• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Explorer test - web browser not seeing ipv6

Started by thinkdesignprint, August 03, 2010, 10:52:22 PM

Previous topic - Next topic

cholzhauer

Yeah, EOL is usually bad ;)

Seems like everyone has been trying to use Vista/Windows lately for this, must be an epidemic or something

I take it you've ran the commands off the website


netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 123.456.789.011 123.456.789.012
netsh interface ipv6 add address IP6Tunnel 2001:db8:1234::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:db8:1234::1


And customized it for your own needs  (make sure if you're behind NAT, and I think you are, that you use the NAT'd address on your windows machine)

Make sure your firewall is passing protocol 41 (you might need to move your host to the DMZ or equivalent)  You'll need to use Wireshark or something to sniff the traffic and see what's going on.  Like you said, the linux machine would be better/easier because it is your router and is connected to every part of your network.


thinkdesignprint

Quote from: cholzhauer on August 04, 2010, 04:46:24 PM
Yeah, EOL is usually bad ;)
yes.

Quote
Seems like everyone has been trying to use Vista/Windows lately for this, must be an epidemic or something
Well with the media running around telling people that the sky is falling, we're having to get our skates on.

Quote
I take it you've ran the commands off the website


netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 123.456.789.011 123.456.789.012
netsh interface ipv6 add address IP6Tunnel 2001:db8:1234::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:db8:1234::1


And customized it for your own needs  (make sure if you're behind NAT, and I think you are, that you use the NAT'd address on your windows machine)

yes, did all that. (10 times)

Quote
Make sure your firewall is passing protocol 41 (you might need to move your host to the DMZ or equivalent)  You'll need to use Wireshark or something to sniff the traffic and see what's going on. 
Yes... that's about the point where I think I'm going to bow out of trying to tunnel to this pc...

Quote
Like you said, the linux machine would be better/easier because it is your router and is connected to every part of your network.
Yip...

but just to add to my fun radvd isn't installed on my Centos4 box and the repos have now gone... so how I'm going to get it and iptables6 is an issue...

I know I'm going to have to upgrade the fw eventually... but I've been putting that off...

See how we go.

Cheers for the help.

Don

cholzhauer

Good luck.

My plug is FreeBSD...fast, free, and easy to spin up in a VM if need be

thinkdesignprint

Quote from: cholzhauer on August 04, 2010, 05:18:00 PM
Good luck.
Thanks :)

Quote
easy to spin up in a VM if need be
Thought about that and then realized without protocol41 routing it won't be much help.

I've got debian5 vm running on my laptop all the time now.

Cheers Don


thinkdesignprint

Ok getting there...

choose linux-route2 instructions...

not sure I understand them but pasted anyway...

ip -f inet6 addr gave me output that I don't understand.

I can ping my IP - 2001:470:c:8e3::2 but I can't ping the gateway 2001:470:c:8e3::1 and I can't ping my VPS:  2403:cc00:1000:0:200:20ff:fe01:8502

Not sure what I'm doing wrong.  Suggestions?

Cheers Don

[root@bowenvale etc]# ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 184.104.87.104 ttl 255
[root@bowenvale etc]# ip link set he-ipv6 up
[root@bowenvale etc]# ip addr add 2001:470:c:8e3::2/64 dev he-ipv6
[root@bowenvale etc]# ip route add ::/0 dev he-ipv6
[root@bowenvale etc]# ip -f inet6 addr
1: lo: <LOOPBACK,UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qlen 1000
    inet6 fe80::230:4fff:fe13:2b02/64 scope link
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
    inet6 fe80::205:1cff:fe06:1236/64 scope link
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qlen 1000
    inet6 fe80::20e:2eff:fe69:39a2/64 scope link
       valid_lft forever preferred_lft forever
6: he-ipv6@NONE: <POINTOPOINT,NOARP,UP> mtu 1480
    inet6 2001:470:c:8e3::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::b868:5768/128 scope link
       valid_lft forever preferred_lft forever
[root@bowenvale etc]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:4F:13:2B:02
          inet addr:121.73.114.171  Bcast:121.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::230:4fff:fe13:2b02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:128816095 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31626277 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1748958641 (1.6 GiB)  TX bytes:1194281515 (1.1 GiB)
          Interrupt:5 Base address:0xd800

cholzhauer

VPS = Virtual private server?  Not sure what that is

And what's with the 2403 address?

