Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 on Windows => Topic started by: joeyreep on February 17, 2011, 12:51:36 AM

Title: How can I add a second host from same WAN IP
Post by: joeyreep on February 17, 2011, 12:51:36 AM
Hi all,

I've successfully created a tunnel on 1 client within my network. Now I want to create a second tunnel (or configure the same tunnel?) on another host within my network. I configured this second host with the same commands as I did on the first host. Now the second host works but my first host doesn't anymore. Can't ping to any IPv6 addresses.

Does anyone know how to set up 2 IPv6 tunnels from 1 WAN IP?
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 17, 2011, 05:04:33 AM
You don't need two tunnels...you need to have your first tunnel router share the connection with your second machine.

If it's on the same network, you just need to assign an address to your second machine out of your routed /64 (check your tunnel details page)

If it's on a different network, you need to request a /48 and pick a /64 out of there to assign to your second network.
Title: Re: How can I add a second host from same WAN IP
Post by: joeyreep on February 17, 2011, 05:16:26 AM
Quote from: cholzhauer on February 17, 2011, 05:04:33 AM
You don't need two tunnels...you need to have your first tunnel router share the connection with your second machine.

If it's on the same network, you just need to assign an address to your second machine out of your routed /64 (check your tunnel details page)

If it's on a different network, you need to request a /48 and pick a /64 out of there to assign to your second network.

Thanks for your reply!

In the tunnel details I read:
We automatically assign a /64 to your account and route it via:
ipv6 route [routed64] [clientV6Endpoint]

This allows your endpoint device to operate as the router for this netblock and allows you to utilize DHCPv6 or RADVD to hand out IP's from this allocation to your internal network.

If you have more than one network segment please consider utilizing the /48 above.


Does this mean my first host operates as a router and therefore always has to be on?
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 17, 2011, 06:08:01 AM
Quote
Does this mean my first host operates as a router and therefore always has to be on?

That would be correct.  That's why it's nice to terminate the tunnel on a device that's always on, like a firewall or router.

Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 22, 2011, 07:27:37 AM
Quote from: cholzhauer on February 17, 2011, 06:08:01 AM
Quote
Does this mean my first host operates as a router and therefore always has to be on?

That would be correct.  That's why it's nice to terminate the tunnel on a device that's always on, like a firewall or router.



I am interested in exploring the above statement further. I am very new to all of this and I want to set up things in the best, most correct way.

I have an HE tunnel that, I think, terminates at the IPv4 WAN address of my DSL modem. The address is static. The DSL modem is then connected to an IPv6-capable router, which in turn is connected to a Gigabit ethernet switch. All of my PC's are connected to the LAN via this switch.

Then, on one client PC (Linux), I have everything working by having created a link to the ::2 address given to me by HE. I can ping6, surf to IPv6 web sites, and run the HE port scan.

Now, I would like to add a Windows 7 PC as a second client to my tunnel. Can I simply create a similar link to a ::3 address on my /64, or do I have to set up radvd on the Linux client and advertise it from there?

I would prefer to do it the first way and I am asking whether my configuration supports that. If it does not, I would like to find out how to reconfigure things so that it will. Having to control subsequent clients from the first client seems to me to be an unnecessary kludge.

Thank you,
Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 22, 2011, 07:34:58 AM
You can either assign an address manually or automatically through radvd.  However, you need to use a different subnet than your tunnel subnet.  On your tunnel info page, there's a line that says "routed /64" you need to use that subnet to assign addresses to your other computers.

So, if your subnet is 2001:db8:1234:4567/64, you could use 2001:db8:1234:4567::3 as the address on a host internally
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 22, 2011, 09:07:56 AM
Quote from: cholzhauer on February 22, 2011, 07:34:58 AM
You can either assign an address manually or automatically through radvd.  However, you need to use a different subnet than your tunnel subnet.  On your tunnel info page, there's a line that says "routed /64" you need to use that subnet to assign addresses to your other computers.

