I'm trying to set up an ip6gre tunnel on Ubuntu with kernel 6.5.0-35-generic #35~22.04.1-Ubuntu
and iproute2 5.15.0-1ubuntu2
.
I ran into bugs with netplan and systemd-networkd (sigh) so I figured I'd get the manual case working first. I did the following, which appears to be correct:
ip tunnel add foo0 mode ip6gre remote f00::1234 local f00::456 ttl 255 dev ens18
ip link set up dev foo0
ip addr add fafa::1/127 dev foo0
where f00::1234 is the remote endpoint and f00::456 is the IP assigned to device ens18.
Note I'm explicitly also passing the dev ens18
argument.
This results in a device foo0 being created and showing up in ip link show
. So, the interface exists and is up.
15: foo0@ens18: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1424 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/gre6 f00::456 peer f00::1234 permaddr 427c:3969:7ac1::
However, when I send traffic to it, the gre packets are sent with the correct source address but over the wrong outgoing interface. As this is a router, there is a more specific route in the kernel routing table over said device. But there is also a default route via ens18. I would assume, having set the correct source address and an explicit device in the creation of the tunnel, packets would flow over this interface and route as indeed they do with random userland software (e.g. ping6 f00::1234 -I ens18
does what I would expect it to do).
I get the impression this is a bug in either the kernel implementation of ip6gre or in iproute2. But I'm a little too far out of my comfort zone to sign up to either projects mailing lists and make a fool of myself in front of the grownups if I'm missing something or doing something stupid.
Can anyone help me with this issue?
edit: I should clarify I'm aware I can work around this with policy based routing, I would rather avoid that if I can
edit2: I caved and did it the proper way. Leaving this up in case someone runs into this so they know they're not going crazy. You can work around the issue by setting a specific /128 route for your endpoint or do as I did and fix it properly by setting up policy-based routing (make an extra routing table that has a the default route, use ip -6 rule from $YOURPREFIX table $YOURNEWTABLE
to make it use that table).