• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Tunnel Setup on Cisco RV220W -- Help Needed

Started by rxforcomputers, June 12, 2011, 11:40:57 AM

Previous topic - Next topic

rxforcomputers

I've just installed a new Cisco RV220W replacing a WRVS4400N on which I had a working TunnelBroker tunnel with a routed /48. I'm looking for any information to both setup the tunnel on this router and get the DHCPv6 leases working on this new hardware and am coming up empty handed. Any help or steerage would be greatly appreciated!

kauwen

With the help of this document: https://supportforums.cisco.com/docs/DOC-17069 I managed to setup the tunnel on the router.

rxforcomputers

Thanks SO much for the reply. Looks like this document you found was hot off the press, looking at the date! I have a few questions for you (kauwen), however (please!) ...

1) was the 6to4 that you setup between private routers, or to a tunnel broker such as HE ?

2) on page four of the document, the field IPv6 Destination, is this the IPv6 address of the far side (Server's IPv6 Address)? I'm expecting so ...

3) on the same page (4), what address did you put into the IPv6 Gateway field?

While the document goes through the "high level" configuration, it gives no detail as to what variables the blanks on the pages to be filled in with.

Thanks for your time and information. I very much appreciate your posting this!

kauwen

Quote from: rxforcomputers on June 22, 2011, 01:06:42 PM
1) was the 6to4 that you setup between private routers, or to a tunnel broker such as HE ?
I configured the (HE) tunnel with it

Quote from: rxforcomputers on June 22, 2011, 01:06:42 PM
2) on page four of the document, the field IPv6 Destination, is this the IPv6 address of the far side (Server's IPv6 Address)?
This is the subnet you want to route through the tunnel. I guess you want all ipv6 go through the tunnel so specify 0:: for destination and 0 for prefix length.

Quote from: rxforcomputers on June 22, 2011, 01:06:42 PM
on the same page (4), what address did you put into the IPv6 Gateway field?
::216.66.84.46. This is the ipv4 server address of my tunnel.

Hope this helps :)


rxforcomputers

@kauwen -- Thanks for the reply. I must be overlooking some other setting in some other screen that was not discussed in the documentation that you referred to. Although is was helpful, there are several other IPv6 related configuration screens that aren't covered, and my limited v6 experience is no help. Unfortunately, I just spent an hour and a half with no results in tunneling. My router was DHCPing fine, but the tunnel never came up. I did notice that the WAN v4 IP of my router had changed since applying for my tunnel so I went to TunnelBroker and changed to my current v4 address and it was accepted, so I'm assuming that communication between HE and myself was successful.

Guess I'm back to searching for some "more thorough" documentation for this setup and router. If anyone has any pointers or advice it would be very much appreciated!

Cheers!

kauwen

There are no other settings that should be changed.
But what firmware are you on? And how do you determine if the tunnel is up?

rxforcomputers

Admittedly, I realized after posting that I omitted my firmware version and was going to edit my post this morning to mention -- fw 1.0.1.0. So, my configuration screens don't "exactly" match that in the documentation, but it's not that hard to figure the equivalent settings in my screens.

As for the test, I used to do two tests when using my old router which I had a working tunnel on. I would try to do a ping to the "HE v6 DNS server" (normally would receive a response) and I would do an "nslookup" of a v6 host (ipv6.google.com -- normally would resolve). After attempting the tunnel configuration last night, both of these tests would fail with errors indicating "unreachable" on my PC (W7) after I renewed and checked my IP address on it (the IP lease info all looked good on my host, BTW). Also worth noting and something that would be part of the testing is that once my host leased its info from the router, even trying to hit any v4 Internet host, such as www.tunnelbroker.net, I would notice a long lag before activity (loading of the page), obiously having to wait for the first v6 nameserver lookup to timeout before my PC would move on to the v4 nameserver lookup and succeeding.

On the main Status Summary page in the router, the v6 tunnel status doesn't indicate that it is "up" either, even though on the ISATAP Tunnel page it shows "active", but of course this just means that the defined tunnel is switched on.

Anyway, I hope that this is enough to give you answers to your questions. I'm open to any suggestions. Thanks!

kauwen

I'm on the same firmware.

I don't have a tunnel status on the main status page and I don't have an ISATAP tunnel. Did you create an ISATAP tunnel?

rxforcomputers

I had no other tunnel-type to pick -- no choice. This was the type of tunnel that it created. Did I do something wrong, possibly, earlier in the configuration that caused it to come out as an ISATAP?

Thanks for hanging with me through this!

kauwen

The static route you add at step 4 of the before mentioned document is the tunnel.

rxforcomputers

Thanks, I'll give it another shot in the morning and let you know the outcome. Looking forward to getting this to work. It's possible that when I was on the "Step 5" screen I may have gotten carried away and added an ISATAP.  ???

rxforcomputers

OK. I've given it another try and still no-go ...

