Good day, I have set obtained a /48 and succseffly set up the tunnel, my router can ping6 ipv6.google.com and I get a responce, I can also visit it on my browser. however my other host on my lan can ping only the directly connected interface and nothing else. Any help would be aprechiated. Below is the router set up
ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:FB:C0:CF
inet addr:75.152.109.214 Bcast:75.152.111.255 Mask:255.255.240.0
inet6 addr: 2001:470:b115::2/48 Scope:Global
inet6 addr: fe80::20c:29ff:fefb:c0cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:158668 errors:0 dropped:0 overruns:0 frame:0
TX packets:165704 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33953895 (32.3 MiB) TX bytes:22004342 (20.9 MiB)
Interrupt:67 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:0C:29:FB:C0:D9
inet6 addr: 2001:470:b115::3/48 Scope:Global
inet6 addr: fe80::20c:29ff:fefb:c0d9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:162193 errors:0 dropped:0 overruns:0 frame:0
TX packets:163066 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:18880419 (18.0 MiB) TX bytes:18916588 (18.0 MiB)
Interrupt:67 Base address:0x2080
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:b115::1/48 Scope:Global
inet6 addr: fe80::4b98:6dd6/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:74935 errors:0 dropped:0 overruns:0 frame:0
TX packets:74970 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7818272 (7.4 MiB) TX bytes:9295572 (8.8 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2379 errors:0 dropped:0 overruns:0 frame:0
TX packets:2379 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3452546 (3.2 MiB) TX bytes:3452546 (3.2 MiB)
ip -6 route show
unreachable ::/96 dev lo metric 1024 expires 21334176sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21334176sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:b115::/48 via :: dev he-ipv6 metric 256 expires 21334280sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/48 dev eth0 metric 256 expires 21334280sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1 metric 256 expires 21334280sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21334177sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21334118sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21334126sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21334280sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21334280sec mtu 1480 advmss 1420 hoplimit 4294967295
Config Script I use
modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:b115::1/48 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip addr add 2001:470:b115::2/48 dev eth0
ip addr add 2001:470:b115::3/48 dev eth1
ip -f inet6 addr
sysctl -w net.ipv6.conf.all.forwarding=1
And my LAN host
ifconfig
eth0 Link encap:Ethernet HWaddr 00:26:18:3b:0b:1f
inet addr:10.0.0.10 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::226:18ff:fe3b:b1f/64 Scope:Link
inet6 addr: 2001:470:b115::4/48 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:164831 errors:0 dropped:0 overruns:0 frame:0
TX packets:161984 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:19638355 (18.7 MiB) TX bytes:18800088 (17.9 MiB)
Interrupt:222 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:23 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2840 (2.7 KiB) TX bytes:2840 (2.7 KiB)
ip -6 route show
2001:470:b115::/48 dev eth0 proto kernel metric 256 expires 2590586sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::20c:29ff:fefb:c0d9 dev eth0 proto kernel metric 1024 expires 224sec mtu 1500 advmss 1440 hoplimit 64
Again Thanks for any help
Shawn Foisy
First, a couple things.
The IP on he-ipv6 should be 2001:470:b115::2 and your default route should point to 2001:470:b115::1
The IP you have on eth0 should be out of the /48 you grabbed.
EDIT:
Same thing for eth1..take a /64 out of your /48 and assign an address out of that
Same thing for your lan host...take another /64 out of your /48 and assign an IP address out of that
Routed /48: 2001:470:b115::/48
the 2001:470:b115:: is my routable address space so using 2001:470:b115::X should be alright?
I am going to make the change noted above and let you know.
If that's what you say it is, so be it.
