IPv6 Proxy NDP not working?

twobithacker

twobithacker

I'm running FreeBSD 10.3-RELEASE-p5 on a VPS with DigitalOcean. They give out a range of IPv6 addresses per host, 16 addresses total, with only one of them configured by default, and all in the same /64 network.

I'd like to configure this VPS to run OpenVPN with IPv6, and I'd like to be able to have it hand out some of the other v6 addresses out to clients without having to do NATv6, which I think means I'll need to proxy NDP requests for those IPs.

Following the documentation in ndp(8) I've added an NDP entry for one of the IPs with the proxy options: ndp -s 2604:a880:800:10::5a5:b002 04:01:55:4e:cf:01 proxy

And I see it in my NDP table:

Code: 
$ ndp -an
Neighbor                             Linklayer Address  Netif Expire    S Flags
fe80::601:55ff:fe4e:cf02%vtnet1      04:01:55:4e:cf:02 vtnet1 permanent R
fe80::1%vtnet0                       00:00:5e:00:02:63 vtnet0 23h52m24s S R
2604:a880:800:10::1                  00:00:5e:00:02:63 vtnet0 18s       R R
2604:a880:800:10::5a5:b001           04:01:55:4e:cf:01 vtnet0 permanent R
2604:a880:800:10::5a5:b002           04:01:55:4e:cf:01 vtnet0 permanent R p
2604:a880:800:10::14:2001            04:01:35:08:cc:01 vtnet0 23h46m17s S
2604:a880:800:10::5c8:d001           04:01:42:26:fa:01 vtnet0 22h29m14s S
fe80::601:55ff:fe4e:cf01%vtnet0      04:01:55:4e:cf:01 vtnet0 permanent R

And with tcpdump I see the incoming neighbor solicitation:

Code: 
22:33:26.823247 IP6 fe80::1 > ff02::1:ffa5:b002: ICMP6, neighbor solicitation, who has 2604:a880:800:10::5a5:b002, length 32

But no matching neighbor advertisement is sent. I've also tried adding the address in question to a loopback interface (lo1) but that made no difference.

Am I missing something obvious here, or does this not work for some reason?
 
Hello from Great Necroposter!
Any news about working ndp proxy?
I have similar problem - my freebsd13 node does not respond to NS packets for proxied addresses.
 
Abit late but I manage to get ndproxy working on FreeBSD 13.2-RELEASE with Wireguard on a Vultr VPS. You have to add a new Reserved IP(/64) and attach it to your instance first. I haven't had success getting ndproxy to work with my existing /64 assigned by Vultr.

Code: 
1. Load the module: kldload ndproxy
2. Add the module to /boot/loader.conf (ndproxy_load="YES")
3. Add the following to /etc/rc.conf:-

ndproxy_enable="YES"
ndproxy_uplink_interface="vtnet0"
ndproxy_downlink_mac_address="vtnet0:Mac:Address"
ndproxy_uplink_ipv6_addresses="fe80::xx:xx:xx:xx" # uplink router's mac address(ndp -na)

4. Start ndproxy: service ndproxy start
5. Setup Wireguard and assign to a peer an /128 GUA address from the new Reserved IP /64 block.
6. Start Wireguard and setup the client peer to use the new /128 GUA address

Hope this helps someone out there. Cheers.
 
mumu said:
Abit late but I manage to get ndproxy working on FreeBSD 13.2-RELEASE with Wireguard on a Vultr VPS. You have to add a new Reserved IP(/64) and attach it to your instance first. I haven't had success getting ndproxy to work with my existing /64 assigned by Vultr.

Code: 
1. Load the module: kldload ndproxy
2. Add the module to /boot/loader.conf (ndproxy_load="YES")
3. Add the following to /etc/rc.conf:-

ndproxy_enable="YES"
ndproxy_uplink_interface="vtnet0"
ndproxy_downlink_mac_address="vtnet0:Mac:Address"
ndproxy_uplink_ipv6_addresses="fe80::xx:xx:xx:xx" # uplink router's mac address(ndp -na)

4. Start ndproxy: service ndproxy start
5. Setup Wireguard and assign to a peer an /128 GUA address from the new Reserved IP /64 block.
6. Start Wireguard and setup the client peer to use the new /128 GUA address

Hope this helps someone out there. Cheers.
Click to expand...
Dear mumu :
i have home pc with ipv6 , and one vps with ipv6 in usa , home pc can't access gogle.com. github..etc. blocking by GOVement, vps can go anywhere . can you show me how to share vps internet with my home pc ? thanks.
 
I dont know if it is the same issue, but I was recently experiencing some issues with IPv6 ND, and after disabling TCP Segment Offloading on my NIC all of the problems went away. My NIC is an Intel X710, and this is apparently a bit of a known issue with the ixl device driver.

This was achieved by adding -tso to the ifconfig for that interface.
 
tomstorey said:
I dont know if it is the same issue, but I was recently experiencing some issues with IPv6 ND, and after disabling TCP Segment Offloading on my NIC all of the problems went away. My NIC is an Intel X710, and this is apparently a bit of a known issue with the ixl device driver.

This was achieved by adding -tso to the ifconfig for that interface.
Click to expand...
DEAR tomstorey:
can you show me how to build a NDP proxy with ipv6 ?
my home pc with ipv6 , can go china internet ,not google
my vps with ipv6 can go internet anywhere
home pc ------can ssh ------vps..
how to install ndp proxy in vps and share the internet to my home pc ?
thanks.
 
You must log in or register to reply here.
Back
Top