| 23 Jun 2026 |
 matthewcroughan - nix.zone | * the ifstate docs are all ipv4 brained | 17:56:19 |
 Nico | you need ip6gretap | 17:56:30 |
| Nico | * you need ip6gretap instead of gretap i think | 17:56:35 |
| Nico | yes | 17:56:49 |
| Nico | ip l types are:
TYPE := { amt | bareudp | bond | bond_slave | bridge | bridge_slave |
dsa | dummy | erspan | geneve | gre | gretap | gtp | hsr |
ifb | ip6erspan | ip6gre | ip6gretap | ip6tnl |
ipip | ipoib | ipvlan | ipvtap |
macsec | macvlan | macvtap | netdevsim |
netkit | nlmon | pfcp | rmnet | sit | team | team_slave |
vcan | veth | vlan | vrf | vti | vxcan | vxlan | wwan |
xfrm | virt_wifi }
| 17:56:53 |
| matthewcroughan - nix.zone | so far so good, cool | 17:57:56 |
| matthewcroughan - nix.zone | So I've followed the cli thing up to now Nico | 17:58:32 |
| matthewcroughan - nix.zone | This is now the state I'm in | 17:58:48 |
| matthewcroughan - nix.zone | [root@nixos:~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 52:54:00:12:34:56 brd ff:ff:ff:ff:ff:ff
altname enp0s3
altname ens3
altname enx525400123456
inet 10.0.2.15/24 metric 1024 brd 10.0.2.255 scope global dynamic eth0
valid_lft 83822sec preferred_lft 83822sec
inet6 fec0::5054:ff:fe12:3456/64 scope site dynamic mngtmpaddr noprefixroute
valid_lft 83825sec preferred_lft 11825sec
inet6 fe80::5054:ff:fe12:3456/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 65535 qdisc fq_codel state UNKNOWN group default qlen 500
link/none
inet6 200:fe12:89ec:86b6:ce32:9e0a:389:44d3/7 scope global
valid_lft forever preferred_lft forever
inet6 fe80::f81e:7cd0:f13b:cfef/64 scope link stable-privacy proto kernel_ll
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 56:48:9d:c6:b9:8c brd ff:ff:ff:ff:ff:ff
inet6 fec0::7869:adb1:5a20:9dc/64 scope site temporary dynamic
valid_lft 86382sec preferred_lft 14382sec
inet6 fec0::5448:9dff:fec6:b98c/64 scope site dynamic mngtmpaddr proto kernel_ra
valid_lft 86382sec preferred_lft 14382sec
inet6 fe80::5448:9dff:fec6:b98c/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
5: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
link/tunnel6 :: brd :: permaddr 96b9:b227:a5cb::
6: ip6gre0@NONE: <NOARP> mtu 1448 qdisc noop state DOWN group default qlen 1000
link/gre6 :: brd :: permaddr 6e4c:dc35:4a0c::
7: eogre@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65469 qdisc fq_codel master br0 state UNKNOWN group default qlen 1000
link/ether e6:69:2f:e1:80:8d brd ff:ff:ff:ff:ff:ff
inet6 fe80::e469:2fff:fee1:808d/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
| 17:58:50 |
| Nico | Ok and now? | 17:59:45 |
| matthewcroughan - nix.zone | No what? I haven't done the other side yet :P | 17:59:59 |
| matthewcroughan - nix.zone | Should I do the other side? | 18:00:10 |
| matthewcroughan - nix.zone | I'm kinda trying to validate one side first, but is that possible, or does the other side have to be up? | 18:00:24 |
| Nico | Yea, you don't need the bridge device, just the eogre or whatever you like to call it | 18:00:27 |
| matthewcroughan - nix.zone | Its state is "Unknown" | 18:00:44 |
| matthewcroughan - nix.zone | That weirds me out | 18:00:47 |
| Nico | you should see some packets using tcpdump with the filter from above | 18:00:50 |
| Nico | What do you expect? | 18:01:25 |
| Nico | Check the details on the link using ip -d l sh tun0 | 18:01:41 |
| matthewcroughan - nix.zone | Oh you mean even without configuring the other side, I should see some attempts being made to send packets? | 18:01:42 |
| Nico | * Check the details on the link using ip -d l sh eogre | 18:01:44 |
| Nico | * Check the details on the link using ip -d l sh eogre | 18:01:47 |
| Nico | There won't be any attempts, because gre is just encapsulation | 18:02:28 |
| matthewcroughan - nix.zone | 7: eogre@NONE: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 65469 qdisc fq_codel master br0 state UNKNOWN mode DEFAULT group default qlen 1000 link/ether e6:69:2f:e1:80:8d brd ff:ff:ff:ff:ff:ff promiscuity 1 allmulti 1 minmtu 68 maxmtu 0 ip6gretap remote 200:25e6:e48d:963:3c5e:6466:87d4:a951 local 200:fe12:89ec:86b6:ce32:9e0a:389:44d3 hoplimit 64 encaplimit 4 tclass 0x00 flowlabel 0x00000 bridge_slave state forwarding priority 32 cost 100 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.56:48:9d:c6:b9:8c designated_root 8000.56:48:9d:c6:b9:8c hold_timer 0.00 message_age_timer 0.00 forward_delay_timer 0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on bcast_flood on mcast_to_unicast off neigh_suppress off neigh_vlan_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off locked off mab off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535 tso_max_size 65536 tso_max_segs 65535 gro_max_size 65536 gso_ipv4_max_size 65536 gro_ipv4_max_size 65536 | 18:02:30 |
| Nico | You can send a ping an address within the /7, then you should see some encapsulated traffic | 18:02:51 |
| Nico | I still don't think that any of this works | 18:03:08 |
| Nico | You configured remote and local to be the exact tunnel addresses | 18:03:28 |
| Nico | Wait | 18:03:40 |
| Nico | Whats tun0 | 18:03:45 |
| Nico | If you want to we can hop into a voice call in half an hour or so | 18:04:13 |