So, if your subnet is 2001:db8:1234:4567/64, you could use 2001:db8:1234:4567::3 as the address on a host internally

Clear as mud! Sorry, I'm still having trouble understanding.

Ok, my client address is 2001:470:7:b57::2/64 and my routed /64 is 2001:470:8:b57::/64. I notice, and I'm sure you are aware, that the third "node" of this address is different.

So, to a second client on the same subnet, I would configure it as 2001:470:8:b57::3 ? That is how I understand what you said, but I'm still having trouble grasping it.

Thanks,
Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 22, 2011, 09:24:54 AM
Quote
So, to a second client on the same subnet, I would configure it as 2001:470:8:b57::3 ? That is how I understand what you said, but I'm still having trouble grasping it.

Exactly.  The only time you would use 2001:470:7:b57::/64 is on your tunnel interface. (::2)  Once you have your tunnel working, forget about this address range.

On any other clients, and the "inside" interface of your router, you need to use 2001:470:8:b57::/64. 

So, lets say you had a Windows7 machine hosting your tunnel.  The IP address of your IP6Tunnel adapter is 2001:470:7:b57::2

Now, on your local area connection adapter, you would assign an address out of your routed /64, say 2001:470:8:b57::1.  Now, if you wanted to connect a second Windows7 machine on your lan, you could assign 2001:470:8:b57::2 to the local area connection on that machine.  Your default gateway on the second machine becomes your router.
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 22, 2011, 10:24:54 AM
Thank you very much. I will see if I can put that into practice.

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 09:02:05 AM
I am still having trouble with this. I could not get radvd to start up on my Linux client, so I deleted the link to the tunnel and tried to implement radvd in my router. The router scripting bamboozles me, so I did it all manually, a command at a time into the router's command interface.

I believe I got everything configured on the router and got radvd started. Then I went back to my Linux client and ran:

tim@tim-mav-prod:~$ ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:8:b57:230:1bff:feb5:9a1d/64 scope global dynamic
       valid_lft 86357sec preferred_lft 14357sec
    inet6 fe80::230:1bff:feb5:9a1d/64 scope link
       valid_lft forever preferred_lft forever


So, it definitely picked up something from the router's radvd. Does that inet6 address look reasonable? It looks very strange, to me.

Anyway, I cannot surf or ping 6 from the Linux client. Here is a ping6 result:

ping6 ipv6.google.com
PING ipv6.google.com(yi-in-x69.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6048ms

I suppose I need to show all the commands I gave the router to set this all up:

insmod ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local 192.168.1.127 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:7:b57::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -6 addr add 2001:470:8:b57::/64 dev he-ipv6
ip -6 addr add 2001:470:8:b57::/64 dev br0
ip route add 2000::/3 dev he-ipv6
radvd -C /tmp/radvd.conf &


This is a lot of stuff, but can anyone give me help or advice? Thanks.

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 24, 2011, 09:20:34 AM
Does everything still work on your router?

Let's see your routing tables and a copy if ipconfig/ifconfig from a non-working computer

Oh, and yes, that 2001 address on eth0 on tim-mav-prod looks correct.
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 09:34:36 AM
Ok, looks like its not still working from the router. Looking Glass shows my IPv4 address, again. And pinging gives an IPv4 resolution. This is from the router:

PING ipv6.he.net (66.220.2.75): 56 data bytes
64 bytes from 66.220.2.75: seq=0 ttl=46 time=162.108 ms
64 bytes from 66.220.2.75: seq=1 ttl=46 time=96.203 ms
64 bytes from 66.220.2.75: seq=2 ttl=46 time=95.877 ms
--- ipv6.he.net ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 95.877/118.062/162.108 ms

What did I mess up?