The problem is you're using that same network for your tunnel /64
Let me see if I can make this clearer... Lets say 2001:db8:1:1::/64 is your tunnel /64 and 2001:db8:f::/48 is your routed /48. The address on he-ipv6 should be 2001:db8:1:1::2 and the default route should point to 2001:db8:1:1::1 For eth0 on your tunnel machine, you would select a /64 out of your /48, say 2001:db8:f:1::/64 and assign an address, say 2001:db8:f:1::1. Then, for eth1, you assign another, say 2001:db8:f:2::1 (assuming those are connected to different networks). For eth0 on your host computer, you select another, say 2001:db8:f:3::1
Make sense?
What is your tunnel /64 that's listed on the webpage?
Routed /64: 2001:470:1d:417::/64
so I made some changes to the script
modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1d:417::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip addr add 2001:470:b115::1:1/64 dev eth0
ip addr add 2001:470:b115::2:1/64 dev eth1
ip -f inet6 addr
sysctl -w net.ipv6.conf.all.forwarding=1
I think this right?
so on the host machine I would use say 2001:470:b115::3:1/64 dev eth0 ? and what about the next machine on the LAN i could use 2001:470:b115::3:2/64 ?
but eth1 and LAN machine are connected via a swith so they should be on the same network 2001:470:b115::2:2/64 ?
I am going to restart the router with the canges and see if anything works.
also how do i make the default route: 2001:db8:1:1::1 For eth0 on my tunnel machine?
You are hosting this tunnel on a PC, right? (as opposed to a cisco router or something)
If eth1 and your lan machines are on the same network segment, then yes, they should have the same /64. One host could be 2001:470:b115::2:2, one could be 2001:470:b115::2:3, ect. If you did that, 2001:470:b115::3:1 would be acceptable to use on eth0
I'm not sure what you mean by this
Quote
also how do i make the default route: 2001:db8:1:1::1 For eth0 on my tunnel machine?
You are hosting this tunnel on a PC, right? (as opposed to a cisco router or something)
yes its a CentOS Linux box or well VM
and I ment how do I add the default route
ip -6 route add :: via 2001:470:1d:417::1/64 ?
So I canged the address and they are
eth0 Link encap:Ethernet HWaddr 00:0C:29:FB:C0:CF
inet addr:75.152.109.214 Bcast:75.152.111.255 Mask:255.255.240.0
inet6 addr: 2001:470:b115::1:1/64 Scope:Global
inet6 addr: fe80::20c:29ff:fefb:c0cf/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2539 errors:0 dropped:0 overruns:0 frame:0
TX packets:2274 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2522712 (2.4 MiB) TX bytes:378260 (369.3 KiB)
Interrupt:75 Base address:0x2000
eth1 Link encap:Ethernet HWaddr 00:0C:29:FB:C0:D9
inet6 addr: 2001:470:b115::2:1/64 Scope:Global
inet6 addr: fe80::20c:29ff:fefb:c0d9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:412 errors:0 dropped:0 overruns:0 frame:0
TX packets:422 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:48828 (47.6 KiB) TX bytes:51682 (50.4 KiB)
Interrupt:75 Base address:0x2080
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:1d:417::2/64 Scope:Global
inet6 addr: fe80::4b98:6dd6/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:841 errors:0 dropped:0 overruns:0 frame:0
TX packets:850 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:622887 (608.2 KiB) TX bytes:231573 (226.1 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2636 errors:0 dropped:0 overruns:0 frame:0
TX packets:2636 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3861316 (3.6 MiB) TX bytes:3861316 (3.6 MiB)
and LAN host is now 2001:470:b115::2:2/64 and it can ping 2001:470:b115::2:1 not a problem but not 2001:470:b115::1:1 I get destination unreachable address unreachable. If I try to ping the tunnel 2001:470:1d:417::2 I get Connect: Network unreachable.
Sorry for my ignorance, and thaks for the help
So if you do a "ping6 2001:470:1d:417::1" it doesn't work? That's the other end of the tunnel, which means your runnel isn't up. But, from the traffic statistics, it looks like traffic is being sent. (There's more traffic there than there is on eth1)
You're going to want to route your /48 out eth1.
