Bent's Wiki

User Tools

Site Tools

Trace:
alternate_address

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
alternate_address [2023/10/25 17:59] bentalternate_address [2025/01/05 16:03] (current) – [Service script] bent
Line 1: Line 1:
 ====== Alternate address ====== ====== Alternate address ======
  
-Hi Bent+Based on my experiments with [[prefix_delegation|IPv6 prefix delegation and subnetting]] I determined a prefix to delegate to Steve. Steve has asked for a /64 delegation like the one I would get from him. The prefix became 1011, derived in this manner: My LAN (0019) is actually subnet 0 in the first level (/56), subnet 1 in the next level (/60) and subnet 9 in the third level (/64). So the 1011 is subnet 10 (first level), 1 second level and again 1 third level. The initial 10 could also be interpreted as subnet 1 in a /52 allocation and subnet 0 in the /56 allocation giving a total of four possible subnet levels.
  
-So here's what I think we'll need to do (syntax may not be quite right!) 
  
-=== a) Steve'end 2a06:4000:8073:1011::/64 ===+===== Steve'configuration using 2a06:4000:8073:1011::/64 ===== 
 +(basically excerpts from an email)
  
  
-i) on my VPN router+i) on the VPN router
     ip addr add dev br-lan 2a06:4000:8073:1011::2/64     ip addr add dev br-lan 2a06:4000:8073:1011::2/64
     ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10    ===> for return traffic     ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10    ===> for return traffic
  
-ii) on ictoan+ii) on Ictoan
     ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64     ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64
     ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011:: ===> for return traffic     ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011:: ===> for return traffic
  
-a) on vultrgate+a) on Vultrgate
     ip route add 2a06:4000:8073:1011::/64 via tun0     ip route add 2a06:4000:8073:1011::/64 via tun0
     ip route add 2001:44b8:5135:7c07::/64 dev wg0     ip route add 2001:44b8:5135:7c07::/64 dev wg0
     Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips"     Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips"
  
-=== b) Bent's end 2001:44b8:5135:7c07::/64 ===+===== Bent's end 2001:44b8:5135:7c07::/64 =====
  
 +==== gate-rpi ====
 +The basic IP commands are:
 +      ip addr add dev eth0 2001:44b8:5135:7c07::44/64
 +      ip route add default from 2001:44b8:5135:7c07::/64 dev wg0  metric 10    ===> for return traffic
 +      ip -6 route add 2a06:4000:8073:1011::/64 dev wg0 
 +Two of the three commands are easily transferred to Networkd configurations files but the one with 'default from' isn't. The solution chosen was to write a systemd service file for this. The service file is listed further down. Here is the configuration file for eth0:
 +  #/etc/systemd/network/eth0.network
 +  [Match]
 +  Name=eth0
 +  
 +  [Network]
 +  Address=192.168.19.44/24
 +  DNS=192.168.19.5
 +  IPForward=yes
 +  Address=2a06:4000:8073:19::44/64
 +  Address=2001:44b8:5135:7c07::44/64
 +  IPv6AcceptRA=yes
 +and for the tunnel interface (wg0):
 +  #/etc/systemd/network/wg0.network
 +  [Match]
 +  Name=wg0
 +  
 +  [Network]
 +  Address=10.8.3.2/24
 +  IPForward=yes
 +  
 +  [Route]
 +  #Gateway=10.8.3.1
 +  Destination=2a06:4000:8073:1011::/6
  
-    i) on gate-rpi +==== Spot ==== 
-      ip addr add dev br-lan 2001:44b8:5135:7c07::2/64 +Similarly the basic IP commands are:  
-      ip route add default from 2001:44b8:5135:7c07::/64 dev tun2  metric 10    ===> for return traffic +      ip addr add dev enp2s0 2001:44b8:5135:7c07::5/64 
-      ip -6 route add 2a06:4000:8073:1011::/64 dev tun2  +      ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::44 metric 10  ==> return traffic 
- +The 'default from' entry is again handled by a service file. 
-    ii) on Spot +Configuration file for enp2s0: 
-      ip addr add dev br-lan 2001:44b8:5135:7c07::44/64 +  [Match] 
-      ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::2 metric 10  ==> return traffic +  Name=enp2s0 
- +   
-IP numbers and device names may not be correct! +  [Network] 
-Some firewall additions may be required..... +  Address=192.168.19.5/24 
-Does this all seem right????? +  Gateway=192.168.19.254 
- +  Address=2a06:4000:8073:19::5/64 
-Steve +  DHCP=no 
 +  IPv6AcceptRA=yes 
 +   
 +  [Address] 
 +  Address=2001:44b8:5135:7c07::5/64 
 +  PreferredLifetime=0 
 +(the PreferredLifetime=0 is there to prevent usein this address as source address for outgoing connections 
 +==== Service script ====
  
 +  #/etc/systemd/system/return-route.service
 +  [Unit]
 +  Description=Return route for IPv6 traffic
 +  After=network-online.target
 +  
 +  [Service]
 +  ExecStart=/usr/bin/ip -6 route add default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10
 +  ExecStop=/usr/bin/ip -6 route del default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10
 +  Type=oneshot
 +  RemainAfterExit=yes
 +  
 +  [Install]
 +  WantedBy=multi-user.target
 +This is the script from Spot. The one on gate-rpi is identical except for the interface name which is eth0 on gate-rpi. It doesn't have the 'via' part either.
alternate_address.1698256781.txt.gz · Last modified: by bent