• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Need help Configuring a tunnel under *BSD & MacOS X

Started by annoyingspore, August 03, 2010, 11:03:36 PM

Previous topic - Next topic

annoyingspore

I seem to have some problem creating a tunnel, whether mac,windows, or linux. i checked on certification page, and only shows IPv4. it seems to me since i have a dynamic IP address, it makes sense to tunnel through using the VPN. but no matter which way i try, including using my router DHCP address (I am behind a DSL modem), no IPv6.

this is my ifconfig :

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
       inet 127.0.0.1 netmask 0xff000000
       inet6 ::1 prefixlen 128
       inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
       tunnel inet 184.104.31.133 --> 209.51.181.2                                                (VPN client IP4  --> server IP4)
       inet6 2001:470:1f10:835::2 --> 2001:470:1f10:835::1 prefixlen 128              (IP6 client  --> server IP6)
stf0: flags=0<> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
       inet6 fe80::230:65ff:fe73:97ea%en0 prefixlen 64 scopeid 0x5
       inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
       ether 00:30:65:73:97:ea
       media: 100baseTX <full-duplex> status: active
       supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>

i did set route by: route -n add -inet6 default 2001:470:1f10:835::1 , although i dont know how to check if it is right, other then it says file exists already.

first problem is, when i connect using VPN , he.net/tunnelbroker.net, and sometimes google load realllllyyy slowww. the VPN works fine, i am using it in DNS records to point to webpages. everything seems to look ok, i dont see the problem.

cholzhauer

Quote
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::230:65ff:fe73:97ea%en0 prefixlen 64 scopeid 0x5
        inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:30:65:73:97:ea
        media: 100baseTX <full-duplex> status: active
        supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>

You should assign a public IPv6 address to en0  (either out of your routed /64 or /48)

theultramage

#2
Quotetunnel inet 184.104.31.133 --> 209.51.181.2                                                (VPN client IP4  --> server IP4)
I don't see this vpn interface listed anywhere. You said your vpn connection works, but you should include it in the ifconfig list.
If you experience slowdowns, try some basic diagnostics - ping, traceroute + timing, maybe wireshark.
The only problem I had with ipv6 and google was that their MTU handling was broken; they have since notified me that they fixed that.

Finally, in my topic I'm also trying to get the pptp+ipv6 combo to work, and with a setup like yours, the ping replies arrive but don't get delivered to the application that sent them.

annoyingspore

Quote from: cholzhauer on September 03, 2010, 08:27:50 AM
Quote
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::230:65ff:fe73:97ea%en0 prefixlen 64 scopeid 0x5
        inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:30:65:73:97:ea
        media: 100baseTX <full-duplex> status: active
        supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>

You should assign a public IPv6 address to en0  (either out of your routed /64 or /48)

but i thought that interface didnt matter. gif0 is the tunnel. i was following the instructions implicitly that they gave for OS 10.4 .
this whole thing is kind of a mess at this point. i am trying to get my DNS and theirs synced and use my personal domain name locally, and have it point from outside to my tunnel static IP. i am thinking now it just isnt possible. the problem partly seems to be there are 2 IPs, one my local inside the DSL's NAT, and the other the tunnel.

annoyingspore

Quote from: theultramage on September 05, 2010, 06:48:20 AM
Quotetunnel inet 184.104.31.133 --> 209.51.181.2                                                (VPN client IP4  --> server IP4)
I don't see this vpn interface listed anywhere. You said your vpn connection works, but you should include it in the ifconfig list.
If you experience slowdowns, try some basic diagnostics - ping, traceroute + timing, maybe wireshark.
The only problem I had with ipv6 and google was that their MTU handling was broken; they have since notified me that they fixed that.

