[radvd-devel-l] Wildcard Interface Addresses

Norman Rasmussen norman at rasmussen.co.za
Tue Feb 12 06:56:14 EST 2008 

On Feb 12, 2008 12:37 PM, Pekka Savola <pekkas at netcore.fi> wrote:

> On Tue, 12 Feb 2008, Norman Rasmussen wrote:
> >> This has two problems.  First, as Vista uses privacy addresses
> >> (randomly generated v6 addresses from the advertised prefixes), those
> >> don't work as you haven't set up host routes to them.  Second, two
> >> clients get the same /64 so they can't talk if you don't do bridging
> >> between different interfaces.
> >
> > The random address is the same for the link-local/site-local/global
> > addresses.  So I can happily strip the link-local prefix, and append the
> > global prefix in the ipv6-up script.
>
> No, it's different.  With "privacy address", I'm referring to RFC 3041
> (and its successor).  Vista generates new global addresses
> periodically, I think by default once a day.  I don't think you can
> track those this way.
>

`ifconfig /all` snippet

   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . :
2001:123:456:321:949a:e10e:5943:b88c(Preferred)
   Site-local IPv6 Address . . . . . :
fec0::949a:e10e:5943:b88c%1(Preferred)
   Link-local IPv6 Address . . . . . :
fe80::949a:e10e:5943:b88c%35(Preferred)
   Default Gateway . . . . . . . . . : fe80::2c0:4fff:fe43:b628%35
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1

`netsh int ipv6 show add` snippet

Addr Type  DAD State   Valid Life Pref. Life Address
---------  ----------- ---------- ---------- ------------------------
Public     Preferred  29d23h49m47s      9m47s
2001:123:456:321:949a:e10e:5943:b88c
Other      Preferred     infinite   infinite fe80::949a:e10e:5943:b88c%35
Public     Preferred  29d23h49m47s 6d23h49m47s fec0::949a:e10e:5943:b88c%1

The Global and Site local prefixes are only present because of radvd, notice
how the suffixes match the Link local address.  (radvd is set to annouce a
preferred lifetime of 20 minutes, and this was when the connection had been
up about 10 minutes)


>> I'm not sure if configuring addresses with DHCPv6 (address assignment
> >> part, not prefix delegation) would help in your case, even if very few
> >> OSs support it out of the box.  I doubt it.
> >>
> >
> > Vista will only use DHCPv6 to request a /64 if the VPN tunnel is being
> > shared, which I don't need to do.
>
> That's the "DHCPv6 prefix delegation" mode.  There is additionally
> "DHCPv6 address assignment" solution (where you can give hosts /128
> addresses) but I'm not sure if Vista supports it and in general that's
> not a generally available solution.
>

Correct, it looks like vista only supports prefix delegation.

Summary: At the moment I have a fully working VPN connection, by doing the
following steps:

 - /proc/sys/net/ipv6/conf/eth0/proxy_ndp=1 at system startup
 - radvd manually configured to the interface I think pppd will assign
 - in ipv6-up:
   - HUP radvd
   - add route global and site local address via $PPP_IFACE
   - add neighbour proxy for global address (to eth0)

doing this gives me a full IPv6 connection on the vista vpn client, and I
can access internet and intranet IP addresses without an issue.  I guess I
might just end up writing a script to populate radvd with a config for each
IPv6 capable ppp device before I hup it.

-- 
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.litech.org/pipermail/radvd-devel-l/attachments/20080212/5ab817f8/attachment.htm

More information about the radvd-devel-l mailing list