problem setting inet6 route

classic Classic list List threaded Threaded
18 messages Options
Reply | Threaded
Open this post in threaded view
|

problem setting inet6 route

Remi Locherer
Hi

I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
provides IPv6 but somehow with a strange setup. I got something like the
following from them:

Gateway Address: 2001:db8:1:1110::1/64
Subnet I can use: 2001:db8:1:1111/64

If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
server it doesn't let me set the default gateway becaus it's not in the
same subnet:

openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
openbsd# route add -inet6 default 2001:db8:1:1110::1
route: writing to routing socket: Network is unreachable
add net default: gateway 2001:db8:1:1110::1: Network is unreachable

For Linux they give these instructions:
linux# ip route add 2001:db8:1:1110::1 dev eth0
linux# ip route add default via 2001:db8:1:1110::1

I tried:
openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
openbsd# route add -inet6 default 2001:db8:1:1110::1

But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
address.

In pf.conf I have the following rules and pflog shows no blocked
icmp6 traffic:
>block in log
>pass out log quick
>block log quick from <sshguard>
>pass log inet proto icmp icmp-type { echoreq, unreach }
>pass log inet6 proto icmp6
>pass in log on egress proto {tcp udp} to any port domain
>pass in log on egress proto tcp to any port ssh

How can I make this work?

Remi

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Stuart Henderson
On 2012-08-31, Remi Locherer <[hidden email]> wrote:

> I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> provides IPv6 but somehow with a strange setup. I got something like the
> following from them:
>
> Gateway Address: 2001:db8:1:1110::1/64
> Subnet I can use: 2001:db8:1:1111/64
>
> If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
> server it doesn't let me set the default gateway becaus it's not in the
> same subnet:
>
> openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
> openbsd# route add -inet6 default 2001:db8:1:1110::1
> route: writing to routing socket: Network is unreachable
> add net default: gateway 2001:db8:1:1110::1: Network is unreachable
>
> For Linux they give these instructions:
> linux# ip route add 2001:db8:1:1110::1 dev eth0
> linux# ip route add default via 2001:db8:1:1110::1
>
> I tried:
> openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
> openbsd# route add -inet6 default 2001:db8:1:1110::1
>
> But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
> address.

No idea if it will work, but you could try something like this

route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Simon Perreault-2
In reply to this post by Remi Locherer
(I rearranged your email: provider info at the top, your actions at the
bottom.)

Le 2012-08-31 03:19, Remi Locherer a écrit :

> I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> provides IPv6 but somehow with a strange setup. I got something like the
> following from them:
>
> Gateway Address: 2001:db8:1:1110::1/64
> Subnet I can use: 2001:db8:1:1111/64
>
> For Linux they give these instructions:
> linux# ip route add 2001:db8:1:1110::1 dev eth0
> linux# ip route add default via 2001:db8:1:1110::1

I would understand this to mean:

a---[You]---b---[Them]---Internet

a = 2001:db8:1:1111::/64
b = 2001:db8:1:1110::/64

You on a = 2001:db8:1:1111::<whatever>
You on b = 2001:db8:1:1110::<whatever except 1>
Them on b = 2001:db8:1:1110::1

If you don't need a, don't configure it.

> If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
> server it doesn't let me set the default gateway becaus it's not in the
> same subnet:
>
> openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
> openbsd# route add -inet6 default 2001:db8:1:1110::1
> route: writing to routing socket: Network is unreachable
> add net default: gateway 2001:db8:1:1110::1: Network is unreachable
>
> I tried:
> openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
> openbsd# route add -inet6 default 2001:db8:1:1110::1
>
> But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
> address.