As for your default route, take a look at this (Which, if you don't have a default route, pings wouldn't be working)
http://www.cyberciti.biz/tips/linux-ipv6-default-route-not-working.html
this is what I get from the router
[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit
[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x68.1e100.net) 56 data bytes
64 bytes from iw-in-x68.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x68.1e100.net: icmp_seq=1 ttl=54 time=101 ms
64 bytes from iw-in-x68.1e100.net: icmp_seq=2 ttl=54 time=102 ms
as for routing the /48
[root@d75-152-109-214 ~]# ip -6 route add 2001:470:b115::/48 via 2001:470:b115::2:1 dev eth1
RTNETLINK answers: No route to host
I'm lost
What do your routing tables look like now
[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6 metric 1024 expires 21333788sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6 metric 256 expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0 metric 256 expires 21333739sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1 metric 256 expires 21333739sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21333664sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21333618sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21333622sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#
default dev he-ipv6 metric 1024 expires 21333739sec mtu 1480 advmss 1420 hoplimit 4294967295
That's your default route.
I've read that for some kernels, you need to add that route from the link before
ip route add 2000::/3 dev he-ipv6
i've added the route.
here is what I get from router
[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x63.1e100.net) 56 data bytes
64 bytes from iw-in-x63.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x63.1e100.net: icmp_seq=1 ttl=54 time=102 ms
64 bytes from iw-in-x63.1e100.net: icmp_seq=2 ttl=54 time=101 ms
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 9875ms
rtt min/avg/max/mdev = 101.408/101.679/102.186/0.443 ms, pipe 2
[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=2 Time exceeded: Hop limit
--- 2001:470:1d:417::1 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5380ms
also i did
ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6 metric 1024 expires 21333005sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6 metric 256 expires 21332957sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0 metric 256 expires 21332957sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1 metric 256 expires 21332957sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1 metric 1024 expires 21334321sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21332882sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6 metric 1024 expires 21334136sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21332836sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21332840sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21332957sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21332957sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#
Host still can't ping outside 2001:470:b115::2:/64
Thanks for your help so far
Something strange is happening
[carl@mars ~]$ ping6 2001:470:1d:417::2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1d:417::2
16 bytes from 2001:470:1d:417::2, icmp_seq=0 hlim=57 time=252.102 ms
16 bytes from 2001:470:1d:417::2, icmp_seq=1 hlim=57 time=149.014 ms
16 bytes from 2001:470:1d:417::2, icmp_seq=2 hlim=57 time=144.916 ms
16 bytes from 2001:470:1d:417::2, icmp_seq=3 hlim=57 time=144.671 ms
^C
--- 2001:470:1d:417::2 ping6 statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 144.671/172.676/252.102/45.889 ms
[carl@mars ~]$ ping6 2001:470:1d:417::1
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:1d:417::1
^C
--- 2001:470:1d:417::1 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
According to that, I can ping your side of the tunnel, but not HE's side
I can even ping your eth1
[carl@mars ~]$ ping6 2001:470:b115::2:1
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:b115::2:1
16 bytes from 2001:470:b115::2:1, icmp_seq=0 hlim=57 time=146.072 ms
16 bytes from 2001:470:b115::2:1, icmp_seq=1 hlim=57 time=145.695 ms
16 bytes from 2001:470:b115::2:1, icmp_seq=2 hlim=57 time=145.200 ms
^C
--- 2001:470:b115::2:1 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 145.200/145.656/146.072/0.357 ms
can you ping6 2001:470:b115::2:2 ?
and that is weird?
I will restart the router maybe somthing got cofufled in changing settings?
