I noticed in ndp.c code to add a netmask to
an ipv6 address proxy was #if 0
Is this a philosophical "proxying more than 1
IPv6 address is wrong", lack of time, lack of interest?
My application is bridging a single IPv6 subnet
over openvpn such that xx::23:34:56
| <-> [client1]
gateway <-> extif[firewall] <-vpn-> | xx::3a:bc:de
xx::1 xx::2 | <-> [client2]
where xx is the same in all places. I have a /64 from
my virtual host provider.
As ndp proxying works now,
if client's address was fixed, ndp proxy at firewall
would work
if client's address isn't fixed (e.g. privacy) then
a new ndp proxy would have to be put in place
potentially overflowing tables in firewall.
I haven't looked at ip6 routing in the kernel...
If some knowledgeable person sees this, is there
a simple answer?
thanks,
Geoff Steckel
No comments:
Post a Comment