Yeah that's all wrong. Assuming that rl0 is on network b, try:

ifconfig rl0 inet6 2001:db8:1:1110::2
route add -inet6 default 2001:db8:1:1110::1

Simon

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Claudio Jeker
In reply to this post by Stuart Henderson
On Fri, Aug 31, 2012 at 09:22:06AM +0000, Stuart Henderson wrote:

> On 2012-08-31, Remi Locherer <[hidden email]> wrote:
> > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> > provides IPv6 but somehow with a strange setup. I got something like the
> > following from them:
> >
> > Gateway Address: 2001:db8:1:1110::1/64
> > Subnet I can use: 2001:db8:1:1111/64
> >
> > If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
> > server it doesn't let me set the default gateway becaus it's not in the
> > same subnet:
> >
> > openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
> > openbsd# route add -inet6 default 2001:db8:1:1110::1
> > route: writing to routing socket: Network is unreachable
> > add net default: gateway 2001:db8:1:1110::1: Network is unreachable
> >
> > For Linux they give these instructions:
> > linux# ip route add 2001:db8:1:1110::1 dev eth0
> > linux# ip route add default via 2001:db8:1:1110::1
> >
> > I tried:
> > openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
> > openbsd# route add -inet6 default 2001:db8:1:1110::1
> >
> > But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
> > address.
>
> No idea if it will work, but you could try something like this
>
> route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1
>

Bad adivece. Hetzner gave the wrong gateway or the wrong network. It is
funny that the Linux example they give is using proper network numbers.

In short, the gateway MUST be part of a connected route (network
configured on the interface) because ND or ARP for INET is needed to
figure out the MAC address to talk to that host on the L2 network.

The only excpetion are point to point interfaces but those have a
destination IP on the interface and don't need a L2 address resolution
protocol.
--
:wq Claudio

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Remi Locherer
In reply to this post by Stuart Henderson
On Fri, Aug 31, 2012 at 09:22:06AM +0000, Stuart Henderson wrote:

> On 2012-08-31, Remi Locherer <[hidden email]> wrote:
> > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> > provides IPv6 but somehow with a strange setup. I got something like the
> > following from them:
> >
> > Gateway Address: 2001:db8:1:1110::1/64
> > Subnet I can use: 2001:db8:1:1111/64
> >
> > If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
> > server it doesn't let me set the default gateway becaus it's not in the
> > same subnet:
> >
> > openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
> > openbsd# route add -inet6 default 2001:db8:1:1110::1
> > route: writing to routing socket: Network is unreachable
> > add net default: gateway 2001:db8:1:1110::1: Network is unreachable
> >
> > For Linux they give these instructions:
> > linux# ip route add 2001:db8:1:1110::1 dev eth0
> > linux# ip route add default via 2001:db8:1:1110::1
> >
> > I tried:
> > openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
> > openbsd# route add -inet6 default 2001:db8:1:1110::1
> >
> > But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
> > address.
>
> No idea if it will work, but you could try something like this
>
> route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1
>

Unfortunately this does not work. With this the link local address is
used:

openbsd# sysctl net.inet6.ip6.multipath=1
net.inet6.ip6.multipath: 0 -> 1
openbsd# route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1
add net default: gateway 2001:db8:1:1110::1
openbsd#  ping6 2001:db8:1:1110::1
PING6(56=40+8+8 bytes) 2001:db8:1:1111::78 --> 2001:db8:1:1110::1
ping6: sendmsg: No route to host
ping6: wrote 2001:db8:1:1110::1 16 chars, ret=-1
^C
--- 2001:db8:1:1110::1 ping6 statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

openbsd# route -n get -inet6 2001:db8:1:1110::1
   route to: 2001:db8:1:1110::1
destination: ::
       mask: default
    gateway: 2001:db8:1:1110::1
  interface: rl0
 if address: fe80::2e0:4cff:fec2:697c%rl0
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   priority: 8 (static)
      flags: <UP,GATEWAY,DONE,STATIC>
     use       mtu    expire
      24         0         0
root@typhoon#

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Remi Locherer
In reply to this post by Simon Perreault-2
On Fri, Aug 31, 2012 at 09:47:39AM -0400, Simon Perreault wrote:

> (I rearranged your email: provider info at the top, your actions at
> the bottom.)
>
> Le 2012-08-31 03:19, Remi Locherer a ?crit :
> >I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> >provides IPv6 but somehow with a strange setup. I got something like the
> >following from them:
> >
> >Gateway Address: 2001:db8:1:1110::1/64
> >Subnet I can use: 2001:db8:1:1111/64
> >
> >For Linux they give these instructions:
> >linux# ip route add 2001:db8:1:1110::1 dev eth0
> >linux# ip route add default via 2001:db8:1:1110::1
>
> I would understand this to mean:
>
> a---[You]---b---[Them]---Internet

Right except there is no network a. On [You] there is only one
interface (rl0).

