Subj : New candidate member
To   : Michiel van der Vlist
From : Markus Reschke
Date : Sun Oct 16 2016 14:54:26

Hi Michiel!

Oct 16 13:41 2016, Michiel van der Vlist wrote to Markus Reschke:

 MR>> In this case the best option is to use 2001:470:70:bf5::1, since it's
 MR>> the WAN address of the fido system.

 MvdV> I disagree.

Me too :) I've meant 2001:470:70:bf5::2, which I've used for ping and telnet.

 MvdV> 1) "WAN address" is IPv4 NAT speak. In IPv6 one has link local 
 MvdV> addresses and globally unique routable addresses. 
 MvdV> 2001:470:70:bf5::1 is a globally routable address.

For me, a WAN address is any address on an interface facing WAN. Therefore his tunnel endpoint is a WAN address. 2001:470:71:bf5::1 seems to be his node's LAN address.

 MvdV> 2) 2001:470:70:bf5::1 is the he.net tunnel endpoint. His binkp 
 MvdV> server does not answer on that address.

Yep.

 MvdV> 3) 2001:470:70:bf5::2 is the tunnel end point on his end. His binkp 
 MvdV> server answers on that address because it so happens that the 
 MvdV> tunnel end point and the binkp server run on the same host. But 
 MvdV> this is coïncidence. He could move the tunnel end point to another 
 MvdV> device on his LAN and then it would no longer work. 

He would just have to update the AAAA record.

 MvdV> 2001:470:71:bf5::1 is the address of the interface that connects 
 MvdV> the system that runs his binkp server to the 2001:470:71:bf5::/64 
 MvdV> subnet. IMNSHO that should be the address to connect to his binkp 
 MvdV> server. That keeps working if he moves the tunnel end point to his 
 MvdV> router or another host on the same subnet.

In this case I would assign a service IP address, which could be moved around easily, and not use the ::1 LAN address, which might be the gateway for the LAN.

Cheers,
Markus

--- 
 * Origin: *** theca tabellaria *** (2:240/1661)

.