Non local gateway IPv6
-
@johnpoz I totally agree that the subnet should be a) routed and b) the network size should be /64. I was simply pointing out something that appears unusual, namely that there appears to be more misconfigured IPv6 related questions hitting the forums from Europe than from NA.
It is worth pointing out that OVH is a budget provider where you can get VPSes at a fraction of the cost of some of the big guns, consequently people flock there, but being a budget provider, you can expect budget service. Tech support for anything other than basic operations is pretty much non existent.
For the record their IPv4 setup is a bit unusual in that you are allocated a /32 from within a much bigger subnet with a non-local gateway (ie: .1 of the actual subnet), only that seems to work fine with pfSense.
Knowing that OVH's environment is based on openstack, it appears that prefix delegation is not supported on older releases. I have no way of knowing what version OVH is running, but this might be partly to blame.–A.
-
I suppose the OP could get a tunnel from he.net, until OVH comes to their senses. Cheap is not a valid excuse for incompetent.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
@JKnott Agreed tunnel from HE.NET would make the most sense. Wouldn't surprise me if HE.NET doesn't already have a direct attach to OVH, most big BW providers are connected there.
-
@JKnott said in Non local gateway IPv6:
Cheap is not a valid excuse for incompetent.
That is GREAT line!!! I will have to remember that...
And I concur, he.net is a great solution to work around horrible ipv6 deployments.. Grab your /48 and you can use it where you want, even if your isp has zero ipv6 support.. Which to be honest, prob better than some of the nonsense out there - atleast then vs trying to come up with work arounds and hacks to get something that works, you just directly go with simple and easy to setup he.net tunnel.
I have had the same /48 from he for almost 10 years now.. Multiple ISPs, I have the same IPv6 block - and my current isp doesn't have any IPv6... I don't care took all of 2 minutes to be up and running... And it works!! only thing that is adds a few ms to what it would be if it was native.
-
@awebster said in Non local gateway IPv6:
For the record their IPv4 setup is a bit unusual in that you are allocated a /32 from within a much bigger subnet with a non-local gateway (ie: .1 of the actual subnet), only that seems to work fine with pfSense.
Yes, they give IPv4 public range and the non local gateway is always .254. To work, it need to allocated virtual mac address generated in OVH admin interface for each IPv4.
It's work well on pfsense.@JKnott said in Non local gateway IPv6:
Cheap is not a valid excuse for incompetent.
In France, OVH is not see like cheap provider, it's the leader !
I don't know how other dedicated server provider are playing with IPv6 block.@johnpoz said in Non local gateway IPv6:
@JKnott said in Non local gateway IPv6:
And I concur, he.net is a great solution to work around horrible ipv6 deployments..I just try it, it's amazing ! Work perfectly on Pfsense and i could immediately subnet the given /48 on multiple /64 for VM, and you know what... it's working !
It's make me totally mad that i must use free US tunnel provider on my paid french dedicated server...
I also have some doubts about using free tunnel for professional use...
I will try again to configure NDP proxy on hypervisor, but it's very tricky by multiple veth usage.
Thanks to all of you !
-
@Overclock said in Non local gateway IPv6:
I also have some doubts about using free tunnel for professional use...
Huh? But its ok to just use some random block of IPs your host gives you? Do they charge you for those IPs? That you have to hack up some ndp proxy to get to work?
Go get your own IPv6 block from Ripe if you want... Will OVH allow you to route that, or will they just attach your whole /32 and expect you to proxy it?
-
@Overclock said in Non local gateway IPv6:
In France, OVH is not see like cheap provider, it's the leader !
Then they should have competent support. Ask them how they'd configure a Cisco router.
I can understand an ISP providing a single /64 and expecting you to use it. At least that will work properly. Anything else, such as a /56 must be routed. There is no other way for it to work properly.
-
I just want to say, that it's a little hard for me to trust a free service. I just hope than Hurricane Electric don't spy what go trough the tunnel. But it's a great service !
@JKnott said in Non local gateway IPv6:
@Overclock said in Non local gateway IPv6:
In France, OVH is not see like cheap provider, it's the leader !
Then they should have competent support. Ask them how they'd configure a Cisco router.
I have open ticket about this subject, wait and see :)
-
@Overclock said in Non local gateway IPv6:
I just hope than Hurricane Electric don't spy what go trough the tunnel.
You could say the same freaking thing about your ISP ;) Or any VPN service you actually pay for ;) Or any router on the internet that your traffic routes through, etc.. For that matter.
You understand they are like the top ipv6 backbone on the planet right?? They run a freaking HUGE network.. This is not your fly by night service providing you free vpn ;)
Can pretty much promise you if your running ipv6 traffic, at some point its going to cross thier routers.. Be it you tunnel to them or not ;)
-
Just some European security guy paranoia matters about US services ;)
I already satisfy by my fresh /48 ;)
I let you inform about OVH response.
-
@Overclock said in Non local gateway IPv6:
I let you inform about OVH response.
Ask them how SLAAC is supposed to work with a /56. You may be able to get a single /64 to work, but the other 255 will be unusable.