>
> a = 2001:db8:1:1111::/64
> b = 2001:db8:1:1110::/64
>
> You on a = 2001:db8:1:1111::<whatever>
> You on b = 2001:db8:1:1110::<whatever except 1>
> Them on b = 2001:db8:1:1110::1
>
> If you don't need a, don't configure it.
>
> >If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
> >server it doesn't let me set the default gateway becaus it's not in the
> >same subnet:
> >
> >openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
> >openbsd# route add -inet6 default 2001:db8:1:1110::1
> >route: writing to routing socket: Network is unreachable
> >add net default: gateway 2001:db8:1:1110::1: Network is unreachable
> >
> >I tried:
> >openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
> >openbsd# route add -inet6 default 2001:db8:1:1110::1
> >
> >But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
> >address.
>
> Yeah that's all wrong. Assuming that rl0 is on network b, try:
>
> ifconfig rl0 inet6 2001:db8:1:1110::2
> route add -inet6 default 2001:db8:1:1110::1

This works. But I have to figure out (ask Hetzner) if I'm the only
customer they use 2001:db8:1:1110::/64 (I think so).

Also over their web interface they only offer me to create DNS entries
for 2001:db8:1:1111::/64.

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Remi Locherer
In reply to this post by Claudio Jeker
On Fri, Aug 31, 2012 at 04:27:50PM +0200, Claudio Jeker wrote:

> On Fri, Aug 31, 2012 at 09:22:06AM +0000, Stuart Henderson wrote:
> > On 2012-08-31, Remi Locherer <[hidden email]> wrote:
> > > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> > > provides IPv6 but somehow with a strange setup. I got something like the
> > > following from them:
> > >
> > > Gateway Address: 2001:db8:1:1110::1/64
> > > Subnet I can use: 2001:db8:1:1111/64
> > >
> > > If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
> > > server it doesn't let me set the default gateway becaus it's not in the
> > > same subnet:
> > >
> > > openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
> > > openbsd# route add -inet6 default 2001:db8:1:1110::1
> > > route: writing to routing socket: Network is unreachable
> > > add net default: gateway 2001:db8:1:1110::1: Network is unreachable
> > >
> > > For Linux they give these instructions:
> > > linux# ip route add 2001:db8:1:1110::1 dev eth0
> > > linux# ip route add default via 2001:db8:1:1110::1
> > >
> > > I tried:
> > > openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
> > > openbsd# route add -inet6 default 2001:db8:1:1110::1
> > >
> > > But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
> > > address.
> >
> > No idea if it will work, but you could try something like this
> >
> > route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1
> >
>
> Bad adivece. Hetzner gave the wrong gateway or the wrong network. It is
> funny that the Linux example they give is using proper network numbers.

They're realy giving customers a gateway address that is not part of the
clients subnet.

http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen#Root-Server
(german website)

> In short, the gateway MUST be part of a connected route (network
> configured on the interface) because ND or ARP for INET is needed to
> figure out the MAC address to talk to that host on the L2 network.

I found instructions for FreeBSD. There it is recommended to add static
configuration for ndp. Since FreeBSD 8.3 they use /etc/rc.d/static_ndp
for that. But I don't like it because I wouldn't reach my server when
the routers mac changes.

http://blog.vx.sk/archives/33-FreeBSD-Netzwerkkonfiguration-auf-Servern-von-Hetzner.html
(german website)

>
> The only excpetion are point to point interfaces but those have a
> destination IP on the interface and don't need a L2 address resolution
> protocol.
> --
> :wq Claudio

