22 Jun
2017
22 Jun
'17
5:50 a.m.
I tested the proposed approach and below patch again after updating my
machine to ubuntu 16.04 with 4.8.0 kernel and there ip4-in-ip6 and
ip6-in-6ip all just works out of the box. No need to configure ip6tnl0
tunnel in any mode. It seems enough that bmx6 already configures the
bmxdefault tunnel device in any/ipv6 mode with a :: remote address.
First packet of an icmp request sequence at the receiving side always
pops out of the bmxdefault tunnel. Then, its reply triggers the creation
of a dedicated bidirectional tunnel also at the receiving side which is
used for following request and reply icmp packets. No fake ipv6 tunnel
addresses are used anymore!
To ensure backwards compatibility it should be checked how kernels in
already deployed openwrt and Lede based lime version behave.
cu
/axel
On 14.06.2017 07:30, Henning Rogge wrote:
On Wed, Jun 14, 2017 at 7:18 AM, Axel Neumann
<neumann(a)cgws.de> wrote:
I put a patch for bmx6 in this branch
https://github.com/axn/bmx6/commits/master.NonFakeTunAddresses
https://github.com/axn/bmx6/commit/5dc6678cf9c2887ca5e32c8d7527c5f660ddb7e9
But due to the current kernel behavior it does not acceppt ip4-in-ipv6
tunnelled packets if the remote tunnel address is not explicitly
specified and matching with the incoming tunnel packet. For ip6-in-ip6
it works.
The problem is addressed by below linked patches. But none of them seems
to have been applied to current kernels. If somebody known or finds out
an alternative solution would be great.
/axel
http://lists.openwall.net/netdev/2014/10/29/20
http://archive.linuxvirtualserver.org/cgi-bin/mesg.cgi?a=lvs-devel&i=53…
Maybe we should ask about these patches again on netdev?
Current behavior is a bit inconsistent and stupid.
Henning
2739
days inactive
2739
days old
0 comments
1 participants
participants (1)
-
Axel Neumann