Linux Router - ClientIPv6 address necessary?

[bturner]

I've set up a linux box as a router/gateway for my home network using IPv6.  Does anyone know if I have to use the ClientIPv6 address assigned by HE?  Or can I use one of the Routed/64 addresses on the router instead.  Does HE ping the IPv6 address in the PTP connection, or only the IPv4?

I've currently configured my box with my WAN on eth0, LAN on eth1 and sit tunnel on sit0.  In my configuration sit0 does not have an IPv6 address at all.  One of my routed /64 addresses is on eth1, and the rest of my network gets addresses from the routed /64 pool via radvd.  This seems to work, as IPv6 traffic works on both the router and lan clients, however I'm not sure if it is right because the "Client IPv6 address" assigned by HE is not used and thus not pingable.

My main reason for asking is that I'd like to have default outbound traffic initiated from my router go out on one of the routed /64 addresses rather than the tunnel IPv6.

Any ideas?

[avenger]

Here at home I've set up the client's IPv6 addy on the sit1 interface as well, and am using default route via the "server's IPv6 address" itself (the <something>::1) assigned to me (which goes thru sit1).

Is it not an option for you to use ip address 'binding' from your applications? Here I leave default traffic to the assigned IP but, when I want something to be initiated by the other addresses, I just set the application so it binds itself and initiate connections via the desired IP address.

Otherwise, you could have problems if you have more than one ipv6 set up on your linux router: the order which they are added could make it change the 'default' ip address and then give you trouble in the future. :)

For example if you are 'nat' ing (not much reason to do that on ipv6 heh), you could set a rule on iptables like the SNAT instead of MASQUERADE. On the SNAT rule you set the ip address to which the matching traffic will be mapped to. And every program (squid, apache, etc) supports one option to bind to a specific address. Specially when they support ipv6 address. ipv4-to-ipv6 wrappers also support it as far as I know (6tunnel).

[snarked]

You need to use the IPv6 assigned by HE for the tunnel endpoint so that it responds to pings - else HE will assume that the tunnel is down and after a sufficiently long timeout, shut the tunnel down as abandoned.  The only traffic that should go via this tunnel are ICMPv6 echo requests and replies between its ...::1 and ...::2.  All other traffic should go via the routed /64 or /48.