You still need a IPv6 address on eth0 

I dunno what your routed /64 is, but it's probably something like


ip addr add 2001:470:c:8e2::2/64 dev eth0



thinkdesignprint

Quote from: cholzhauer on August 04, 2010, 06:04:27 PM
VPS = Virtual private server?  Not sure what that is
Yes. 

Quote
And what's with the 2403 address?
Sorry...  not with you on that one yet...

TDP:thinkdesignprint.co.nz>_ ~# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:00:20:01:85:02
          inet addr:117.121.243.25  Bcast:117.121.243.255  Mask:255.255.255.0
          inet6 addr: 2403:cc00:1000:0:200:20ff:fe01:8502/64 Scope:Global
          inet6 addr: fe80::200:20ff:fe01:8502/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:17415903 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6521116 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2696493719 (2.5 GiB)  TX bytes:5064169671 (4.7 GiB)


Did I grab the wrong address to show you...  I don't understand what the Scope stuff means yet.


Quote
You still need a IPv6 address on eth0 

I dunno what your routed /64 is, but it's probably something like


ip addr add 2001:470:c:8e2::2/64 dev eth0




Ok that makes sense...

Ok... added that and still no ping to :1

modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 184.104.87.104 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:c:8e3::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

ip addr add 2001:470:c:8e2::2/64 dev eth0


There's the commands I've issued again...

Haven't I now allocated :2 in two places?
ip addr add 2001:470:c:8e3::2/64 dev he-ipv6
ip addr add 2001:470:c:8e2::2/64 dev eth0

Sorry, I know my linux routing skills here are lacking...  I do appreciate your patients with me.  I feel like a right knob right now :)

Cheers Don

broquea

Review your tunnel's details page and you'll see the difference between the tunnel /64 and routed, and in BOLD

I refuse to use big red <BLINK> tags

patrickdk

2403:: is valid, it's allocated from APNIC's 2400::/12

inet6num:       2403:CC00:1000::/36
netname:        GPLHOST
descr:          Virtual Private Server (VPS) Hosting Services

thinkdesignprint

Quote from: broquea on August 04, 2010, 06:31:41 PM
Review your tunnel's details page and you'll see the difference between the tunnel /64 and routed, and in BOLD

I refuse to use big red <BLINK> tags

Ok.  Sorry, all I did was follow the suggested install stuff.  I confess I just don't understand enough about this stuff yet.  With ipv4 I don't route, I just nat stuff about, and only in a small way.  I can see that this v6 stuff is going to require more understanding about routing.

I think I follow...

I've assigned the wrong IP to eth0


ip addr add 2001:470:c:8e2::2/64 dev eth0

should have been...

ip addr add 2001:470:d:8e3::2 dev eth0

Yes?

Now do I reasign it?  Do have have to remove the address or will it just over write it?

Do you have any recommended reading so I don't ask so many idiot questions?

Cheers Don

cholzhauer

Quote
2403:: is valid, it's allocated from APNIC's 2400::/12

inet6num:       2403:CC00:1000::/36
netname:        GPLHOST
descr:          Virtual Private Server (VPS) Hosting Service

Sorry, I had never heard of that before.

You need to delete the first address...I assume the syntax is something like


ip addr delete 2001:470:c:8e2::2/64 dev eth0
ip addr add 2001:470:c:8e3::2/64 dev eth0


Some of the things in here might help

http://ipv6.he.net/presentations.php

thinkdesignprint

Thanks for your help guys... fixed it :)

See: http://www.bowenvale.co.nz/ipv6/ and http://www.bowenvale.co.nz/ipv6/?p=10

Got it all working in the end...

Quick summary:

    * Both ends of the 6to4 tunnel need to have a public IPv4 address
      (thought I guess you can probably do some dodgy NAT if you're
      forwarding protocol 41).
    * You only need to run one tunnel from one device on your LAN to HE.
      After that you route a /48 to you to get other things connected.
    * Protocol 41 needs to be allowed, and needs to be near the top of your
      firewall chain, not at the bottom :)
    * You need to tell HE your correct IPv4 end point.
    * You need to get a /48 routed to you by HE and assign a /64 out of
      that to your LAN.
    * You need to turn on ipv6 forwarding – echo "1"
      > >/proc/sys/net/ipv6/conf/all/forwarding.
    * Keep things simple. Use static addressing to start with, then maybe
      look at Radvd or DHCPv6.

Hopefully this could save someone a few dramas in the future.