Print

[sonicrules1234]

Hi, I'm getting some errors when trying to connect using the tunnel.
I am getting a no route to host error.

Here's the output of ping6

westly@westly-laptop /usr/src/linux $ ping6 ipv6.google.com
PING ipv6.google.com(nuq04s01-in-x63.1e100.net) 56 data bytes
From sonicrules1234-1-pt.tunnel.tserv3.fmt2.ipv6.he.net icmp_seq=1 Destination unreachable: Address unreachable

I am using gentoo linux.

[jimb]

Need a bit more detail.  Did you add the IPv6 default route through your tunnel interface?

[sonicrules1234]

Not sure what you mean by default route.

Here is part of my ifconfig

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f04:cbe::2/64 Scope:Global
          inet6 addr: fe80::476c:8e08/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:219 dropped:0 overruns:0 carrier:219
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

[patrickdk]

still same question, ifconfig doesn't show anything useful, except your ip address

ip -6 route show

Will give the most useful info as far as that goes.

Here is how I configure my interface on a debian/ubuntu type system in /etc/network/interfaces

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:470:7:xxxx::2
    netmask 64
    local my.ipv4.ip.addr
    endpoint 216.66.22.2
    gateway ::216.66.22.2
    ttl 255
    mtu 1480

[broquea]

Can't ping his side of tunnel from the tunnel-server itself. I suspect NAT not passing Protocol41 or some route misconfiguration on client side.

[jimb]

Presuming you have the the actual tunnel up (not sure given the last post), you need a default route.

You'd add this by doing: 

ip route add default via <IPv6 of other side of tunnel (the ::1 address)> dev <tunnel device name>


Under gentoo you can add this in /etc/conf.d/net like this: 

routes_<tunnel device name>=( "default via <IPv6 of other side of tunnel (the ::1 address)> dev <tunnel device name>" )


Under ubuntu /etc/network/interfaces add the line to your inet6 v4tunnel section:

gateway <IPv6 of other side of tunnel (the ::1 address)>


As for the tunnel not working, test this by trying to ping the other side of the tunnel (gateway) from that machine.  If you can't get a ping even there, then your 6in4 tunnel isn't working.  Make sure firewall isn't blocking it.  If you're behind a NAT, make sure you're using the real address of the machine, not your NATed public IP.  Make sure your NAT box is passing IP protocol #41 to your router.

[sonicrules1234]

Sorry about not posting enough info.  I didn't know what to post
I tried using that command to add a default route.  Nothing seemed to happen.
Here is the output of ip -6 route show

westly@westly-laptop /usr/src/linux $ sudo ip -6 route show
2001:470:1f04:cbe::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
fe80::/64 dev wlan0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
ff00::/8 dev wlan0  metric 256  mtu 1500 advmss 1440 hoplimit 0
ff00::/8 dev he-ipv6  metric 256  mtu 1480 advmss 1420 hoplimit 0
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0
default via 2001:470:1f04:cbe::1 dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0

[patrickdk]

Looks good to me, and I changed my routes to mirror what you have and it works here.

Probably like he said above, not passing protocol 41 over your router, or possible maybe your set the tunnel to the wrong ip?

[sonicrules1234]

How would I go about passing protocol41 over my router?

[sonicrules1234]

Ok, I changed the IP from my public one to my private one, 10.10.10.100.  Now I can connect, but its only one way.


westly-laptop westly # ping6 ipv6.google.comPING ipv6.google.com(nuq04s01-in-x93.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

[jimb]

You only need to do that if your box doesn't actually have an public IP.  If it's on the edge of your LAN, then use the public.  If it's behind a firewall/router and only has a private IP, use that.

On your firewall, make sure IP protocol 41 is able to pass out, and in, and is NATed back to your IPv6 router box.  Unfortunately some firewalls can't set up a static NAT for this.  But most will properly handle it if it's originated from behind the firewall by setting up a connection table entry.  However, if there is more than one box behind it trying to do 6in4 and being NATed to the same public IP, it will get confused, so make sure only your IPv6 router is trying to do 6in4.  You may also want to try the DMZ.