Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Author Topic: two/dual tunnel providers and routing  (Read 4290 times)


  • Guest
two/dual tunnel providers and routing
« on: February 23, 2008, 06:59:48 PM »

I wanted to add to this, my current setup is two separate tunnels on my fbsd router (one from, the other from the sixxs project). The initial problem was that if someone on the network was using a sixxs ipv6 address, then it needs to be routed through the sixxs tunnel (i'm not sure if routers do any source verification, though it wouldn't seem appropriate anyways), so the solution was quite simple using the pf packet filter:

pass in quick on gif2 route-to (gif1 2001:4978:f:af::1) from 2001:4978:f:af::1/64 to any

this routes anything comming on gif2 from the sixxs ipv6 range 2001:4978:f:af::1/64 to the sixxs bgp/tunnel 2001:4978:f:af::1 which is on gif1, essentially routing anything using a sixxs ip to the appropriate tunnel (otherwise it would just use the default route for ipv6, which is the tunnel). A short explanation of interfaces:

gif0: ( ipv4 to ipv6
gif1: (sixxs) ipv4 to ipv6
gif2: (tunnel to from the router to the sun server)

gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet -->
        inet6 fe80::213:46ff:fe8e:357f%gif0 prefixlen 64 scopeid 0x7
        inet6 2001:470:1f06:305::2 --> 2001:470:1f06:305::1 prefixlen 128
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet -->
        inet6 fe80::213:46ff:fe8e:357f%gif1 prefixlen 64 scopeid 0x8
        inet6 2001:4978:f:af::2 --> 2001:4978:f:af::1 prefixlen 128
gif2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet -->
        inet6 fe80::213:46ff:fe8e:357f%gif2 prefixlen 64 scopeid 0x9
        inet6 2001:470:1f07:305::1 --> 2001:470:1f07:305::2 prefixlen 128


P.S any reports of ipv6 on solaris/ultrasparc ? works great :) currently i have imap4/pop3/sunssh/openssh/ircd/apache/identd running that can be accessed via ipv6, the postfix daemon is not yet though i'm not sure i want it to be and if there is much of a reason for it at this point.
« Last Edit: August 05, 2010, 08:49:01 AM by broquea »