Hello. I've got a situation I would like to solve as neatly as possible and contribute to OpenWRT. This is the picture.
I've got a: 1. DSL line at home with a dynamic IPv4 address. 2. TL-WR1043ND router running OpenWRT (pppoe). 3. tunnel to SiXXS. I'd like to: 1. set up 6to4 tunnel for better communication with other 6to4 users. Condition: 1. SiXXS seem to block packets with 6to4 address comming to their POP thtough a tunnel. The simple option is to set up a 6to4 tunnel but not advertise it with radvd. Inbound packets from 2002::/16 come through sixxs device outgoing take the shorter route through 6to4 tunnel. 6to4 users should accept them according to "Security considerations" in http://www.faqs.org/rfcs/rfc3056.html It is more efficient, however, to advertise 6to4 prefix throughout the LAN and comunicate with others more directly to avoid possibly misconfigured 6to4 GWs along the way. Let's consider four possible cases of incoming connections (there are only two for outgoing once, since local host is supposed to choose a source address wisely) where remote and local addresses can be either native or 6to4 ones. (iif/oif on a router) | remote -> | 6to4 | native | |-----------+-----------+-------------| | local | | | | 6to4 | stf/stf | stf/stf* | | native | sixxs/stf | sixxs/sixxs | As for default settings there is a problem with the "*" case as packets with a 6to4 source address and a native destination one won't pass through sixxs tunnel. A routing table like this won't work. 2002::/16 dev 6to4-stf proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0 default via 2001:db8:2::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 0 The solution. I've solved the problem by adding an additional routing table (sixtofour) with a single entry 2000::/3 via ::192.88.99.1 dev 6to4-stf metric 1029 mtu 1280 advmss 1220 hoplimit 0 and a rule from 2002:c000:2e8::/48 lookup sixtofour (2002:c000:2e8:: is my 6to4 prefix) which makes all packets with a 6to4 source address from my LAN be routed through the 6to4-stf interface. It looks like there should be a separate routing table for each 6to4 interface/prefix which hints there shouldn't be more than one 6to4 tunnel. The Questions. I'd like to put everything (the above setup) together in the right places so the question is what are they? (Would you accept a patch for /etc/iproute2/rt_tables?) Can I assume openwrt supports multiple routing tables? I suppose I shoud not make any assumptions about the number role of IPv4/IPv6/6to4 interfaces. How can I tell (from within a script) there are other/better tunnels and the above solution should be applied? Any other suggestions? -- Było mi bardzo miło. Czwarta pospolita klęska, [...] >Łukasz< Już nie katolicka lecz złodziejska. (c)PP _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
