6rd is an IPv6-in-IPv4 deployment scheme supported by a sizeable number of ISPs, rfc5969. A pfSense patch added 6rd support to stf(4), but was never merged. Links: https://tools.ietf.org/html/rfc5969 https://lists.freebsd.org/pipermail/freebsd-net/2013-June/035746.html https://redmine.pfsense.org/issues/7272
This patch only seem to allow setting /32 as a netmask. If this patch is being added it would be great if it could be modified to allow other netmasks other than /32. If you have a /64 network from the ISP, and want to subnet that net to smaller networks, and use nat66 in pf, you need to set a lower netmask than 32 for the 6rd interface, for example /128.
(In reply to depeo from comment #1) I'm not sure I understand your remark. The pfsense patch appears to assume the IPv6 6RD prefix is always 32 bits long, but it does support using fewer than 32 bits of the IPv4 address. This should only matter if the ISP uses a 6RD prefix that's not 32 bits long, but it shouldn't affect how you subnet your 6rd delegated prefix (i.e. the ISPs 6RD prefix + x bits from your IPv4 WAN address). I'm working on cleaning up the patch to get it committed, and will see if I can fix the 6RD prefix length assumption as well. It needs a lot of other cleanup anyway.
https://reviews.freebsd.org/D33037 https://reviews.freebsd.org/D33038 https://reviews.freebsd.org/D33039 https://reviews.freebsd.org/D33040 https://reviews.freebsd.org/D33042
(In reply to Kristof Provost from comment #2) Are you sure about it requiring a /32 6rd prefix? 6rd has always been defined with a variable-length prefix. It's also an odd limitation, considering 6to4 used a /16. CenturyLink uses the 2602::/24 6rd prefix and 32-bits of IPv4. For example, on my OPNsense router: wan_stf: flags=4041<UP,RUNNING,LINK2> metric 0 mtu 1280 inet6 2602:c0:2:600:: prefixlen 24 groups: stf v4net 192.0.2.6/0 -> tv4br 205.171.2.64 nd6 options=101<PERFORMNUD,NO_DAD> Then my LAN subnets are numbered out of 2602:c0:2:600::/56.
(In reply to Mel Pilgrim from comment #4) I am sure that I was wrong. The original code to compute the IPv4 destination address from the IPv6 address was a bit convoluted (and wrong for some cases). Having spent a bit more time with the code now it does/will support any length of v6 or v4 prefix supported by the protocol.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3f7b9525ea48afcb297abcf6c66bd39fcf6b756b commit 3f7b9525ea48afcb297abcf6c66bd39fcf6b756b Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-17 00:13:17 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-11-20 18:29:02 +0000 if_stf: document 6rd in the man page PR: 253328 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D33042 share/man/man4/stf.4 | 66 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 63 insertions(+), 3 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=19dc644511796d80bd82f62ef49cb1cb4b86add3 commit 19dc644511796d80bd82f62ef49cb1cb4b86add3 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-08 08:46:47 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-11-20 18:29:01 +0000 if_stf: add 6rd support Implement IPv6 Rapid Deployment (RFC5969) on top of the existing 6to4 (RFC3056) if_stf code. PR: 253328 Reviewed by: hrs Obtained from: pfSense Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D33037 sbin/ifconfig/Makefile | 1 + sbin/ifconfig/ifstf.c (new) | 152 +++++++++++++++++++++ sys/net/if_stf.c | 314 +++++++++++++++++++++++++++++++++++--------- sys/net/if_stf.h (new) | 46 +++++++ sys/netinet6/in6_var.h | 1 + 5 files changed, 452 insertions(+), 62 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=2610dcc1a565a95d6659928de4d505662e1bf1c2 commit 2610dcc1a565a95d6659928de4d505662e1bf1c2 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-09 17:46:22 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-11-20 18:29:02 +0000 net tests: 6rd to 6rd test Test traffic between 6rd hosts, without border relay involvement. PR: 253328 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D33040 tests/sys/net/if_stf.sh | 65 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e1b95017d2990a5bb3fd3d5021105bd5069697f2 commit e1b95017d2990a5bb3fd3d5021105bd5069697f2 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2021-11-09 15:06:16 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2021-11-20 18:29:02 +0000 net tests: 6rd test for if_stf Basic test case for 6rd. PR: 253328 Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D33039 tests/sys/net/if_stf.sh | 54 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)