[carl@mars ~]$ ping6 2001:470:b115::2:2
PING6(56=40+8+8 bytes) 2001:470:c27d:e000:20c:29ff:fe8a:1618 --> 2001:470:b115::2:2
^C
--- 2001:470:b115::2:2 ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
Ok I restarted
setup config:
[root@d75-152-109-214 ~]# modprobe ipv6
[root@d75-152-109-214 ~]# ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
[root@d75-152-109-214 ~]# ip link set he-ipv6 up
[root@d75-152-109-214 ~]# ip addr add 2001:470:1d:417::2/64 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add ::/0 dev he-ipv6
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::1:1/64 dev eth0
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::2:1/64 dev eth1
[root@d75-152-109-214 ~]# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::1:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0cf/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::2:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0d9/64 scope link
valid_lft forever preferred_lft forever
5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
inet6 2001:470:1d:417::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4b98:6dd6/128 scope link
valid_lft forever preferred_lft forever
[root@d75-152-109-214 ~]# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
[root@d75-152-109-214 ~]# ip -6 route add :: via 2001:470:1d:417::1
[root@d75-152-109-214 ~]# ip route add 2000::/3 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]#
[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1d:417::1 dev he-ipv6 metric 1024 expires 21334325sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1d:417::/64 via :: dev he-ipv6 metric 256 expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0 metric 256 expires 21334324sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1 metric 256 expires 21334324sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1 metric 1024 expires 21334325sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21334278sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6 metric 1024 expires 21334325sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21334235sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21334238sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21334324sec mtu 1480 advmss 1420 hoplimit 4294967295
[root@d75-152-109-214 ~]#
[root@d75-152-109-214 ~]# ping6 2001:470:1d:417::1
PING 2001:470:1d:417::1(2001:470:1d:417::1) 56 data bytes
From 2001:470:1d:417::2 icmp_seq=0 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=1 Time exceeded: Hop limit
From 2001:470:1d:417::2 icmp_seq=2 Time exceeded: Hop limit
[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(iw-in-x67.1e100.net) 56 data bytes
64 bytes from iw-in-x67.1e100.net: icmp_seq=0 ttl=54 time=101 ms
64 bytes from iw-in-x67.1e100.net: icmp_seq=1 ttl=54 time=101 ms
64 bytes from iw-in-x67.1e100.net: icmp_seq=2 ttl=54 time=101 ms
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 9904ms
rtt min/avg/max/mdev = 101.299/101.556/101.728/0.185 ms, pipe 2
[root@d75-152-109-214 ~]#
One thought I had...you have two different /64's on your tunnel page...what's the other one? One is your tunnel /64 and the other is your routed /64 that you can use for hosts.
You have very odd 2002 and 3ffe routes on your system, yet I don't see a 6to4 interface, nor anything with 3ffe on it...only thing that pops into mind.
Server IPv4 address: 216.66.38.58
Server IPv6 address: 2001:470:1c:417::1/64
Client IPv4 address: 75.152.109.214
Client IPv6 address: 2001:470:1c:417::2/64
Available DNS Resolvers
Anycasted IPv6 Caching Nameserver: 2001:470:20::2
Anycasted IPv4 Caching Nameserver: 74.82.42.42
Routed IPv6 Prefixes and rDNS Delegations
Routed /48: 2001:470:b115::/48
Routed /64: 2001:470:1d:417::/64
Ah ha.
You need to be using 2001:470:1c:417::1 for your default route and 2001:470:1c:417::2 for he-ipv6
Ok here we go again
[root@d75-152-109-214 ~]# modprobe ipv6
[root@d75-152-109-214 ~]# ip tunnel add he-ipv6 mode sit remote 216.66.38.58 local 75.152.109.214 ttl 255
[root@d75-152-109-214 ~]# ip link set he-ipv6 up
[root@d75-152-109-214 ~]# ip addr add 2001:470:1c:417::2/64 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add ::/0 dev he-ipv6
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::1:1/64 dev eth0
[root@d75-152-109-214 ~]# ip addr add 2001:470:b115::2:1/64 dev eth1
[root@d75-152-109-214 ~]# ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::1:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0cf/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:b115::2:1/64 scope global tentative
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fefb:c0d9/64 scope link
valid_lft forever preferred_lft forever
5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
inet6 2001:470:1c:417::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4b98:6dd6/128 scope link
valid_lft forever preferred_lft forever
[root@d75-152-109-214 ~]# sysctl -w net.ipv6.conf.all.forwarding=1
net.ipv6.conf.all.forwarding = 1
[root@d75-152-109-214 ~]# ip -6 route add :: via 2001:470:1c:417::1
[root@d75-152-109-214 ~]# ip route add 2000::/3 dev he-ipv6
[root@d75-152-109-214 ~]# ip route add 2001:470:b115::/48 dev eth1
[root@d75-152-109-214 ~]#
This should be right now, I hope.