Here is the displayed routing table from the router:

Destination LAN NET    Subnet Mask    Gateway    Interface
70.159.240.22   255.255.255.255   0.0.0.0   ppp0
70.159.240.22   255.255.255.255   0.0.0.0   ppp0
192.168.1.0   255.255.255.0   0.0.0.0   LAN & WLAN
169.254.0.0   255.255.0.0   0.0.0.0   LAN & WLAN
0.0.0.0   0.0.0.0   70.159.240.22   ppp0

Here is ifconfig from my client PC:

tim@tim-mav-prod:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:1b:b5:9a:1d 
          inet addr:192.168.1.127  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::230:1bff:feb5:9a1d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:246951 errors:0 dropped:0 overruns:0 frame:0
          TX packets:224628 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:224553151 (224.5 MB)  TX bytes:33513421 (33.5 MB)
          Interrupt:19

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4508 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4508 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:368942 (368.9 KB)  TX bytes:368942 (368.9 KB)

Sorry I'm such a newbie. But I'm trying to learn. Thanks,
Tim
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 09:39:55 AM
Error in the above: I had to disable IPv6 on the client to even be able to post to tunnelbroker.net forums, so the ifconfig I posted is not valid. I guess I need to turn it back on, run the command, store output in a file, turn ipv6 back off, and repost the results.

Sorry,
Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 24, 2011, 09:41:54 AM
Here's the first thing I noticed.

On reply #10, you said that you used 192.168.1.127 to create the tunnel on your router, but on the last reply, you show 192.168.1.127 as being on your client PC.  Do I have the two of them confused or are we talking about two separate machines?

Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 09:47:12 AM
Quote from: cholzhauer on February 24, 2011, 09:41:54 AM
Here's the first thing I noticed.

On reply #10, you said that you used 192.168.1.127 to create the tunnel on your router, but on the last reply, you show 192.168.1.127 as being on your client PC.  Do I have the two of them confused or are we talking about two separate machines?



Oh, yes, I'm such a dunce. I need to reconfigure the tunnel to point to my real WAN address, instead of the NAT address like I had to do to make it work on the client PC. Wow, this is complex.

Thanks, I'll try to manually reconfigure the router tunnel.

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 10:43:47 AM
Ok, I have reconfigured everything. I hope I have all the obvious stuff correct. It still does not work, though.

New startup script on the router:

insmod ipv6
sleep 5
ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local 68.209.199.199 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:7:b57::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -6 addr add 2001:470:8:b57::/64 dev he-ipv6
ip -6 addr add 2001:470:8:b57::/64 dev br0
ip route add 2000::/3 dev he-ipv6
radvd -C /tmp/radvd.conf &


I restarted the router and verified that radvd is running. Here is the output of ifconfig on the client, with ipv6 enabled:

tim@tim-mav-prod:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:1b:b5:9a:1d 
          inet addr:192.168.1.127  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:470:8:b57:230:1bff:feb5:9a1d/64 Scope:Global
          inet6 addr: fe80::230:1bff:feb5:9a1d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:272007 errors:0 dropped:0 overruns:0 frame:0
          TX packets:248486 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:245492658 (245.4 MB)  TX bytes:36090742 (36.0 MB)
          Interrupt:19

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4556 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4556 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:372750 (372.7 KB)  TX bytes:372750 (372.7 KB)


And here is ifconfig on the router:

