Hi misc, I'm having trouble with implementing rdomains and IPv6.
I have followed this guide which might be a bit old but the best I could find: https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/ I have made a set-up with two machines connected by an openBSD router. Machine: "internet" ============ # cat /etc/hostname.em1 inet6 2a01:7e8:1:800::2fd/126 !route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe Machine: "router" ============ # cat /etc/hostname.em1 inet6 2a01:7e8:1:800::2fe/126 !route -T 0 add 2a01:7e8:35:fab::/64 ::1 # cat /etc/hostname.em2 rdomain 75 !route -T75 exec /usr/sbin/sshd inet6 alias 2a01:7e8:35:fab::1/64 # pfctl -sr block return all pass all flags S/SA block return in on ! lo0 proto tcp from any to any port 6000:6010 pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd flags S/SA rtable 0 pass out on em1 all flags S/SA Machine: "client" ============ # sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0 # sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1 I am able to ping between router<->internet, router<->client, but not between client<->internet. If pinging from client->internet, no replies are retuned. Doing tcpdump on em1 on the router gives: 16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo request [flowlabel 0xe1717] 16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply 16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time exceeded in-transit for 2a01:7e8:35:fab::2 Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no replies and tcpdump gives: 16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo request [flowlabel 0xe1717] 16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply 16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply Adding a route on em1 (rtable 0) as: # route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe , yields the same results as with no route. I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and add to pf: pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75 I'm pretty sure that I'm missing some understanding of rtables. Can someone point me in the right direction? I'm guessing that I need a way to move packets from rtable 0 to rtable 75. Btw, this set-up is made with virtualbox, but I have an identical physical set-up with the same issue. -- Med venlig hilsen/Best regards Claus Lensbøl Fab:IT ApS Vesterbrogade 37, 2. th DK-1620 København Tlf: +45 70 202 407 Main Site: www.fab-it.dk VPS Product: vpsforce.eu