[root@d75-152-109-214 ~]# ping6 2001:470:1c:417::1
PING 2001:470:1c:417::1(2001:470:1c:417::1) 56 data bytes
64 bytes from 2001:470:1c:417::1: icmp_seq=0 ttl=64 time=63.3 ms
64 bytes from 2001:470:1c:417::1: icmp_seq=1 ttl=64 time=63.2 ms
64 bytes from 2001:470:1c:417::1: icmp_seq=2 ttl=64 time=62.8 ms
--- 2001:470:1c:417::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 3194ms
rtt min/avg/max/mdev = 62.873/63.137/63.302/0.188 ms, pipe 2
[root@d75-152-109-214 ~]#
Thats better :)
[root@d75-152-109-214 ~]# ping6 ipv6.google.com
PING ipv6.google.com(pw-in-x67.1e100.net) 56 data bytes
64 bytes from pw-in-x67.1e100.net: icmp_seq=0 ttl=50 time=148 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=1 ttl=50 time=149 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=2 ttl=50 time=148 ms
64 bytes from pw-in-x67.1e100.net: icmp_seq=3 ttl=50 time=148 ms
--- ipv6.google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 11080ms
rtt min/avg/max/mdev = 148.711/148.858/149.111/0.414 ms, pipe 2
[root@d75-152-109-214 ~]#
still works
LAN host can still only ping 2001:470:b115::2:1
All the Time I have today need to goto work.
I'll get back at it tomorrow
Make sure sysctl is configured to enable ipv6 packet forwarding., and what is the IP of the LAN host?
sysctl -w net.ipv6.conf.all.forwarding=1
[root@d75-152-109-214 ~]# cat /proc/sys/net/ipv6/conf/all/forwarding
1
[root@d75-152-109-214 ~]#
LAN host
2001:470:b115::2:2/64
Well mtr can reach 2001:470:b115::2:1 but not 2001:470:b115::2:2 so not sure, but at least the /48 is routed correctly on our side.
It's probably either a firewall or routing issue..what does your routing table look like now
[root@d75-152-109-214 ~]# ip -6 route show
:: via 2001:470:1c:417::1 dev he-ipv6 metric 1024 expires 21312055sec mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1c:417::/64 via :: dev he-ipv6 metric 256 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:b115::/64 dev eth0 metric 256 expires 21312054sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/64 dev eth1 metric 256 expires 21312054sec mtu 1500 advmss 1440 hoplimit 4294967295
2001:470:b115::/48 dev eth1 metric 1024 expires 21312057sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo metric 1024 expires 21312000sec error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 dev he-ipv6 metric 1024 expires 21312055sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21311958sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21311962sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
no firewall enabled on this machine
LAN host routing
2001:470:b115::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440 hoplimit 4294967295
default dev eth0 metric 1024 mtu 1500 advmss 1440 hoplimit 4294967295
if this helps
I-NET -------> eth0-------------CentOS Box----------------------------------------------------------------eth1----------------[switch]---------->LAN (one ipv6
75.152.109.214 2001:470:b115::2:1/64 so far)
2001:470:b115::1:1/64(probably don't need) 2001:470:b115::2:2/64
he-ipv6(2001:470:1c:417::2/64)
This might be a different between FreeBSD and CentOS, but on my router, I specify the next hop. For example, my default route points to my tunnel interface (gif1) but I've routed my /48 at the next router in the mix.