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Todd T. Fries-2
In reply to this post by Claudio Jeker
Penned by Claudio Jeker on 20120831  9:27.50, we have:
| On Fri, Aug 31, 2012 at 09:22:06AM +0000, Stuart Henderson wrote:
| > On 2012-08-31, Remi Locherer <[hidden email]> wrote:
| > > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
| > > provides IPv6 but somehow with a strange setup. I got something like the
| > > following from them:
| > >
| > > Gateway Address: 2001:db8:1:1110::1/64
| > > Subnet I can use: 2001:db8:1:1111/64
| > >
| > > If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
| > > server it doesn't let me set the default gateway becaus it's not in the
| > > same subnet:
| > >
| > > openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
| > > openbsd# route add -inet6 default 2001:db8:1:1110::1
| > > route: writing to routing socket: Network is unreachable
| > > add net default: gateway 2001:db8:1:1110::1: Network is unreachable
| > >
| > > For Linux they give these instructions:
| > > linux# ip route add 2001:db8:1:1110::1 dev eth0
| > > linux# ip route add default via 2001:db8:1:1110::1
| > >
| > > I tried:
| > > openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
| > > openbsd# route add -inet6 default 2001:db8:1:1110::1
| > >
| > > But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
| > > address.
| >
| > No idea if it will work, but you could try something like this
| >
| > route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1
| >
|
| Bad adivece. Hetzner gave the wrong gateway or the wrong network. It is
| funny that the Linux example they give is using proper network numbers.
|
| In short, the gateway MUST be part of a connected route (network
| configured on the interface) because ND or ARP for INET is needed to
| figure out the MAC address to talk to that host on the L2 network.
|
| The only excpetion are point to point interfaces but those have a
| destination IP on the interface and don't need a L2 address resolution
| protocol.
| --
| :wq Claudio

I hate exceptions. 1and1.com, I'm looking at you.

This abomination has survived too many years:

hostname.if:
   !route add -llinfo -iface -net 10.255.0.0/16 10.255.255.1 -ifp nfe0
   inet 1.2.3.4 255.255.255.255
   inet 1.2.4.3 255.255.255.255
   ...

mygate:
   10.255.255.1

This forces the subnet to be on the interface so one can reach a router
without having any IP's on the local system corresponding to the remote
router IP.

Thanks,
--
Todd Fries .. [hidden email]

 _____________________________________________
|                                             \  1.636.410.0632 (voice)
| Free Daemon Consulting, LLC                 \  1.405.227.9094 (voice)
| http://FreeDaemonConsulting.com             \  1.866.792.3418 (FAX)
| 2525 NW Expy #525, Oklahoma City, OK 73112  \  sip:[hidden email]
| "..in support of free software solutions."  \  sip:[hidden email]
 \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
                                                 
              37E7 D3EB 74D0 8D66 A68D  B866 0326 204E 3F42 004A
                        http://todd.fries.net/pgp.txt

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Simon Perreault-2
In reply to this post by Remi Locherer
Le 2012-08-31 10:52, Remi Locherer a écrit :

>>> Gateway Address: 2001:db8:1:1110::1/64
>>> Subnet I can use: 2001:db8:1:1111/64
>>>
>>> For Linux they give these instructions:
>>> linux# ip route add 2001:db8:1:1110::1 dev eth0
>>> linux# ip route add default via 2001:db8:1:1110::1
>>
>> I would understand this to mean:
>>
>> a---[You]---b---[Them]---Internet
>
> Right except there is no network a. On [You] there is only one
> interface (rl0).

So? It allows you to create such a network a. That's the point.

You don't need a physical interface. There are many kinds of network
interfaces that you can create yourself (loopback, tunnels, etc.). Have
some imagination.

>> a = 2001:db8:1:1111::/64
>> b = 2001:db8:1:1110::/64
>>
>> You on a = 2001:db8:1:1111::<whatever>
>> You on b = 2001:db8:1:1110::<whatever except 1>
>> Them on b = 2001:db8:1:1110::1
>>
>> If you don't need a, don't configure it.
>>
>>> If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
>>> server it doesn't let me set the default gateway becaus it's not in the
>>> same subnet:
>>>
>>> openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
>>> openbsd# route add -inet6 default 2001:db8:1:1110::1
>>> route: writing to routing socket: Network is unreachable
>>> add net default: gateway 2001:db8:1:1110::1: Network is unreachable
>>>
>>> I tried:
>>> openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
>>> openbsd# route add -inet6 default 2001:db8:1:1110::1
>>>
>>> But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
>>> address.
>>
>> Yeah that's all wrong. Assuming that rl0 is on network b, try:
>>
>> ifconfig rl0 inet6 2001:db8:1:1110::2
>> route add -inet6 default 2001:db8:1:1110::1
>
> This works. But I have to figure out (ask Hetzner) if I'm the only
> customer they use 2001:db8:1:1110::/64 (I think so).

