? If not something is really strange.
>
> If you say
> # tcpdump -ni -s 1500 icmp6
>
> You should eventually see (lines wrapped)
>
> 13:17:46.508540 fe80::669e:f3ff:feec:fc7f > ff02::1:
>       icmp6: router advertisement [class 0xe0]
> Along with
>
> 13:17:19.309191 your_gateway_ip6 > 2xxx0::1:
>       icmp6: neighbor sol: who has 2xxx0::1
> 13:17:19.311828 2xxx0::1 > 2xxx0::2:
>       icmp6: neighbor adv: tgt is 2xxx0::1 [class 0xe0]
>
>  It may take up to 20 minutes to see these messages.
>
> If you never see any route advertisements your server isn't configured
> to give you inet6 service.
>
> Who are you trying to ping? Someone on your /64 or someone outside?
> You must see neighbor solicitation msgs if you try to ping someone
> on your /64. You must see them for your gateway if you try to ping
> someone outside. Keep the tcpdump running and do the pings from
> another virtual terminal.
>
> If you say
> # ndp -a
>
> You should see
>
> Neighbor                             Linklayer Address   Netif
> Expire    S Flags
> your_gateway                         64:9e:f3:ec:fc:7f    vio0
> 4s        D R
> your_hostname                        52:54:00:27:22:43    vio0
> permanent R l
> fe80::669e:f3ff:feec:fc7f%vio0       64:9e:f3:ec:fc:7f    vio0
> 23h58m18s S R
> fe80::bd8b:afb3:be72:bd06%vio0       52:54:00:27:22:43    vio0
> permanent R l
>
> If you say
> # netstat -s
> Among a ***lot*** of other statistics you should see something like
> ip6:
>         1312572 total packets received <<<
>         907754 packets for this host <<<
>         1107139 packets sent from this host <<<
> .....
> icmp6:
>         640 calls to icmp6_error
>         Output packet histogram:
>                 unreach: 640
>                 echo reply: 1328
>                 multicast listener report: 6
>                 neighbor solicitation: 137965
>                 neighbor advertisement: 137761
> ....
>         Input packet histogram:
>                 echo: 1328
>                 router advertisement: 56998 <<<<
>                 neighbor solicitation: 137770 <<<<
>                 neighbor advertisement: 137956 <<<<
>
> .....
>
> The netstat -s output should show nonzero in the marked lines.
>
> If you CAN ping hosts on your /64 and you CAN'T ping anyone else
> if you CAN ping your gateway as a last resort set your default
> ipv6 route via that host.
>
> If things still don't work, excerpts of netstat -s
> and the output from ndp -an and tcpdump -ni icmp6 should be informative.
>
> geoff steckel
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

list
In reply to this post by gwes-2
Hi,

EDIT:

I have taken a look at the website of my hosting provider.

My IPv6 gateway would be fe80::1.

When trying to add the route manually i get "network unreachable".

Which leaves me puzzeled. 

Stephan

On 8/14/19 11:08 PM, gwes wrote:

> On 8/14/19 4:45 PM, [hidden email] wrote:
>> Hi, I just thought since the interface was vio that you're running in
>> a virtual
>> environment. Providers like Vultr say "Important Note: If you add an
>> IPv6
>> subnet to an existing machine, you must restart the server via the Vultr
>> control panel before IPv6 will work. Restarting via SSH or similar is
>> not
>> sufficient. IPv6 would not work at all until the server has been
>> restarted."
>>
> If the provider says anything like this and the VM hasn't been hard reset
> via the VM host all bets are off
>
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Denis Fondras
On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote:

> Hi,
>
> EDIT:
>
> I have taken a look at the website of my hosting provider.
>
> My IPv6 gateway would be fe80::1.
>
> When trying to add the route manually i get "network unreachable".
>

Did you specify the output interface ? With LL addresses, you need to specify it.

route add -inet6 default fe80::1%vio0

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

Thomas Bohl-3
In reply to this post by list
> I have taken a look at the website of my hosting provider.
>
> My IPv6 gateway would be fe80::1.
>
> When trying to add the route manually i get "network unreachable".

https://marc.info/?l=openbsd-misc&m=156572276103920&w=2

SCNR

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

list
In reply to this post by Denis Fondras
Hi,

i did specify it correctly now and the entry in my routing table is made.

However that doesn't change my situation. I've restarted my VM over the
official Webinterface but still...

When trying to ping the gateway on fe80::1 I don't get any icmp
echoreplies.

