• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

SOLVED - problems getting tunnel working on freebsd

Started by st0ner, September 17, 2010, 12:40:05 PM

Previous topic - Next topic

st0ner

hello,

i created 2 tunnels to test with, the first one i did was to test how the tunnel works and how i would set it up on a freebsd here at home, after reading and searching around i got it working just fine.

after that i created a second tunnel that im planning to use on  a dedicated server on the internet, since it was freebsd as well i did exactly the same steps i did to get the tunnel running from my home freebsd with changing the proper ip addresses ofcourse.

at home i was behind a LAN so i had to use my freebsd local machine ipv4 to get the tunnel working instead of my external ipv4 that i used to create the tunnel, in my dedicated server thats hosted is not behind a LAN obviously and it has no firewall running, the remote server has 2 ips dedicated to it, one ipv4 is acting as the gateway and the other ipv4 is the machine ip address. i tried both ipv4 address to get the tunnel running but it does not seem to work.

i can ping6 my own ipv6 address i added to the machine but not the internet.

when i 'ping6 ipv6.google.com' for example it just sits there doing nothing:

root@smoker# ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:1f10:6d4::3 --> 2001:4860:800f::67


if i try to run 'tcpdump -i gif0' nothing shows up at all.. no packets are coming in i guess.

if i run 'tcpdump -i gif0'  while i try to ping6 ipv6.google.com from a different user i get this results:

#14:57:39.973376 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 0, length 16
#14:57:40.974019 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 1, length 16
#14:57:41.974034 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 2, length 16
#14:57:42.973007 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 3, length 16
#14:57:43.973012 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 4, length 16
#14:57:44.972973 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:44.973056 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 5, length 16
#14:57:45.972976 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:45.973084 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 6, length 16
#14:57:46.972973 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:46.973054 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 7, length 16
#14:57:47.973019 IP6 2001:470:1f10:6d4::3 > iad04s01-in-x68.1e100.net: ICMP6, echo request, seq 8, length 16
#14:57:52.972978 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:53.972972 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24
#14:57:54.972973 IP6 2001:470:1f10:6d4::3 > st0ner-4.tunnel.tserv9.chi1.ipv6.he.net: ICMP6, neighbor solicitation, who has st0ner-4.tunnel.tserv9.chi1.ipv6.he.net, length 24



any suggestion on what might be wrong?


thanks in advance

cholzhauer

Off the top of my head...you mentioned that the first tunnel works and that it's not behind a firewall, and that your second tunnel doesn't work and it is behind a firewall.

Are you sure that your firewall is passing protocol 41 traffic to your host?

st0ner

thanks for the fast reply.

actually, the one thats working from home is behind a firewall and i managed to get it working fine,

the second one is not behind a firewall/NAT/LAN and its the one im having problems with.


is there a way for me to make sure that protocol 41 is running? because from what i tell there is no firewall running at all

cholzhauer

Whoops, sorry for reading that wrong.

Quote
is there a way for me to make sure that protocol 41 is running?

I don't know of one, but I'd love to hear if someone else knows of one; it'd certainly be handy.  If you're not behind a firewall, then this probably isn't your issue

What do your routing tables and the output of ifconfig show?

st0ner

this is netstat -r

Internet6:
Destination        Gateway            Flags      Netif Expire
default            st0ner-4.tunnel.ts UGS        gif0
localhost          localhost          UHL         lo0
st0ner-4.tunnel.ts link#3             UHL        gif0
st0ner-4-pt.tunnel link#3             UHL         lo0
2001:470:1f10:6d4: link#3             UHL         lo0
fe80::%lo0         fe80::1%lo0        U           lo0
fe80::1%lo0        link#2             UHL         lo0
ff01:2::           fe80::1%lo0        UC          lo0
ff01:3::           link#3             UC         gif0
ff02::%lo0         fe80::1%lo0        UC          lo0
ff02::%gif0        link#3             UC         gif0



and this is ifconfig gif0:

ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 64.18.148.193 --> 209.51.181.2
        inet6 2001:470:1f10:6d4::3 --> 2001:470:1f10:6d4::1 prefixlen 128
        inet6 2001:470:1f10:6d4::2 --> 2001:470:1f10:6d4::1 prefixlen 128


cholzhauer

Quote
inet6 2001:470:1f10:6d4::3 --> 2001:470:1f10:6d4::1 prefixlen 128

This isn't any good...2001:470:1f10:6d4::3 doesn't exist.  If this is the address you added to eth0, it won't work; you need to add an address from your routed /64 (check the 3rd quad)

What is the whole output of ifconfig?

FWIW, I had to use gif1 instead of gif0 to make my stuff work.  What version of freebsd?

from /etc/rc.local


gif_interfaces="gif1"
gifconfig_gif1="12.199.185.10 209.51.181.2"
ipv6_network_interfaces="nfe0 gif1 lo0"
ipv6_prefix_nfe0="2001:470:c27d:d000"
ipv6_gateway_enable="YES"
ipv6_ifconfig_gif1="2001:470:1f10:2aa::2/64"
ipv6_defaultrouter="-interface gif1"

st0ner

i just tried using gif1 instead of gif0 and its still the same

this is what i have in my /etc/rc.conf

##ipv6 HE tunnel
ipv6_enable="YES"
ipv6_defaultrouter="2001:470:1f10:6d4::1"
gif_interfaces="gif1"
gifconfig_gif1="64.18.148.193 209.51.181.2"
Ipv6_ifconfig_gif1="2001:470:1f10:6d4::2 2001:470:1f10:6d4::1 prefixlen 128"


this is ifconfig:

vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 64.18.148.194 netmask 0xff000000 broadcast 255.255.255.192
        inet 64.18.148.195 netmask 0xffffffff broadcast 64.18.148.195
        ether 00:e0:4c:c9:41:e4
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet6 ::1 prefixlen 128
        inet 127.0.0.1 netmask 0xff000000
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 64.18.148.193 --> 209.51.181.2
        inet6 2001:470:1f10:6d4::2 --> 2001:470:1f10:6d4::1 prefixlen 128


the gateway ip is 64.18.148.193 .. ive used the first usuable ip 64.18.148.194 and it did not work and thats when i tried to use the gw address instead.



cholzhauer

Quote
Ipv6_ifconfig_gif1="2001:470:1f10:6d4::2 2001:470:1f10:6d4::1 prefixlen 128"

I think that could be your problem

This is what mine looks like


gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
        tunnel inet 12.199.185.10 --> 209.51.181.2
        inet6 fe80::2e0:8100:28:1a5c%gif1 prefixlen 64 scopeid 0x6
        inet6 2001:470:1f10:2aa::2 prefixlen 64
        options=1<ACCEPT_REV_ETHIP_VER>


Why don't you try and use this in your /etc/rc.conf?


ipv6_enable="YES"
gif_interfaces="gif1"
gifconfig_gif1="164.18.148.194 209.51.181.2"
ipv6_network_interfaces="vr0 gif1 lo0"
ipv6_gateway_enable="YES"
ipv6_ifconfig_gif1="2001:470:1f10:6d4::1/64"
ipv6_defaultrouter="-interface gif


I don't know what your routed /64 is, but you could add that into the config like I have, then FreeBSD would automagically assign you an IPv6 address.

(I assume it's "2001:470:1f11:6d4::1/64", but you'll want to check)

I'm confused on your IPv4 stuff too.  You're running /8 on .194 and a /32 on .195, and they have completely different broadcasts.

st0ner

thanks alot cholzhauer

it worked just fine after doing the changes you made.

im gonna mark this as SOLVED.