default gif1 US gif1
2001:470:1f10:2aa::/64 link#6 U gif1
2001:470:c27d::/48 2001:470:c27d:d000:21d:a2ff:feaf:2ffd UGS nfe0
I thought I was he-ipv6 is the tunnel
default dev he-ipv6 metric 1024 expires 21312054sec mtu 1480 advmss 1420 hoplimit 4294967295
my LAN machine can't ping that address so I didn't think that would work.
maybe I should try somthing other than centOS for the router
That would be my vote ;)
I think I'll try debian, I have more experience with it as a IPV4 router.
Thanks for the help
I'll probably be back.
I used debian and it works, you can now ping 2001:470:b115:2::1 and 2001:470:b115:2::2 ;D
THANKS for all the help
Funny how easy it was that time ;)
Glad to hear it's up and working
It seems as tho though the OP got his Linux/V6 stuff working by switching away from CentOS. If anyone's still struggling through it, I'll provide my experience. I just set this up today (31 December). My configuration is a small Linux router with 3 Ethernet interfaces:
- eth2 - Facing the cable modem
- eth1 - Facing the public side of my LAN
- eth0 - Facing the "private" side of my LAN (where my wireless bridge also lives)
I have a /28 of public IPv4 space from my Internet provider, which is why I have a "public" and "private" side to the router. For v4, the router routes natively through all interfaces
except when the private LAN tries to talk out to the Internet. Then, and only then, does it NAT.
Now, for v6. Three basic steps:
1. Set the Tunnel Up with HE and Enable IP ForwardingEdit the following files:
/etc/sysconfig/networkNETWORKING_IPV6=yes
IPV6_AUTOCONF=no
IPV6_DEFAULTGW=<V6 Gateway on other end of Tunnel>
IPV6_DEFAULTDEV=sit1/etc/sysconfig/network-scripts/ifcfg-sit1DEVICE=sit1
IPV6INIT=yes
IPV6TUNNELIPV4=<V4 Remote end of Tunnel>
IPV6TUNNELIPV4LOCAL=<V4 Local end of Tunnel>
IPV6ADDR=<V6 Local end of Tunnel>/etc/sysctl.confnet.ipv4.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
Once those files are saved, perform this as root:
service network restartThe tunnel should be up at this point. Verify that by grabbing the v6 IP of the remote end of the tunnel and:
ping6 <v6 remote end>2. Set up Manual v6 IPs on Router InterfacesAssuming you have a block from HE, you'll want to pick a /64 from it and set that LAN up on the internal Ethernet interface. Since I have 2 Ethernets, I actually have 2 /64s. Either way, let's say eth1 is your internal LAN. Figure out what static(!) IP address you want your router to have, and configure it thusly:
/etc/sysconfig/network-scripts/ifcfg-eth1
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6ADDR=<your v6 router IP>
IPV6_ROUTER=yes
Most people like to IP their routers as the first IP in the subnet. I'm a bit goofy in that I typically configure mine at the very end of the subnet. My subnet from HE is: 2001:470:e2f8::/48. I carved off 2 /64s from that and IP'd my router interfaces as: 2001:470:e2f8:6969:ffff:ffff:ffff:ffff/64 and 2001:470:e2f8:7777:ffff:ffff:ffff:ffff/64 (yep, I'm a pig). I put those IPs into my ifcfg-eth0 and ifcfg-eth1 files accordingly.
Doing another:
service network restartwill bring up eth1 with the new v6 IP.
3. Enable Route AdvertisementIf you want the rest of your machines to auto-config properly, you want to make sure you have the RADVD daemon installed and running. If it isn't:
yum install radvdThe configuration for radvd is in the file
/etc/radvd.conf. A quick and dirty config for eth1 would look like:
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix <YOUR SUBNET HERE>/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
Make sure it'll start when you reboot:
chkconfig radvd onAnd kick it into gear:
service radvd startOnce done, you should have a running v6 router with internal clients that are all able to connect via v6.
