Em 13-07-2015 13:39, Christian Weisgerber escreveu:
Once you get that far, you might notice that dynamic addresses for your network are rather inconvenient. You'll need to update all references to your internal hosts in * pf.conf * DNS zones * ... any other daemons that might refer to them ...
And you need to reload you pf rules when any of them changes (specially privacy addresses).
You'll also need to distribute the addresses to your hosts. If you don't like SLAAC-style addresses, you'll need DHCPv6. Which you might also need for the nameserver, NTP server, etc.
This for a IPv6 only network. My approach is to keep the RFC 1918 internal IPv4 net for these.
Out of the box, OpenBSD is poorly equipped for all of this.
Agreed. On the other hand it's quite equipped in the routing and firewalling of IPv6 networks. Even NAT64 is simple to do with pf.
I recently switched ISPs and the new one offers native IPv6 the TR-187 way, but given that level of pain I'll stay with my SixXS tunnel and my static /48 for the time being.
I'm doing the exact same thing. My tunnel have an acceptable latency and, since I'm using it only for a site to site VPN, I'll stay with it for a while. But my ISP is implementing native IPv6 and sooner or later I'll have to deal with this. So will you.
Cheers, Giancarlo Razzolini
