Hello all,
I have successfully set up the ipv6 tunnel on a fedora computer, however I am having trouble configuring it as a router to share the routed 64 prefix with another debian computer that is connected to it. The debian computer successfully picks up an ipv6 address in the right prefix, and a ping6 to ipv6.google.com seems to be successful, but on closer inspection, the traceroute6 ends on the fedora computer.
From my Tunnel Details page :
Server IPv6 Address: 2001:470:1f1a:232::1/64
Client IPv6 Address: 2001:470:1f1a:232::2/64
Routed /64: 2001:470:1f1b:232::/64
on the fedora computer (the one with working ipv6 tunnel):
> cat /etc/sysconfig/network-scripts/ifcfg-he-ipv6
DEVICE=he-ipv6
TYPE=sit
BOOTPROTO=none
ONBOOT=yes
IPV6INIT=yes
IPV6TUNNELIPV4=216.66.87.14
IPV6TUNNELIPV4LOCAL=192.168.1.35
IPV6ADDR=2001:470:1f1a:232::2/64
> cat /etc/sysconfig/network-scripts/ifcfg-Shared_Ethenet
TYPE=Ethernet
BOOTPROTO=shared
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME="Shared Ethenet"
UUID=c17fc19f-4464-4b0c-bcca-7125be7f782f
ONBOOT=yes
HWADDR=54:04:A6:20:9C:91
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_PRIVACY=no
ZONE=internal
> cat /etc/sysconfig/network
NETWORKING_IPV6=yes
IPV6_DEFAULTDEV=he-ipv6
IPV6_DEFAULTGW=2001:470:1f1a:232::1
IPV6FORWARDING=yes
> cat /etc/radvd.conf
interface p5p1
{
AdvSendAdvert on;
prefix 2001:470:1f1b:232::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
> sudo ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p5p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:1f1b:232:5604:a6ff:fe20:9c91/64 scope global noprefixroute dynamic
valid_lft 86257sec preferred_lft 14257sec
inet6 fe80::5604:a6ff:fe20:9c91/64 scope link
valid_lft forever preferred_lft forever
3: wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:1f1b:232:62d8:19ff:fe83:bd7b/64 scope global noprefixroute dynamic
valid_lft 83636sec preferred_lft 11636sec
inet6 fdec:233d:661c:cb00:62d8:19ff:fe83:bd7b/64 scope global noprefixroute dynamic
valid_lft 7186sec preferred_lft 3586sec
inet6 fe80::62d8:19ff:fe83:bd7b/64 scope link
valid_lft forever preferred_lft forever
9: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480
inet6 2001:470:1f1a:232::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::c0a8:123/64 scope link
valid_lft forever preferred_lft forever
> ping6 -c 3 ipv6.google.com
PING ipv6.google.com(bud02s22-in-x0e.1e100.net) 56 data bytes
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=1 ttl=53 time=92.2 ms
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=2 ttl=53 time=92.6 ms
64 bytes from bud02s22-in-x0e.1e100.net: icmp_seq=3 ttl=53 time=92.6 ms
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 92.246/92.517/92.697/0.401 ms
> traceroute6 ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:400d:807::200e), 30 hops max, 80 byte packets
1 joyfulmantis-1.tunnel.tserv1.bud1.ipv6.he.net (2001:470:1f1a:232::1) 71.182 ms 71.026 ms 71.823 ms
2 ge4-20.core1.bud1.he.net (2001:470:0:2ba::1) 77.241 ms 77.143 ms 77.039 ms
3 2001:7f8:35::1:5169:1 (2001:7f8:35::1:5169:1) 76.434 ms 77.388 ms 78.495 ms
4 2001:4860::1:0:4487 (2001:4860::1:0:4487) 102.534 ms 103.845 ms 104.133 ms
5 2001:4860:0:1::bf (2001:4860:0:1::bf) 105.521 ms 106.378 ms 107.169 ms
6 bud02s22-in-x0e.1e100.net (2a00:1450:400d:807::200e) 108.249 ms 92.142 ms 93.064 ms
and on the debian computer (the one receiving the shared internet):
» sudo ip -6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:470:1f1b:232:ed69:b5e0:b890:bbc8/64 scope global temporary dynamic
valid_lft 86140sec preferred_lft 14140sec
inet6 2001:470:1f1b:232:211:24ff:fe85:83fe/64 scope global mngtmpaddr noprefixroute dynamic
valid_lft 86140sec preferred_lft 14140sec
inet6 fe80::211:24ff:fe85:83fe/64 scope link
valid_lft forever preferred_lft forever
» ping6 -c 3 ipv6.google.com
PING ipv6.google.com(sof01s12-in-x0e.1e100.net) 56 data bytes
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=1 ttl=56 time=245 ms
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=2 ttl=56 time=250 ms
64 bytes from sof01s12-in-x0e.1e100.net: icmp_seq=3 ttl=56 time=281 ms
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 245.833/259.243/281.651/15.946 ms
» traceroute ipv6.google.com
traceroute to ipv6.google.com (2a00:1450:4017:803::200e), 30 hops max, 80 byte packets
1 2001:470:1f1b:232:5604:a6ff:fe20:9c91 (2001:470:1f1b:232:5604:a6ff:fe20:9c91) 0.580 ms 0.521 ms 0.482 ms
2 2001:470:1f1b:232:5604:a6ff:fe20:9c91 (2001:470:1f1b:232:5604:a6ff:fe20:9c91) 0.504 ms !X 0.481 ms !X 0.451 ms !X
So my problem as it turned out, was that the firewall on the fedora computer was blocking the ipv6 packets.
Allowing the ipv6 packets through with
sudo firewall-cmd --direct --add-rule ipv6 filter FWDI_internal_allow 0 -j ACCEPT
made things start working (well I still have troubles with MTU, but thats a different issue)
special thanks to rm of #ipv6.freenode for helping me diagnose the problem, and Jeff Sadowski of Fedora forums who's solution ( http://forums.fedoraforum.org/archive/index.php/t-301894.html ) I used.