On Feb 12, 2008 12:37 PM, Pekka Savola <<a href="mailto:pekkas@netcore.fi">pekkas@netcore.fi</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On Tue, 12 Feb 2008, Norman Rasmussen wrote:<br>>> This has two problems. First, as Vista uses privacy addresses<br>>> (randomly generated v6 addresses from the advertised prefixes), those<br>
>> don't work as you haven't set up host routes to them. Second, two<br>>> clients get the same /64 so they can't talk if you don't do bridging<br>>> between different interfaces.<br>><br>
> The random address is the same for the link-local/site-local/global<br>> addresses. So I can happily strip the link-local prefix, and append the<br>> global prefix in the ipv6-up script.<br><br></div>No, it's different. With "privacy address", I'm referring to RFC 3041<br>
(and its successor). Vista generates new global addresses<br>periodically, I think by default once a day. I don't think you can<br>track those this way.<br><div class="Ih2E3d"></div></blockquote><div><br>`ifconfig /all` snippet<br>
<br> Autoconfiguration Enabled . . . . : Yes<br> IPv6 Address. . . . . . . . . . . : 2001:123:456:321:949a:e10e:5943:b88c(Preferred)<br> Site-local IPv6 Address . . . . . : fec0::949a:e10e:5943:b88c%1(Preferred)<br>
Link-local IPv6 Address . . . . . : fe80::949a:e10e:5943:b88c%35(Preferred)<br> Default Gateway . . . . . . . . . : fe80::2c0:4fff:fe43:b628%35<br> DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1<br> fec0:0:0:ffff::2%1<br>
fec0:0:0:ffff::3%1<br><br>`netsh int ipv6 show add` snippet<br><br>Addr Type DAD State Valid Life Pref. Life Address<br>
--------- ----------- ---------- ---------- ------------------------<br>
Public Preferred 29d23h49m47s 9m47s 2001:123:456:321:949a:e10e:5943:b88c<br>
Other Preferred infinite infinite fe80::949a:e10e:5943:b88c%35<br>
Public Preferred 29d23h49m47s 6d23h49m47s fec0::949a:e10e:5943:b88c%1<br>
<br>The Global and Site local prefixes are only present because of radvd, notice how the suffixes match the Link local address. (radvd is set to annouce a preferred lifetime of 20 minutes, and this was when the connection had been up about 10 minutes)<br>
<br><br></div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div class="Ih2E3d">>> I'm not sure if configuring addresses with DHCPv6 (address assignment<br>
>> part, not prefix delegation) would help in your case, even if very few<br>>> OSs support it out of the box. I doubt it.<br>>><br>><br>> Vista will only use DHCPv6 to request a /64 if the VPN tunnel is being<br>
> shared, which I don't need to do.<br><br></div>That's the "DHCPv6 prefix delegation" mode. There is additionally<br>"DHCPv6 address assignment" solution (where you can give hosts /128<br>
addresses) but I'm not sure if Vista supports it and in general that's<br>not a generally available solution.<br></blockquote></div><br>Correct, it looks like vista only supports prefix delegation.<br><br>Summary: At the moment I have a fully working VPN connection, by doing the following steps:<br>
<br> - /proc/sys/net/ipv6/conf/eth0/proxy_ndp=1 at system startup<br> - radvd manually configured to the interface I think pppd will assign<br> - in ipv6-up:<br> - HUP radvd<br clear="all"> - add route global and site local address via $PPP_IFACE<br>
- add neighbour proxy for global address (to eth0)<br><br>doing this gives me a full IPv6 connection on the vista vpn client, and I can access internet and intranet IP addresses without an issue. I guess I might just end up writing a script to populate radvd with a config for each IPv6 capable ppp device before I hup it.<br>
<br>-- <br>- Norman Rasmussen<br> - Email: <a href="mailto:norman@rasmussen.co.za">norman@rasmussen.co.za</a><br> - Home page: <a href="http://norman.rasmussen.co.za/">http://norman.rasmussen.co.za/</a>