Bent's Wiki

User Tools

Site Tools

Trace:
alternate_address

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
alternate_address [2025/01/05 15:08] bentalternate_address [2025/01/05 16:03] (current) – [Service script] bent
Line 1: Line 1:
 ====== Alternate address ====== ====== Alternate address ======
  
-Based on experiments with [[prefix_delegation|IPv6 prefix delegation and subnetting]]I determined a prefix to delegate to Steve. +Based on my experiments with [[prefix_delegation|IPv6 prefix delegation and subnetting]] I determined a prefix to delegate to Steve. Steve has asked for a /64 delegation like the one I would get from him. The prefix became 1011, derived in this manner: My LAN (0019) is actually subnet 0 in the first level (/56), subnet 1 in the next level (/60) and subnet 9 in the third level (/64). So the 1011 is subnet 10 (first level), 1 second level and again 1 third level. The initial 10 could also be interpreted as subnet 1 in a /52 allocation and subnet 0 in the /56 allocation giving a total of four possible subnet levels.
-Hi Bent+
  
-So here's what I think we'll need to do (syntax may not be quite right!) 
  
-=== a) Steve'end 2a06:4000:8073:1011::/64 ===+===== Steve'configuration using 2a06:4000:8073:1011::/64 ===== 
 +(basically excerpts from an email)
  
  
-i) on my VPN router+i) on the VPN router
     ip addr add dev br-lan 2a06:4000:8073:1011::2/64     ip addr add dev br-lan 2a06:4000:8073:1011::2/64
     ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10    ===> for return traffic     ip route add default from 2a06:4000:8073:1011::/64 dev tun2 metric 10    ===> for return traffic
  
-ii) on ictoan+ii) on Ictoan
     ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64     ip addr add br-lan 2a06:4000:8073:1011:202:12:89:12/64
     ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011:: ===> for return traffic     ip route add default from 2a06:4000:8073:1011::/64 via 2a06:4000:8073:1011:: ===> for return traffic
  
-a) on vultrgate+a) on Vultrgate
     ip route add 2a06:4000:8073:1011::/64 via tun0     ip route add 2a06:4000:8073:1011::/64 via tun0
     ip route add 2001:44b8:5135:7c07::/64 dev wg0     ip route add 2001:44b8:5135:7c07::/64 dev wg0
     Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips"     Add 2001:44b8:5135:7c07::/64 to Bent's peer "allowed-ips"
  
-=== b) Bent's end 2001:44b8:5135:7c07::/64 ===+===== Bent's end 2001:44b8:5135:7c07::/64 =====
  
- +==== gate-rpi ==== 
-    i) on gate-rpi+The basic IP commands are:
       ip addr add dev eth0 2001:44b8:5135:7c07::44/64       ip addr add dev eth0 2001:44b8:5135:7c07::44/64
       ip route add default from 2001:44b8:5135:7c07::/64 dev wg0  metric 10    ===> for return traffic       ip route add default from 2001:44b8:5135:7c07::/64 dev wg0  metric 10    ===> for return traffic
       ip -6 route add 2a06:4000:8073:1011::/64 dev wg0        ip -6 route add 2a06:4000:8073:1011::/64 dev wg0 
 +Two of the three commands are easily transferred to Networkd configurations files but the one with 'default from' isn't. The solution chosen was to write a systemd service file for this. The service file is listed further down. Here is the configuration file for eth0:
 +  #/etc/systemd/network/eth0.network
 +  [Match]
 +  Name=eth0
 +  
 +  [Network]
 +  Address=192.168.19.44/24
 +  DNS=192.168.19.5
 +  IPForward=yes
 +  Address=2a06:4000:8073:19::44/64
 +  Address=2001:44b8:5135:7c07::44/64
 +  IPv6AcceptRA=yes
 +and for the tunnel interface (wg0):
 +  #/etc/systemd/network/wg0.network
 +  [Match]
 +  Name=wg0
 +  
 +  [Network]
 +  Address=10.8.3.2/24
 +  IPForward=yes
 +  
 +  [Route]
 +  #Gateway=10.8.3.1
 +  Destination=2a06:4000:8073:1011::/6
  
-    ii) on Spot+==== Spot ==== 
 +Similarly the basic IP commands are: 
       ip addr add dev enp2s0 2001:44b8:5135:7c07::5/64       ip addr add dev enp2s0 2001:44b8:5135:7c07::5/64
       ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::44 metric 10  ==> return traffic       ip route add default from 2001:44b8:5135:7c07::/64 via 2001:44b8:5135:7c07::44 metric 10  ==> return traffic
 +The 'default from' entry is again handled by a service file.
 +Configuration file for enp2s0:
 +  [Match]
 +  Name=enp2s0
 +  
 +  [Network]
 +  Address=192.168.19.5/24
 +  Gateway=192.168.19.254
 +  Address=2a06:4000:8073:19::5/64
 +  DHCP=no
 +  IPv6AcceptRA=yes
 +  
 +  [Address]
 +  Address=2001:44b8:5135:7c07::5/64
 +  PreferredLifetime=0
 +(the PreferredLifetime=0 is there to prevent usein this address as source address for outgoing connections
 +==== Service script ====
  
-IP numbers and device have been updated+  #/etc/systemd/system/return-route.service 
-Some firewall additions may be required....+  [Unit] 
-Does this all seem right????? +  Description=Return route for IPv6 traffic 
- +  After=network-online.target 
-Steve +   
- +  [Service] 
 +  ExecStart=/usr/bin/ip -6 route add default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10 
 +  ExecStop=/usr/bin/ip -6 route del default from 2001:44b8:5135:7c07::/64 via 2a06:4000:8073:19::44 dev enp2s0 metric 10 
 +  Type=oneshot 
 +  RemainAfterExit=yes 
 +   
 +  [Install] 
 +  WantedBy=multi-user.target 
 +This is the script from Spot. The one on gate-rpi is identical except for the interface name which is eth0 on gate-rpi. It doesn't have the 'via' part either.
alternate_address.1736089739.txt.gz · Last modified: 2025/01/05 15:08 by bent