• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How to setup a ipv6 tunnel with a PPTP Connection?

Started by bearice, June 21, 2010, 05:38:56 AM

Previous topic - Next topic

bearice

Well, had anybody made a succeeful setup to HE-TunnelBroker with a PPTP connection? I tried but it seems does not work:
PPP0 is the PPTP virtual interface

root@crc:/etc# tcpdump -i ppp0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 96 bytes
20:14:49.208189 IP bearice-2.tserv3.fmt2.dyn.he.net > tserv3.fmt2.ipv6.he.net: IP6 bearice-2-pt.tunnel.tserv3.fmt2.ipv6.he.net > bearice-2.tunnel.tserv3.fmt2.ipv6.he.net: ICMP6, echo request, seq 1, length 64
20:14:49.509491 IP tserv3.fmt2.ipv6.he.net > bearice-2.tserv3.fmt2.dyn.he.net: IP6 bearice-2.tunnel.tserv3.fmt2.ipv6.he.net > bearice-2-pt.tunnel.tserv3.fmt2.ipv6.he.net: ICMP6, echo reply, seq 1, length 64
20:14:50.208404 IP bearice-2.tserv3.fmt2.dyn.he.net > tserv3.fmt2.ipv6.he.net: IP6 bearice-2-pt.tunnel.tserv3.fmt2.ipv6.he.net > bearice-2.tunnel.tserv3.fmt2.ipv6.he.net: ICMP6, echo request, seq 2, length 64
20:14:50.509896 IP tserv3.fmt2.ipv6.he.net > bearice-2.tserv3.fmt2.dyn.he.net: IP6 bearice-2.tunnel.tserv3.fmt2.ipv6.he.net > bearice-2-pt.tunnel.tserv3.fmt2.ipv6.he.net: ICMP6, echo reply, seq 2, length 64

However:
root@crc:/etc# tcpdump -i he-ipv6
tcpdump: WARNING: he-ipv6: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on he-ipv6, link-type RAW (Raw IP), capture size 96 bytes
20:16:08.041850 IP6 bearice-2-pt.tunnel.tserv3.fmt2.ipv6.he.net > bearice-2.tunnel.tserv3.fmt2.ipv6.he.net: ICMP6, echo request, seq 1, length 64
20:16:09.050482 IP6 bearice-2-pt.tunnel.tserv3.fmt2.ipv6.he.net > bearice-2.tunnel.tserv3.fmt2.ipv6.he.net: ICMP6, echo request, seq 2, length 64

It seems that reply packets are droped. ???
Of course i did not have any iptable filters.

jimb

Did you click the little box that says use PPTP connection for tunnel on the tunnel details page?

bearice

Emm i don't got a X here, could you tell me how to apply this in a console?
or you mean "VPN is Tunnel Endpoint" in tunnel detail page of HE? Yes it's selected.

jimb


bearice

@jimb OK, i'm done. thank you for help :)

I found following commands are important if using ip6tunnel in a pptp
echo "1 admin" >> /etc/iproute2/rt_tables
ip route add default dev ppp0 table admin
ip rule add from your_ip_from_he table admin

and BTW, when creating the tunnel, use
Quoteip tunnel add he-ipv6 mode sit remote X.X.X.X local Y.Y.Y.Y ttl 255 dev ppp0

jimb

Quote from: bearice on June 22, 2010, 12:39:38 AM
@jimb OK, i'm done. thank you for help :)

I found following commands are important if using ip6tunnel in a pptp
echo "1 admin" >> /etc/iproute2/rt_tables
ip route add default dev ppp0 table admin
ip rule add from your_ip_from_he table admin

and BTW, when creating the tunnel, use
Quoteip tunnel add he-ipv6 mode sit remote X.X.X.X local Y.Y.Y.Y ttl 255 dev ppp0
BTW, thank mthode, he's the one that did that howto.

Those commands you talk about are to set up a policy route.  This is needed for Linux because the both the PPTP server and the 6in4 server have the same IPv4 address.  Since routing normally only pays attention to destination addresses, and because the PPTP software puts a host route into the main routing table for the HE server so that the PPTP traffic doesn't try to use the ppp0 interface itself, a "special case" route is put in so that when the source IPv4 matches the PPTP assigned IP, it uses a different routing tabled (called "admin" in this case), which has the default route pointing through the ppp0 interface.  This way, "normal" traffic uses your standard default route, and traffic originating from the PPTP IPv4 (such as your 6in4 tunnel's traffic) takes the PPTP tunnel.

Yeh.  Always a good idea to specify the device when you're setting up the 6in4 tunnel.  I don't think it's required, but I wouldn't trust it to guess the right interface.  :P