When asking the provider I am given a link to the wiki and that this
isn't their responsibility.

What is the behavior of pf when disabled ? Is there some kind of default
blocking rule that is still active ?

I have no idea what to do.


With kind regards,

Stephan

On 8/15/19 7:03 PM, Denis Fondras wrote:

> On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote:
>> Hi,
>>
>> EDIT:
>>
>> I have taken a look at the website of my hosting provider.
>>
>> My IPv6 gateway would be fe80::1.
>>
>> When trying to add the route manually i get "network unreachable".
>>
> Did you specify the output interface ? With LL addresses, you need to specify it.
>
> route add -inet6 default fe80::1%vio0
>
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

freda_bundchen
In reply to this post by list
> From:       list <list () md5collisions ! eu>
> I've restarted my VM over the official
> Webinterface but still...

> When trying to ping the gateway on fe80::1 I don't get any icmp
> echoreplies.

> What is the behavior of pf when disabled ? Is there some kind of
> default blocking rule that is still active ?

Have you tried /etc/hostname.vio0 with
inet6 autoconf autoconfprivacy soii
inet6 <your ip6 address here>

instead of specifying a LL route?

Just in case, you could try /etc/pf.conf with only

pass log all

instead of disabling pf.

Is the installion of OpenBSD provider by your VPS, or do they let
you use a custom ISO? Maybe a trial installation using a differnt
VPS but a similar configuration would indicate it's a problem with
the VPS.

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

list
Hi,

my /etc/hostname looks exactly like you proposed:

inet6 autoconf autoconfprivacy soii
inet6 <my IP6>

when i enter the default IPv6 gateway manually. I can ping stuff but don't get a reply.
When I don't: "No route to host"

PF is not the problem. Same results when loading pf rules that look like this:
"pass log all"

The ISO was uploaded by me.

There is one thing that has me wondering.

When looking at the output of tcpdump.
In your example you told me that the host on the right site of a neighbor sol is always the router/gateway..
But when I look at the output of that i see two different addresses who are NOT fe80::1.

These IPs both follow this schema "fe80:something".

When I take a closer look and run tcpdump while pinging I see the following output:
(With route to fe80::1%vio added and the normal hostname.vio0)

11:40:36.446539 fe80::<MY LL> > ff02::1:ff00:1: icmp6: neighbor sol: who has fe80::1

This line is being repeated over and over again. I left out all the other traffic that is not related to my /64.

Hm...
Any ideas ?

I've got a feeling that somethings wrong with that fe80::1 address...

Stephan

On 8/18/19 1:33 AM, [hidden email] wrote:

>> From:       list <list () md5collisions ! eu>
>> I've restarted my VM over the official
>> Webinterface but still...
>> When trying to ping the gateway on fe80::1 I don't get any icmp
>> echoreplies.
>> What is the behavior of pf when disabled ? Is there some kind of
>> default blocking rule that is still active ?
> Have you tried /etc/hostname.vio0 with
> inet6 autoconf autoconfprivacy soii
> inet6 <your ip6 address here>
>
> instead of specifying a LL route?
>
> Just in case, you could try /etc/pf.conf with only
>
> pass log all
>
> instead of disabling pf.
>
> Is the installion of OpenBSD provider by your VPS, or do they let
> you use a custom ISO? Maybe a trial installation using a differnt
> VPS but a similar configuration would indicate it's a problem with
> the VPS.
>
>

Reply | Threaded
Open this post in threaded view
|

Re: IPv6 problems

freda_bundchen
In reply to this post by list
> From:       list <list () md5collisions ! eu>

> my /etc/hostname looks exactly like you proposed:

> inet6 autoconf autoconfprivacy soii
> inet6 <my IP6>

> when i enter the default IPv6 gateway manually. I can ping stuff
> but don't get a reply.  When I don't: "No route to host"

> (With route to fe80::1%vio added and the normal hostname.vio0)

I would suggest not specifying any routes or link-local addresses, and
instead in /etc/hostname.vio0 make sure the IPv6 address in <my IP6>
is the public IPv6 address given by your provider (I know there's a
/64, but I'm just going by the example of my own provider.)

Then make sure /etc/mygate doesn't have any IPv6 addresses. Then
perhaps reboot everything to make sure you've cleared out references
to fe80::1, if /bin/sh /etc/netstart doesn't get everything working.

My provider's configuration examples said to use -autoconfprivacy and
-soii so you might try that also. But mine works with autoconfprivacy
and soii.

What is the output of slaacctl show interface vio0?

12