If not it would mean there are multiple customers on network b. That
would be somewhat unusual.

> Also over their web interface they only offer me to create DNS entries
> for 2001:db8:1:1111::/64.

This make total sense. Just assign yourself an address from that prefix,
e.g. on the loopback interface.

Simon

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Joakim Aronius-2
In reply to this post by Remi Locherer
* Remi Locherer ([hidden email]) wrote:
> Hi
>
> I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> provides IPv6 but somehow with a strange setup. I got something like the
> following from them:
>
> Gateway Address: 2001:db8:1:1110::1/64
> Subnet I can use: 2001:db8:1:1111/64

You could begin with actually getting real IPv6 addresses. 2001:DB8::/32 is a reserved prefix for use in documentation. http://tools.ietf.org/html/rfc3849

Cheers,
/Joakim

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Remi Locherer
On Fri, Aug 31, 2012 at 09:01:44PM +0200, Joakim Aronius wrote:

> * Remi Locherer ([hidden email]) wrote:
> > Hi
> >
> > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> > provides IPv6 but somehow with a strange setup. I got something like the
> > following from them:
> >
> > Gateway Address: 2001:db8:1:1110::1/64
> > Subnet I can use: 2001:db8:1:1111/64
>
> You could begin with actually getting real IPv6 addresses. 2001:DB8::/32 is a reserved prefix for use in documentation. http://tools.ietf.org/html/rfc3849
>

Do you really think that these addresses are the ones I got from the
provider?

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Joakim Aronius-2
* Remi Locherer ([hidden email]) wrote:

> On Fri, Aug 31, 2012 at 09:01:44PM +0200, Joakim Aronius wrote:
> > * Remi Locherer ([hidden email]) wrote:
> > > Hi
> > >
> > > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> > > provides IPv6 but somehow with a strange setup. I got something like the
> > > following from them:
> > >
> > > Gateway Address: 2001:db8:1:1110::1/64
> > > Subnet I can use: 2001:db8:1:1111/64
> >
> > You could begin with actually getting real IPv6 addresses. 2001:DB8::/32 is a reserved prefix for use in documentation. http://tools.ietf.org/html/rfc3849
> >
>
> Do you really think that these addresses are the ones I got from the
> provider?

Well, with that kind of question and miss-typed address i figured you did not have a clue, maybe I was wrong, my bad.
But I do not believe in keeping IP addresses secret, it doesn't help.
Good luck with IPv6!
/J

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Philip Guenther-2
In reply to this post by Remi Locherer
On Fri, Aug 31, 2012 at 7:52 AM, Remi Locherer <[hidden email]> wrote:
> On Fri, Aug 31, 2012 at 09:47:39AM -0400, Simon Perreault wrote:
>> Le 2012-08-31 03:19, Remi Locherer a ?crit :
>> >I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
>> >provides IPv6 but somehow with a strange setup. I got something like the
>> >following from them:
>> >
>> >Gateway Address: 2001:db8:1:1110::1/64
>> >Subnet I can use: 2001:db8:1:1111/64


> This works. But I have to figure out (ask Hetzner) if I'm the only
> customer they use 2001:db8:1:1110::/64 (I think so).

I think the question I would have asked them is
    What does your box (2001:db8:1:1110::1) need in order for it to
    figure out how to send packets for my network (2001:db8:1:1111::/64)
    to my box?  Does my box need to have a specific address or send
    out router advertisements?

I.e., how is is their box going to know get the ethernet address of
your box so that it can send the packets to it?


Philip Guenther

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Remi Locherer
On Sat, Sep 01, 2012 at 01:29:02PM -0700, Philip Guenther wrote:

> On Fri, Aug 31, 2012 at 7:52 AM, Remi Locherer <[hidden email]> wrote:
> > On Fri, Aug 31, 2012 at 09:47:39AM -0400, Simon Perreault wrote:
> >> Le 2012-08-31 03:19, Remi Locherer a ?crit :
> >> >I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> >> >provides IPv6 but somehow with a strange setup. I got something like the
> >> >following from them:
> >> >
> >> >Gateway Address: 2001:db8:1:1110::1/64
> >> >Subnet I can use: 2001:db8:1:1111/64
>
>
> > This works. But I have to figure out (ask Hetzner) if I'm the only
> > customer they use 2001:db8:1:1110::/64 (I think so).
>
> I think the question I would have asked them is
>     What does your box (2001:db8:1:1110::1) need in order for it to
>     figure out how to send packets for my network (2001:db8:1:1111::/64)
>     to my box?  Does my box need to have a specific address or send
>     out router advertisements?
>
> I.e., how is is their box going to know get the ethernet address of
> your box so that it can send the packets to it?