br0       Link encap:Ethernet  HWaddr 00:22:3F:1A:F5:25 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1942 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1966 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:196557 (191.9 KiB)  TX bytes:1431772 (1.3 MiB)
br0:0     Link encap:Ethernet  HWaddr 00:22:3F:1A:F5:25 
          inet addr:169.254.255.1  Bcast:169.254.255.255  Mask:255.255.0.0
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
eth0      Link encap:Ethernet  HWaddr 00:22:3F:1A:F5:25 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1935 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1968 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:230089 (224.6 KiB)  TX bytes:1440082 (1.3 MiB)
          Interrupt:4
eth1      Link encap:Ethernet  HWaddr 00:22:3F:1A:F5:26 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1168 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1192 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:246839 (241.0 KiB)  TX bytes:157349 (153.6 KiB)
          Interrupt:5
eth2      Link encap:Ethernet  HWaddr 00:22:3F:1A:F5:27 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:3573
          TX packets:0 errors:11 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:2 Base address:0x4000
eth3      Link encap:Ethernet  HWaddr 00:22:3F:1A:F5:28 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:1
          TX packets:2 errors:2 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:184 (184.0 B)
          Interrupt:2 Base address:0x8000
he-ipv6   Link encap:UNSPEC  HWaddr 44-D1-C7-C7-00-00-00-00-00-00-00-00-00-00-00-00 
          UP POINTOPOINT RUNNING NOARP  MTU:1472  Metric:1
          RX packets:628 errors:0 dropped:0 overruns:0 frame:0
          TX packets:637 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:64064 (62.5 KiB)  TX bytes:72916 (71.2 KiB)
lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:344 (344.0 B)  TX bytes:344 (344.0 B)
ppp0      Link encap:Point-to-Point Protocol 
          inet addr:68.209.199.199  P-t-P:70.159.240.22  Mask:255.255.255.255
          UP POINTOPOINT RUNNING MULTICAST  MTU:1492  Metric:1
          RX packets:1011 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1032 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3
          RX bytes:210438 (205.5 KiB)  TX bytes:120105 (117.2 KiB)


Thanks for all your help.

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 24, 2011, 10:45:39 AM
Have you double checked to make sure that 68.209.199.199 is the IP address you put on the HE page for your IP end point?
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 10:52:25 AM
Quote from: cholzhauer on February 24, 2011, 10:45:39 AM
Have you double checked to make sure that 68.209.199.199 is the IP address you put on the HE page for your IP end point?

Yes, and it has been working for several days with the tunnel link configured on my client PC.

Here is from my tunnel details page on tunnelbroker.net:

Client IPv4 address:    68.209.199.199

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 24, 2011, 10:54:40 AM
OK, so something's not making sense.

The tunnel was working at one time...what happened to break it? Or, did it not break and you just want to move it to your router?
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 10:55:29 AM
I am wondering about the next to last statement in my router startup script. I took it from a tutorial on the dd-wrt wiki. There are no instructions to change it, but should it say "ip route add 2001::/3 dev he-ipv6" instead of "ip route add 2000::/3 dev he-ipv6"?

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 10:56:39 AM
Quote from: cholzhauer on February 24, 2011, 10:54:40 AM
OK, so something's not making sense.

The tunnel was working at one time...what happened to break it? Or, did it not break and you just want to move it to your router?

It did not break. I want to move it to the router because I cannot get radvd to start on my client PC.

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: cholzhauer on February 24, 2011, 10:58:53 AM
Yes...it would need to be 2000, not 2001.

Some OS's need that, some don't.  I don't think you'd break anything by having it though.
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on February 24, 2011, 11:03:04 AM
Ok. Right now, I am out of time to mess with it anymore. I'm going to take it back away from the router and live without radvd for the time being. At least I have learned a good bit about scripting on the router.

Tim
Title: Re: How can I add a second host from same WAN IP
Post by: ratcheer on March 01, 2011, 10:41:59 AM
I finally got my IPv6 set up on my router with sharing to my LAN hosts working. Here is what worked for me:

Startup script on router:

insmod ipv6
sleep 8
ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local 68.209.xx1.xx2 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:7:yyy::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -6 addr add 2001:470:8:yyy::1/64 dev br0
ip route add 2000::/3 dev he-ipv6
radvd -C /tmp/radvd.conf &


radvd.conf on router:

interface br0 {
        AdvSendAdvert on;
        MinRtrAdvInterval 3;
        MaxRtrAdvInterval 10;
        prefix 2001:470:8:yyy::/64  {
                AdvOnLink on;
                AdvAutonomous on;
                AdvRouterAddr on;
        };
};


I hope this might be helpful to others. (My true IP addresses are masked out.)

Tim