educate the uneducated - tunnel/subnet stuff
Shadow Hawkins on Wednesday, 28 June 2006 16:20:58
Alright so I got a tunnel <prefix>/64 from sixxs a while ago, and it worked.
Installed aiccu (heartbeat deprecated), gave it plaintext password (whose idea?), connectivity works from this machine, I can ping, browse and all that.
Installed radvd, and entered the my <prefix>/64 as "prefix" in it's config. Other hosts on my LAN got stateless addresses, <prefix><address>. Routes got set up automagicly too.
Now if I ping6 www.sixxs.net (or tunnel endpoint) from this machine, it all works nicely:
tcpdump -n -i eth<external> host <pop> from the NAT/ipv4 firewall (yet another machine):
<external> to <pop>( <prefix>::2 to <sixxs.net> ) (encap)
<pop> to <external>( <sixxs.net> to <prefix>::2 ) (encap)
But if I ping from another machine on the LAN, I don't get a responce:
tcpdump (same)
<external> to <pop>( <prefix><address> to <sixxs.net> ) (encap)
(no responce)
---
So the question is basically should the tunnel prefix/64 work as a subnet? or more like why would the pop whose tunnel endpoint is <prefix>::1 route traffic to <prefix>::2 nicely but not to <prefix><something else> ?
Perhaps I misunderstood something about tunnels and subnets I can get from sixxs and in fact I need to request a subnet separately?
thanx
educate the uneducated - tunnel/subnet stuff
Jeroen Massar on Wednesday, 28 June 2006 16:27:15 Installed aiccu (heartbeat deprecated), gave it plaintext password (whose idea?)
Plaintext in the configuration file: yes
Plaintext over the internet: no
If somebody gets root on your machine, then does it matter in what format the password is set?
For the rest read the FAQ about subnets which contains:
8<------------------
Note well that in tunnels from the /64 only ::1 (the PoP) and ::2 (your endpoint) can be used as the rest is not routed. Thus if you need to connect other hosts do it correctly and request a subnet.
------------------>8
Posting is only allowed when you are logged in. |