I now got an answer from Hetzner:
- I'm not allowed to use an address from the gateway subnet. They will
  block my traffic if I'm using such an address
- They recommend that I configure a /59 prefix. In my opinion this makes
  no sense. I now configured a /63 prefix which contains my subnet and
  the gateway subnet (this works).

They did not explain how their gateway is configured to send traffic to
my host without configuring a specific address on my host.

Remi

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Stuart Henderson
In reply to this post by Claudio Jeker
On 2012-08-31, Claudio Jeker <[hidden email]> wrote:

> On Fri, Aug 31, 2012 at 09:22:06AM +0000, Stuart Henderson wrote:
>> On 2012-08-31, Remi Locherer <[hidden email]> wrote:
>> > I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
>> > provides IPv6 but somehow with a strange setup. I got something like the
>> > following from them:
>> >
>> > Gateway Address: 2001:db8:1:1110::1/64
>> > Subnet I can use: 2001:db8:1:1111/64
>> >
>> > If I now assign for example 2001:db8:1:1111:1/64 to the interface on my
>> > server it doesn't let me set the default gateway becaus it's not in the
>> > same subnet:
>> >
>> > openbsd# ifconfig rl0 inet6 2001:db8:1:1111:/64
>> > openbsd# route add -inet6 default 2001:db8:1:1110::1
>> > route: writing to routing socket: Network is unreachable
>> > add net default: gateway 2001:db8:1:1110::1: Network is unreachable
>> >
>> > For Linux they give these instructions:
>> > linux# ip route add 2001:db8:1:1110::1 dev eth0
>> > linux# ip route add default via 2001:db8:1:1110::1
>> >
>> > I tried:
>> > openbsd# route add -inet6 -iface 2001:db8:1:1110::1 2001:db8:1:1111::1
>> > openbsd# route add -inet6 default 2001:db8:1:1110::1
>> >
>> > But now it's not possible to ping6 2001:db8:1:1110::1 or any other IPv6
>> > address.
>>
>> No idea if it will work, but you could try something like this
>>
>> route add -inet6 -mpath default -ifp rl0 2001:db8:1:1110::1
>>
>
> Bad adivece. Hetzner gave the wrong gateway or the wrong network. It is
> funny that the Linux example they give is using proper network numbers.

Some of the cheap "root server" providers do this type of trick for v4
of placing the gateway outside of your subnet and use routing tricks
to allow access to it, some ADSL routers with a "half bridge" mode
do a similar thing. They often use dhcp to assign the addresses for
v4, which on some OS does work seamlessly.

Presumably this was done to reduce address usage so it would be
completely pointless to do a similar thing with v6, but pointless
doesn't stop people from doing things..

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Stuart Henderson
In reply to this post by Remi Locherer
On 2012-09-04, Remi Locherer <[hidden email]> wrote:

> On Sat, Sep 01, 2012 at 01:29:02PM -0700, Philip Guenther wrote:
>> On Fri, Aug 31, 2012 at 7:52 AM, Remi Locherer <[hidden email]> wrote:
>> > On Fri, Aug 31, 2012 at 09:47:39AM -0400, Simon Perreault wrote:
>> >> Le 2012-08-31 03:19, Remi Locherer a ?crit :
>> >> >I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
>> >> >provides IPv6 but somehow with a strange setup. I got something like the
>> >> >following from them:
>> >> >
>> >> >Gateway Address: 2001:db8:1:1110::1/64
>> >> >Subnet I can use: 2001:db8:1:1111/64
>>
>>
>> > This works. But I have to figure out (ask Hetzner) if I'm the only
>> > customer they use 2001:db8:1:1110::/64 (I think so).
>>
>> I think the question I would have asked them is
>>     What does your box (2001:db8:1:1110::1) need in order for it to
>>     figure out how to send packets for my network (2001:db8:1:1111::/64)
>>     to my box?  Does my box need to have a specific address or send
>>     out router advertisements?
>>
>> I.e., how is is their box going to know get the ethernet address of
>> your box so that it can send the packets to it?
>
> I now got an answer from Hetzner:
> - I'm not allowed to use an address from the gateway subnet. They will
>   block my traffic if I'm using such an address
> - They recommend that I configure a /59 prefix. In my opinion this makes
>   no sense. I now configured a /63 prefix which contains my subnet and
>   the gateway subnet (this works).
>
> They did not explain how their gateway is configured to send traffic to
> my host without configuring a specific address on my host.
>
> Remi
>
>

