From: Mark Wooding <mdw@distorted.org.uk>
Date: Sat, 19 Apr 2014 11:41:45 +0000 (+0100)
Subject: local.m4: Replacing IPv6 host routes with /112 networks.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/fe52b74088f9ff4d9dc1c6788b7033ba465a35b6?hp=2caaca79593f6c34c17df95ff7de6182a9dd161b

local.m4: Replacing IPv6 host routes with /112 networks.

Linux has a bug: it doesn't make route cache entries for remote hosts
if there's already a host route, and it only attaches path-MTU
information to cache entries.  The result is that it doesn't handle
ICMPv6 `packet too big' messages properly for destinations with host
routes.

I'm bodging this by replacing all of the host routes with tiny /112
networks.  It's awful, but it seems to work.  The convention is that
the `host part' of the net is always zero.
---

diff --git a/local.m4 b/local.m4
index 3c4a5f6..c617520 100644
--- a/local.m4
+++ b/local.m4
@@ -243,9 +243,9 @@ defnet sgo noloop
 defnet vpn safe
 	addr 172.29.199.128/27 2001:ba8:1d9:6000::/64
 	via househub colohub
-	host crybaby 1
-	host terror 2
-	host orange 3
+	host crybaby 1 ::1:0
+	host terror 2 ::2:0
+	host orange 3 ::3:0
 defnet anycast trusted
 	addr 172.29.199.224/27 2001:ba8:1d9:0::/64
 	via dmz unsafe safe untrusted jump colo vpn