I've been using openvpn to tunnel IPv4 into work for a few years now. By
using addresses from the same subnet as the endpoint at at work and "arp
-s" I can work from home and access services as if I am on the subnet at
work.
I recently tried to add IPv6 to my openvpn setup. It wasn't difficult to
get the endpoints configured so I could ping across the tunnel from one
to the other (well, I think there are a couple of bugs in openvpn-2.3.0
with respect to ifconfig-ipv6 but I was able to "fix" them).
But I'm not having much success using "ndp -s" to have my endpoint
respond to neighbor solicitation requests from hosts on the subnet. I
have systems using IPv6 interface aliases and using "route monitor" I
see that in addition to the RTM_ADD that happens when you add an
interface alias, there's also a RTM_NEWMADDR to join the solicited node
multicast group so that the host will actually receive neighbor
solicitations:
got message of size 140 on Sun Feb 17 22:49:35 2013
RTM_NEWADDR: address being added to iface: len 140, metric 0,
flags:<HOST>
sockaddrs: <NETMASK,IFP,IFA>
(0) 0 0 0 ffff ffff ffff ffff 0 0 0 0 0 0 em0:0.30.48.74.90.52
2620:83:8000:5502::1187
got message of size 272 on Sun Feb 17 22:49:35 2013
RTM_ADD: Add Route: len 272, pid: 0, seq 0, errno 0,
flags:<UP,HOST,STATIC>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
2620:83:8000:5502::1187 0.30.48.74.90.52 (0) 0 0 0 ffff ffff ffff
ffff 0 0 0 0 0 0
got message of size 160 on Sun Feb 17 22:49:35 2013
RTM_NEWMADDR: new multicast group membership on iface: len 160,
sockaddrs: <GATEWAY,IFP,IFA>
33.33.ff.0.11.87 em0:0.30.48.74.90.52 ff02::1:ff00:1187%em0
But that does not happen when I add the IPv6 address to my ndp table
using "ndp -s":
got message of size 256 on Mon Feb 18 00:48:35 2013
RTM_GET: Report Metrics: len 256, pid: 24410, seq 1, errno 0,
flags:<UP,DONE>
locks: inits:
sockaddrs: <DST,GATEWAY,NETMASK>
2620:83:8000:5502:: (255) ffff ffff ffff ffff ffff ffff ffff
got message of size 240 on Mon Feb 18 00:48:35 2013
RTM_ADD: Add Route: len 240, pid: 24410, seq 2, errno 0,
flags:<HOST,DONE,LLINFO,STATIC,PROTO2>
locks: inits:
sockaddrs: <DST,GATEWAY>
2620:83:8000:5502::d5 0.30.48.74.90.52
I can see my new address in ndp -an output:
2620:83:8000:5502::d5 00:30:48:74:90:52 em0
permanent R p
but without joining the solicited node multicast group it's no surprise
the host doesn't respond properly.
Anybody know what I'm doing wrong?
Craig
_______________________________________________
freebsd-hackers@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscr...@freebsd.org"
