I have a home DSL service from O2 in UK. My home router is a Speedtouch TG585n.
I am trying to use a Mac running 10.7.3 as the tunnel endpoint. My Mac has a permanent private IP address of 192.168.1.123
I created a Tunnel from my home router and it is active and pingable
On the Speedtouch I have a NAT statement mapping my Mac IP address to the public IP address of the Tunnel
On the Mac (which has a private address - 192.168.1.123) I have entered:
ifconfig gif0 create
ifconfig gif0 tunnel 192.168.1.123 216.66.84.46
ifconfig gif0 inet6 2001:470:1f14:362::2 2001:470:1f14:362::1 prefixlen 128
route -n add -inet6 default 2001:470:1f14:362::1
but I am not seeing the tunnel gif0 in the routing table of my Mac:
Pro:~ user$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGSc 116 0 en2
127 localhost UCS 0 0 lo0
localhost localhost UH 5 61 lo0
169.254 link#6 UCS 1 0 en2
169.254.255.255 0:22:55:35:dc:38 UHLSW 0 0 en2
192.168.1 link#6 UCS 7 0 en2
192.168.1.64 f8:1e:df:df:b:27 UHLWIi 2 419 en2 756
192.168.1.66 0:d0:4b:81:e9:ab UHLWIi 0 101 en2 948
192.168.1.68 0:16:cb:3:d1:fe UHLWIi 1 411 en2 777
192.168.1.111 0:21:47:9d:56:fa UHLWIi 0 0 en2 708
192.168.1.123 localhost UHS 0 0 lo0
192.168.1.254 0:18:f6:ef:f1:2a UHLWIi 115 394 en2 1191
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 19 en2
Internet6:
Destination Gateway Flags Netif Expire
localhost link#1 UHL lo0
fe80::%lo0 localhost UcI lo0
localhost link#1 UHLI lo0
fe80::%en2 link#6 UCI en2
pro.local 0:19:e3:d:6:d4 UHLI lo0
ff01::%lo0 localhost UmCI lo0
ff01::%en2 link#6 UmCI en2
ff02::%lo0 localhost UmCI lo0
ff02::%en2 link#6 UmCI en2
Pro:~ user$
nor do I see any use being made of the NAT entry on my ST:
{steve}[nat]=>maplist
Idx Type Interface Outside Address Inside Address Use
1 NAT Static_IP 87.194.152.105:8 127.0.0.1:8 0
2 NAT Static_IP 87.194.152.105 127.0.0.1 0
3 NAPT Static_IP 87.194.152.105:7547 127.0.0.1:7547 0
4 NAT Static_IP 216.66.84.46 192.168.1.123 0
5 NAPT Static_IP 87.194.152.105 unmapped 177
{steve}[nat]=>
Any ideas appreciated ?
are you running these by hand?
I can't remember if OSX uses /etc/rc.conf or not
Sorry when you say "by hand" what exactly you mean ? I see this from the Mac:
Pro:~ user$ ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
tunnel inet 192.168.1.123 --> 216.66.84.46
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether 00:17:f2:06:03:06
media: autoselect
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether 00:17:f2:06:03:07
media: autoselect
status: inactive
en2: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 00:19:e3:0d:06:d4
inet6 fe80::219:e3ff:fe0d:6d4%en2 prefixlen 64 scopeid 0x6
inet 192.168.1.123 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 2030
lladdr 00:16:cb:ff:fe:76:b1:ee
media: autoselect <full-duplex>
status: inactive
Pro:~ user$
by hand, as in you don't have them in a startup file somewhere
Ah ok no.....you suggest to create a script and run at startup ?
