Hi all,
I've just set up a tunnel but am confused over what IP's I should be using for internet facing services. Hope I'm not putting myself at risk by posting real IP's but this is the config I used to set the tunnel up -
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel 65.181.120.57 209.51.161.14
netsh interface ipv6 add address IP6Tunnel 2001:470:1f06:ec1::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f06:ec1::1
This is my routed /64
2001:470:1f07:ec1::/64
I added IP addresses from this block to IP6Tunnel using the command
netsh interface ipv6 add address IP6Tunnel 2001:470:1f07:ec1::? (replace ? with various numbers)
I've set these addresses up in DNS and now cannot reach the services set up with these addresses
Where have I gone wrong?
Thanks for looking
Here's a general overview:
Tunnel /64: ::1 is the HE end, ::2 is assigned to the tunnel adapter on your end
Routed /64. You use these IP addresses as you wish on one subnet; your default gateway is the ::1 address of your tunnel /64
Sort of half understood your answer, but what do I actually have to do to fix it, no services with IP's on the routed /64 can be reached
The easy way? Tear down everything you have and start over.
Or, you can attempt to undo the last command you issued:
Quote
netsh interface ipv6 add address IP6Tunnel 2001:470:1f07:ec1::? (replace ? with various numbers)
What you did was to add a second IP address to your tunnel adapter, and that confused the heck out of it.
Now I'm really confused
I think what I'm trying to ask is what IP's should be used for internet facing hosts, what subnet (sorry if that's the wrong terminology) should they be taken from (routed /64?), and how I should set these IP's up so they're available for services like IIS
Let me try again
Step one, make your tunnel work.
Step two, take IP addresses from your routed /64 and assign them to all of your hosts, including the inside interface of the device that's hosting your tunnel.
You didn't post your IP allocations, so I'll make some up as an example
If your routed /64 is 2001:db8:1234:5678::/64 then you could do something like
2001:db8:1234:5678::1 = inside interface of your router
2001:db8:1234:5678::2 = email
2001:db8:1234:5678::3 = IIS
ect
Hopefully that helps.
I think I'm starting to understand what you're saying (and I gave all the information I had in my first post)
I'll keep plugging away and see how it goes, thanks for your help
Ok, I've had another bash at this, you'll probably laugh at some of the things I've done but that's how I learn.
These are my he.net IP's
Server IPv4 Address: 209.51.161.14
Server IPv6 Address: 2001:470:1f06:ec1::1/64
Client IPv4 Address: 65.181.120.57
Client IPv6 Address: 2001:470:1f06:ec1::2/64
This is my routed /64
2001:470:1f07:ec1::/64
I've removed the extra IP addresses I added to the IP6Tunnel interface
I'm trying to set this tunnel up on a Windows Server 2012 VPS, I don't have access to the router, rightly or wrongly I've added the addresses I want to use for internet facing services to the Ethernet interface
I'm at a point where I can ping the client end of the tunnel (ping -6 2001:470:1f06:ec1::2), but can't ping anything in the 2001:470:1f07:ec1::/64 network
The Windows firewall is passing protocol 41
Services are still not available on IPv6 so I don't know what to try next or if this will ever work
Ok, it looks like I've cracked it, I found these extra commands in another thread and entered them (after translating to my IP's)
netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface Ethernet forwarding=enabled advertise=enabled
netsh int ipv6 add address Ethernet 2001:470:1f07:ec1::1 <<< I'd already added this IP
netsh int ipv6 set route 2001:470:1f07:ec1::/64 Ethernet publish=yes
netsh interface ipv6 set route ::/0 IP6Tunnel 2001:470:1f06:ec1::1 publish=yes
The following output (from my laptop at home) shows I'm now connecting to two websites running on the VPS via their IPv6 addresses
C:\Users\Danny>netstat -af -p tcpv6
Active Connections
Proto Local Address Foreign Address State
TCP [2001:470:1f08:f19::2]:64322 www.airseatac.net:http ESTABLISHED
TCP [2001:470:1f08:f19::2]:64330 beta.airseatac.net:http ESTABLISHED
C:\Users\Danny>netstat -an -p tcpv6
Active Connections
Proto Local Address Foreign Address State
TCP [2001:470:1f08:f19::2]:64410 [2001:470:1f07:ec1::14]:80 ESTABLISHED
TCP [2001:470:1f08:f19::2]:64414 [2001:470:1f07:ec1::19]:80 ESTABLISHED