hello,
i created 2 tunnels to test with, the first one i did was to test how the tunnel works and how i would set it up on a freebsd here at home, after reading and searching around i got it working just fine.
after that i created a second tunnel that im planning to use on a dedicated server on the internet, since it was freebsd as well i did exactly the same steps i did to get the tunnel running from my home freebsd with changing the proper ip addresses ofcourse.
at home i was behind a LAN so i had to use my freebsd local machine ipv4 to get the tunnel working instead of my external ipv4 that i used to create the tunnel, in my dedicated server thats hosted is not behind a LAN obviously and it has no firewall running, the remote server has 2 ips dedicated to it, one ipv4 is acting as the gateway and the other ipv4 is the machine ip address. i tried both ipv4 address to get the tunnel running but it does not seem to work.
i can ping6 my own ipv6 address i added to the machine but not the internet.
when i 'ping6 ipv6.google.com' for example it just sits there doing nothing:
root@smoker# ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:1f10:6d4::3 --> 2001:4860:800f::67
if i try to run 'tcpdump -i gif0' nothing shows up at all.. no packets are coming in i guess.
if i run 'tcpdump -i gif0' while i try to ping6 ipv6.google.com from a different user i get this results:
#14:57:39.973376 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 0, length 16
#14:57:40.974019 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 1, length 16
#14:57:41.974034 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 2, length 16
#14:57:42.973007 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 3, length 16
#14:57:43.973012 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 4, length 16
#14:57:44.972973 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:44.973056 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 5, length 16
#14:57:45.972976 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:45.973084 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 6, length 16
#14:57:46.972973 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:46.973054 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 7, length 16
#14:57:47.973019 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 8, length 16
#14:57:52.972978 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:53.972972 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:54.972973 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
any suggestion on what might be wrong?
thanks in advance
Off the top of my head...you mentioned that the first tunnel works and that it's not behind a firewall, and that your second tunnel doesn't work and it is behind a firewall.
Are you sure that your firewall is passing protocol 41 traffic to your host?
thanks for the fast reply.
actually, the one thats working from home is behind a firewall and i managed to get it working fine,
the second one is not behind a firewall/NAT/LAN and its the one im having problems with.
is there a way for me to make sure that protocol 41 is running? because from what i tell there is no firewall running at all
Whoops, sorry for reading that wrong.
Quote
is there a way for me to make sure that protocol 41 is running?
I don't know of one, but I'd love to hear if someone else knows of one; it'd certainly be handy. If you're not behind a firewall, then this probably isn't your issue
What do your routing tables and the output of ifconfig show?
this is netstat -r
Internet6:
Destination Gateway Flags Netif Expire
default st0ner-4.tunnel.ts UGS gif0
localhost localhost UHL lo0
st0ner-4.tunnel.ts link#3 UHL gif0
st0ner-4-pt.tunnel link#3 UHL lo0
2001:470:1f10:6d4: link#3 UHL lo0
fe80::%lo0 fe80::1%lo0 U lo0
fe80::1%lo0 link#2 UHL lo0
ff01:2:: fe80::1%lo0 UC lo0
ff01:3:: link#3 UC gif0
ff02::%lo0 fe80::1%lo0 UC lo0
ff02::%gif0 link#3 UC gif0
and this is ifconfig gif0:
ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 64.18.148.193 --> 209.51.181.2
inet6 2001:470:1f10:6d4::3 --> 2001:470:1f10:6d4::1 prefixlen 128
inet6 2001:470:1f10:6d4::2 --> 2001:470:1f10:6d4::1 prefixlen 128
Quote
inet6 2001:470:1f10:6d4::3 --> 2001:470:1f10:6d4::1 prefixlen 128
This isn't any good...2001:470:1f10:6d4::3 doesn't exist. If this is the address you added to eth0, it won't work; you need to add an address from your routed /64 (check the 3rd quad)
What is the whole output of ifconfig?
FWIW, I had to use gif1 instead of gif0 to make my stuff work. What version of freebsd?
from /etc/rc.local
gif_interfaces="gif1"
gifconfig_gif1="12.199.185.10 209.51.181.2"
ipv6_network_interfaces="nfe0 gif1 lo0"
ipv6_prefix_nfe0="2001:470:c27d:d000"
ipv6_gateway_enable="YES"
ipv6_ifconfig_gif1="2001:470:1f10:2aa::2/64"
ipv6_defaultrouter="-interface gif1"
i just tried using gif1 instead of gif0 and its still the same
this is what i have in my /etc/rc.conf
##ipv6 HE tunnel
ipv6_enable="YES"
ipv6_defaultrouter="2001:470:1f10:6d4::1"
gif_interfaces="gif1"
gifconfig_gif1="64.18.148.193 209.51.181.2"
Ipv6_ifconfig_gif1="2001:470:1f10:6d4::2 2001:470:1f10:6d4::1 prefixlen 128"
this is ifconfig:
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet 64.18.148.194 netmask 0xff000000 broadcast 255.255.255.192
inet 64.18.148.195 netmask 0xffffffff broadcast 64.18.148.195
ether 00:e0:4c:c9:41:e4
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 64.18.148.193 --> 209.51.181.2
inet6 2001:470:1f10:6d4::2 --> 2001:470:1f10:6d4::1 prefixlen 128
the gateway ip is 64.18.148.193 .. ive used the first usuable ip 64.18.148.194 and it did not work and thats when i tried to use the gw address instead.
Quote
Ipv6_ifconfig_gif1="2001:470:1f10:6d4::2 2001:470:1f10:6d4::1 prefixlen 128"
I think that could be your problem
This is what mine looks like
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 12.199.185.10 --> 209.51.181.2
inet6 fe80::2e0:8100:28:1a5c%gif1 prefixlen 64 scopeid 0x6
inet6 2001:470:1f10:2aa::2 prefixlen 64
options=1<ACCEPT_REV_ETHIP_VER>
Why don't you try and use this in your /etc/rc.conf?
ipv6_enable="YES"
gif_interfaces="gif1"
gifconfig_gif1="164.18.148.194 209.51.181.2"
ipv6_network_interfaces="vr0 gif1 lo0"
ipv6_gateway_enable="YES"
ipv6_ifconfig_gif1="2001:470:1f10:6d4::1/64"
ipv6_defaultrouter="-interface gif
I don't know what your routed /64 is, but you could add that into the config like I have, then FreeBSD would automagically assign you an IPv6 address.
(I assume it's "2001:470:1f11:6d4::1/64", but you'll want to check)
I'm confused on your IPv4 stuff too. You're running /8 on .194 and a /32 on .195, and they have completely different broadcasts.
thanks alot cholzhauer
it worked just fine after doing the changes you made.
im gonna mark this as SOLVED.