One thing worth noting, before I forget, is that I have a routed /48 associated with my tunnel ... do I maybe need to turn this off on the HE side and run with only the /64?

Again on page four, I have set, under IPv6 Static Routing, the IPv6 Destination to "0::" as you advised, and this seems right to me after giving it some thought ...

I've set "6 to 4 Tunneling" to "Automatic Tunneling = check".  Of course in our firmware version this is the only thing on this screen, none of the other selections or configuration  in step 5 appear ...

Advertisement Prefixes section, although different than the screenshot in the document, I added one equivalent to that of the screenshot ...

In the Router Advertisement screen I have configured it exactly as shown, except for our firmware not having a checkbox to Enable, I set RADVD Status to enable ... I even put a check in the Other box (which was not checked) for the RA Flags ...

And of course, I've enabled Dual-Stack in the router.

The only thing that is different this time around is that I'm not experiencing the "lag" when I attempt to go to any website. The v6 lookup fails instantly, my PC moves on the v4 DNS lookup and pages load right away. Attempting a ping on 2001:470:20::2 (from W7 PC) I get "PING: transmit failed. General failure", and trying an NSLOOKUP of "ipv6.google.com" I get "UnKnown can't find ipv6.google.com: No response from server".

One thing I'll also want to address, at some time after the tunnel is working, is to get the leasing of the /48 prefix to my clients if this subnet is to be kept in play. I'd like details of the correct way to setup v6 DHCP in this equipment, if possible.

Since this current configuration is not affecting, what seems to be, the normal operation of my network I'm leaving it in place so trying quick changes should not be a problem or time consuming.

So, once again thanks and I'm still open to any and all suggestions  ::)


rxforcomputers

Oh, one more question that my have something to do with my tunnel failure. What do your settings look like under Networking > WAN > IPv6 WAN Configuration?

In this section I've set the WAN Configuration Type to "Static IPv6", the IPv6 Address to my "HE Client IPv6 Address", Prefix Length of course to 64, the Default IPv6 Gateway to the "HE Server IPv6 Address" and the Primary DNS Server to the "Anycast IPv6Cashing Nameserver" (2001:470:20::2). The DHCPv6 Address Settings are dimmed and can't be set since I've chosen "Static" in the first selection on this page ...

If your working settings are otherwise please advise.

Thanks

kauwen

Quote from: rxforcomputers on June 26, 2011, 04:30:59 PM
One thing worth noting, before I forget, is that I have a routed /48 associated with my tunnel ... do I maybe need to turn this off on the HE side and run with only the /64?
I don't know I only use /64

Quote from: rxforcomputers on June 26, 2011, 04:30:59 PM
Advertisement Prefixes section, although different than the screenshot in the document, I added one equivalent to that of the screenshot ...
I didn't do that, some way the address is picked up or calculated automatically

Quote from: rxforcomputers on June 26, 2011, 04:30:59 PM
Attempting a ping on 2001:470:20::2 (from W7 PC) I get "PING: transmit failed. General failure"
I experience that often the first time I use ipv6. A second try will work (also the status of the adapter for ipv6 connectivity changes from 'no internet connection' to 'internet'.

Quote from: rxforcomputers on June 26, 2011, 04:30:59 PM
One thing I'll also want to address, at some time after the tunnel is working, is to get the leasing of the /48 prefix to my clients if this subnet is to be kept in play. I'd like details of the correct way to setup v6 DHCP in this equipment, if possible.
I don't think that is really needed. Router advertisement is enough.

Quote from: rxforcomputers on June 26, 2011, 04:30:59 PM
What do your settings look like under Networking > WAN > IPv6 WAN Configuration?
Just left it on dhcpv6. This is really not needed, if we had a ipv6 wan connection we didn't need a tunnel ;)

Just some more observation:
Some computers on my network only started to work after reboot of the router.
Check if the client computers get an ipv6 address in the range advertised by the router.




rxforcomputers

#14
OK, I've removed all of these other, supposedly irrelevant, settings that I had mistakenly put into the configuration and still not working, unfortunately. So this brings me, hopefully, to one last question ...

On the screen Networking > IPv6 > IPv6 Static Routing, I've set the IPv6Gateway to the HE endpoint server's v4 address, in the form of "::216.218.224.42". After setting this address in this field, the only thing that the GUI will let me choose without error for the line directly above it, Interface drop down, is "sit0 WAN". Is this how your's is set?

Now that I have culled out all of my FUBAR settings, the end just doesn't seem like very much configuration to get a tunnel working! Can't believe that it should be this easy ... if this works, I'll be thoroughly impressed with "Automatic Tunneling".

Cheers, Mark

EDIT -- and, BTW, now with the current configuration the only IPv6 address my clients (PCs) are getting is Link-Local, nothing routable ... This may be my only failure point right now and may be working once once I get v6 leases to come to the clients. Maybe RA isn't working for some reason?

I've dropped the /48 from my tunnel config on the HE side as well and removed any mention of it from my router configuration ...