ETA: Fixed IP Forwarding and Default Device configurationsjas
Thanks for your summary jasonvp - that was pretty much exactly the information I needed to start getting my configs created, as I run a very similar network setup at home with 3 zones, etc.
One significant difference I have here though, my ISP gives me a dynamic IP address. It doesn't change often, but it was preventing me from taking full advantage of automatic network scripts. So I came up with a pair of bash scripts to help automate the changes that happen when my external IP changes.
(just fyi, I'm running Scientific Linux 6 - in case someone catches a minor variance from Centos - they are both downstream from RHEL either way)
The first script is my IP address detector, it gets run every minute via crontab:
#!/bin/bash
# checkip dev save-file run-script
NUMPARAMS=3
if [ $# -lt "$NUMPARAMS" ]
then
echo "Usage: checkip dev save-file change-script"
echo " eg: checkip eth0 /etc/dhcp/current_ip.txt /etc/dhcp/ip_changed_script"
echo ""
echo " change-script will be called with the new ip as a parameter"
echo " This script is best run from crontab every few minutes"
exit 0
fi
# This method of cropping out an IP address from ifconfig is like web page scraping, and may break on future text output format changes...
current_ip=`/sbin/ifconfig "$1" | /bin/grep 'inet addr:[0-9]' | /usr/bin/tr -s " " | /bin/cut -d":" -f2 | /bin/cut -d" " -f1`
if [ -z "$current_ip" ]
then
exit 0
fi
touch "$2"
last_ip=`cat "$2"`
if [ "$current_ip" != "$last_ip" ]
then
echo "$current_ip" > "$2"
$3 $current_ip
fi
The above script will save what it thinks is the current IP in the file you specify and only fires the change script if it is different (if you need to force it, delete the save file.)
the crontab line:
* * * * * /etc/dhcp/checkip eth0 /etc/dhcp/ip.txt /etc/dhcp/ipchanged
And here is the script it runs when the IP changes (/etc/dhcp/ipchanged):
#!/bin/bash
# Do the DNS server update
TTL=3600
SERVER=ns.example.com
ZONE=example.com.
HOSTNAME=dynip.example.com.
KEYFILE=/etc/dhcp/Kdynip.example.com.+123+45678.key
/usr/bin/nsupdate -v -k $KEYFILE > /dev/null << EOF
server $SERVER
zone $ZONE
update delete $HOSTNAME A
update add $HOSTNAME $TTL A $1
send
EOF
# Ping HE from our new IPv4 address
/usr/bin/wget --delete-after --no-check-certificate "https://username:password@ipv4.tunnelbroker.net/ipv4_end.php?tid=000000" > /dev/null 2>&1
# Edit the tunnel config file to contain our new IPv4
/bin/cp -f /etc/sysconfig/network-scripts/ifcfg-sit1 /etc/sysconfig/network-scripts/ifcfg-sit1.tmp
/bin/sed -e "/^IPV6TUNNELIPV4LOCAL=/ s/IPV6TUNNELIPV4LOCAL=[0-9.]*/IPV6TUNNELIPV4LOCAL=$1/" </etc/sysconfig/network-scripts/ifcfg-sit1.tmp >/etc/sysconfig/network-scripts/ifcfg-sit1
# Wait for the dust to settle, then restart our tunnel
/bin/sleep 90 | /sbin/ifdown sit1 && /sbin/ifup sit1
This script will:
1) Contact my colo server and update my dns (change that example.com stuff for your own use, see: http://linux.yyz.us/nsupdate/ and http://dag.wieers.com/howto/bits/bind-ddns.php for how to get this set up)
2) Send a web request out my new IP to HE's simple tunnelbroker ipv4 endpoint updater, change "tid=000000" to your tunnel id and use your login/pw
3) Update the ifcfg-sit1 tunnel config file with the new IP and restart the tunnel.