Here's how I have mine working
(This is FreeBSD, not OSX, but IIRC they're really close)
cat /etc/rc.conf
gif_interfaces="gif1"
gifconfig_gif1="your_ipv4 he_ipv4"
ipv6_enable="YES"
ipv6_gateway_enable="YES"
ipv6_ifconfig_gif1="::2 address from your tunnel /64"
ipv6_defaultrouter="-interface gif1"
ipv6_network_interfaces="em0 gif1 lo0"
ipv6_ifconfig_em0="whatever address you want to assign from your routed /64"
denyhosts_enable="YES"
You seem to have more in your settings than I entered in my Mac. I was just using:
ifconfig gif0 create
ifconfig gif0 tunnel 87.194.152.105 216.66.84.46
ifconfig gif0 inet6 2001:470:1f14:362::2 2001:470:1f14:362::1 prefixlen 128
route -n add -inet6 default 2001:470:1f14:362::1
one possible clue could be:
Pro:~ user$ sudo route -n add -inet6 default 2001:470:1f14:362::1
Password:
route: writing to routing socket: Network is unreachable
add net default: gateway 2001:470:1f14:362::1: Network is unreachable
Pro:~ user$
OK one small step...maybe....I got the tunnel into my routing table:
Pro:~ user$ sudo ifconfig gif0 create
ifconfig: SIOCIFCREATE2: File exists
Pro:~ user$ sudo ifconfig gif0 tunnel 87.194.152.105 216.66.84.46
Pro:~ user$ sudo ifconfig gif0 inet6 2001:470:1f14:362::2 2001:470:1f14:362::1 prefixlen 128
Pro:~ user$ sudo route -n add -inet6 default 2001:470:1f14:362::1
add net default: gateway 2001:470:1f14:362::1
Pro:~ user$ netstat -r
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.254 UGSc 52 8 en2
127 localhost UCS 0 0 lo0
localhost localhost UH 5 63 lo0
169.254 link#6 UCS 1 0 en2
169.254.255.255 0:22:55:35:dc:38 UHLSW 0 0 en2
192.168.1 link#6 UCS 6 0 en2
192.168.1.64 f8:1e:df:df:b:27 UHLWIi 1 1065 en2 511
192.168.1.66 0:d0:4b:81:e9:ab UHLWIi 0 101 en2 1124
192.168.1.68 0:16:cb:3:d1:fe UHLWIi 2 1041 en2 313
192.168.1.123 localhost UHS 0 0 lo0
192.168.1.254 0:18:f6:ef:f1:2a UHLWIi 52 747 en2 1172
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 17 en2
Internet6:
Destination Gateway Flags Netif Expire
default ssimlo-1.tunnel.ts UGSc gif0
localhost link#1 UHL lo0
ssimlo-1.tunnel.ts ssimlo-1-pt.tunnel UH gif0
ssimlo-1-pt.tunnel link#2 UHL lo0
fe80::%lo0 localhost UcI lo0
localhost link#1 UHLI lo0
fe80::%gif0 link#2 UCI gif0
fe80::217:f2ff:fe0 link#2 UHLI lo0
fe80::%en2 link#6 UCI en2
pro.local 0:19:e3:d:6:d4 UHLI lo0
ff01::%lo0 localhost UmCI lo0
ff01::%gif0 link#2 UmCI gif0
ff01::%en2 link#6 UmCI en2
ff02::%lo0 localhost UmCI lo0
ff02::%gif0 link#2 UmCI gif0
ff02::%en2 link#6 UmCI en2
Pro:~ user$
sudo ifconfig gif0 tunnel 87.194.152.105 216.66.84.46
needs to be like how you had in your initial post:
sudo ifconfig gif0 tunnel 192.168.1.123 216.66.84.46
Also try putting host in the DMZ if possible, that might help. At the worst, try bypassing any NAT at all and have the Mac use the actual IPv4 address, and if that still doesn't work, it might be something upstream causing issues.
Can you ping6 2001:470:1f14:362::2 and 2001:470:1f14:362::1 ??
::2 would indicate ipv6 is alive and well in the interface, ::1 success would indicate the tunnel is up.
As Broquea just mentioned, you are behind NAT so your ipv4 end if the tunnel should be your private ipv4.
Also your TG585 will probably be blocking protocol-41. This post: http://www.tunnelbroker.net/forums/index.php?topic=633.0 (http://www.tunnelbroker.net/forums/index.php?topic=633.0) gives details how to resolve that.
Broquea - thanks...the TG does not give access to the DMZ but have reverted to the correct tunnel endpoint and eureka !
"Your IPv4 address on the public Internet appears to be 87.194.152.105
Your IPv6 address on the public Internet appears to be 2001:470:1f14:362::2
The World IPv6 Launch day is June 6th, 2012. Good news! Your current browser, on this computer and at this location, are expected to keep working after the Launch. [more info]
Congratulations! You appear to have both IPv4 and IPv6 Internet working. If a publisher publishes to IPv6, your browser will connect using IPv6. Your browser prefers IPv6 over IPv4 when given the choice (this is the expected outcome).
Your DNS server (possibly run by your ISP) appears to have no access to the IPv6 Internet, or is not configured to use it. This may in the future restrict your ability to reach IPv6-only sites. [more info]"