ipv6 default route from somewhere
Guus Sliepen
guus at tinc-vpn.org
Fri Mar 4 21:43:44 CET 2016
On Fri, Mar 04, 2016 at 12:16:37PM -0800, Dave Taht wrote:
> I have been gradually moving more tinc servers over to ipv6 addresses
> on the tinc 1.1 branch.
>
> Tinc is inserting a default route for ipv6 for some reason...
>
> default via 2600:3c01:e030:f2::1 dev tinc6 proto static metric 950
> pref medium
>
> In my case the default route supplied by ra is still the correct
> thing, but I don't see where in the code tinc is inserting this route
> from.... which, as I'm also connecting tinc over ipv6 makes things
> rather circular in some instances.
I see the problem. However, tinc itself does not insert any routes. If
you have a router advertisement daemon that's listening on the VPN
interface, then other nodes may indeed pick this up because their kernel
will see those. If that's not what you want, then there are several
options:
- Configure the router advertisement daemon to not listen on tinc's
interface.
- Add "Broadcast = no" to tinc.conf on nodes running such a daemon.
- Use firewall rules to block router advertisement messages.
- On Linux, add "echo 0 >/proc/sys/net/ipv6/conf/$INTERFACE/accept_ra"
to tinc-up before any ifconfig or ip commands.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20160304/aabd8f5e/attachment.sig>
More information about the tinc-devel
mailing list