Finally, in my topic I'm also trying to get the pptp+ipv6 combo to work, and with a setup like yours, the ping replies arrive but don't get delivered to the application that sent them.

the ifconfig of the VPN just says ppp0, POINTTOPOINT and next line inet 'my VPN IP' 'the server's IP'
even without the VPN, he.net does not ping, says unknown host. i think one problem could be you HAVE to use there DNS, except i cant seem to find the address of it. another thing, maybe even with a VPN the router still has to pass protocol41, and maybe my cheap diamondmax DSL doesnt.

annoyingspore

Quote from: cholzhauer on September 03, 2010, 08:27:50 AM
Quote
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet6 fe80::230:65ff:fe73:97ea%en0 prefixlen 64 scopeid 0x5
        inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
        ether 00:30:65:73:97:ea
        media: 100baseTX <full-duplex> status: active
        supported media: none autoselect 10baseT/UTP <half-duplex> 10baseT/UTP <full-duplex> 10baseT/UTP <full-duplex,hw-loopback> 100baseTX <half-duplex> 100baseTX <full-duplex> 100baseTX <full-duplex,hw-loopback>

You should assign a public IPv6 address to en0  (either out of your routed /64 or /48)

I am sorry, that last bit i didnt get at all: routed /64 or /48? I thought your supposed to use 128.
i cant seem to delete IP6 address with ifconfig in Mac OS X. should be 'ifconfig 'interface' delete 'address' ? says 'bad value'. it wont even let me unplumb it.

cholzhauer

A /128 is one address.

HE assigns you a /64 when you create your account, and a /48 if you ask for it.

Quote
i am thinking now it just isnt possible.

The only way this is not possible is if your ISP isn't passing protocol41 or allowing ICMP.

If you're behind a NAT, you need to use your NAT'd IP address (192, 10, 172, ect)
 
Have you seen this?  http://pugio.net/2009/01/enable-ipv6-on-mac-os-x-the-tu.html

annoyingspore

Quote from: cholzhauer on September 27, 2010, 05:10:40 AM
A /128 is one address.

HE assigns you a /64 when you create your account, and a /48 if you ask for it.

Quote
i am thinking now it just isnt possible.

The only way this is not possible is if your ISP isn't passing protocol41 or allowing ICMP.

If you're behind a NAT, you need to use your NAT'd IP address (192, 10, 172, ect)
 
Have you seen this?  http://pugio.net/2009/01/enable-ipv6-on-mac-os-x-the-tu.html

yes, my dsl router passes ICMP. doesnt say anything about protocol41.
I think the problem could be that I used my tunnelbroker VPN static IPv4 as the endpoint, which may be confusing it or creating some kind of recursive loop, i havent thought it out that much yet, maybe i should just get the public IP working first.

cholzhauer

Quote
maybe i should just get the public IP working first.

Yeah, I think that'd be a good idea.

Which OS are you using now to try your tunnel?

annoyingspore

Quote from: cholzhauer on September 28, 2010, 06:49:50 PM
Quote
maybe i should just get the public IP working first.

Yeah, I think that'd be a good idea.

Which OS are you using now to try your tunnel?

well, i got it to work using my dsl router's public IP using ubuntu linux. i used the computers local net IP as endpoint. would it be wise to use same tunnel on another computer in my local net (that obviously has different local IP) but same router address? or should i make another tunnel (that points at same dsl router)?

annoyingspore

I kind of wonder, if you have one tunnel set up in your local net, why need to set up any more? can they just use that one computer as tunnel?

cholzhauer

You only need one tunnel.

After your tunnel is working, you need to assign addresses either out of your routed /64, or if you need more than one network, ask for a /48 and dole those out as /64's

To do this, you can manually assign addresses, use router advertisement, or DHCPv6

annoyingspore

But wouldnt I have to set that computer up to be a router or use DHCPv6 ? It wouldnt just automatically no how to route IPv6 packets would it?

cholzhauer

It depends.  If you're using just your routed /64, it would just "know".  If you're using your /48, you'll have to create some routes on it.

annoyingspore

So what should I set as the default route on clients? the tunnel Client IPv6 Address or Server IPv6 Address? how does it know to jump subnets, for instance the tunnel is on 2001:470:1f10:xxx and the route /64 is 2001:470:1f11:xxx ? are you sure the tunnel client doesnt also need to forward packets? for IPv4 I just set up some simple iptables masquerade.