crazy. other large scale providers (e.g. dedibox) can manage to give
people a /48 and do standard DHCP6 PD without this insanity...

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Simon Perreault-3
In reply to this post by Remi Locherer
Le 2012-09-04 02:13, Remi Locherer a écrit :
> I now got an answer from Hetzner:
> - I'm not allowed to use an address from the gateway subnet. They will
>    block my traffic if I'm using such an address
> - They recommend that I configure a /59 prefix. In my opinion this makes
>    no sense. I now configured a /63 prefix which contains my subnet and
>    the gateway subnet (this works).
>
> They did not explain how their gateway is configured to send traffic to
> my host without configuring a specific address on my host.

This is broken.

I tried to give them benefit of the doubt, but they're just clueless.

Simon
--
DTN made easy, lean, and smart --> http://postellation.viagenie.ca
NAT64/DNS64 open-source        --> http://ecdysis.viagenie.ca
STUN/TURN server               --> http://numb.viagenie.ca

Reply | Threaded
Open this post in threaded view
|

Re: problem setting inet6 route

Martin Pelikan
In reply to this post by Remi Locherer
On Tue, Sep 04, 2012 at 08:13:59AM +0200, Remi Locherer wrote:

> On Sat, Sep 01, 2012 at 01:29:02PM -0700, Philip Guenther wrote:
> > On Fri, Aug 31, 2012 at 7:52 AM, Remi Locherer <[hidden email]> wrote:
> > > On Fri, Aug 31, 2012 at 09:47:39AM -0400, Simon Perreault wrote:
> > >> Le 2012-08-31 03:19, Remi Locherer a ?crit :
> > >> >I rented a server from Hetzner where I installed OpenBSD 5.1. Hetzner also
> > >> >provides IPv6 but somehow with a strange setup. I got something like the
> > >> >following from them:
> > >> >
> > >> >Gateway Address: 2001:db8:1:1110::1/64
> > >> >Subnet I can use: 2001:db8:1:1111/64
> >
> >
> > > This works. But I have to figure out (ask Hetzner) if I'm the only
> > > customer they use 2001:db8:1:1110::/64 (I think so).
> >
> > I think the question I would have asked them is
> >     What does your box (2001:db8:1:1110::1) need in order for it to
> >     figure out how to send packets for my network (2001:db8:1:1111::/64)
> >     to my box?  Does my box need to have a specific address or send
> >     out router advertisements?
> >
> > I.e., how is is their box going to know get the ethernet address of
> > your box so that it can send the packets to it?
>
> I now got an answer from Hetzner:
> - I'm not allowed to use an address from the gateway subnet. They will
>   block my traffic if I'm using such an address
> - They recommend that I configure a /59 prefix. In my opinion this makes
>   no sense. I now configured a /63 prefix which contains my subnet and
>   the gateway subnet (this works).
>
> They did not explain how their gateway is configured to send traffic to
> my host without configuring a specific address on my host.


It's a good practice to use link-local addresses for default routes.
ICMPv6 Redirects won't work with the global ones for example, because
one of the RFCs requires the redirect packet's source address to match
the address you sent it to in the first place.  Try telling them that.
Or ask them why can't they take one of your addresses and
use it for their gateway?  This is just crazy.

Yes, their MAC addresses/{U,G,D}UIDs can change; that's why you need to
ask them first.  It also helps if they're running CARP/VRRP, because if
they don't play with VHIDs, their MAC addresses don't change with their
infrastructure :-)

--
Martin Pelikan