• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

FreeBSD 8.0-RELEASE tunnel

Started by tabmow, October 24, 2010, 03:51:18 PM

Previous topic - Next topic

tabmow

Hi,

I am trying to get my tunnel going and can't seem to do it. I followed the instructions and trawled through the forums to no avail.
Here are the relevant sections of my configs:

gif1: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1280
        inet 64.251.22.161 --> 209.51.161.58 netmask 0xff000000
        inet6 2001:470:4:2dc::2 --> 2001:470:4:2dc::1 prefixlen 128
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        options=1<ACCEPT_REV_ETHIP_VER>

Internet6:
Destination                       Gateway                       Flags      Netif Expire
default                           2001:470:4:2dc::1             UGS        gif1
::1                               ::1                           UH          lo0
2001:470:4:2dc::1                 2001:470:4:2dc::2             UH         gif1
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff01:3::/32                       fe80::1%lo0                   U           lo0
ff01:5::/32                       2001:470:4:2dc::2             U          gif1
ff02::%lo0/32                     fe80::1%lo0                   U           lo0
ff02::%gif1/32                    2001:470:4:2dc::2             U          gif1

pf firewall:
# Pass ipv6 tunnel
pass in proto 41 from $ipv6 to $if  keep state (other.multiple 86400)
pass out proto 41 from $if to $ipv6 keep state (other.multiple 86400)
pass out inet6 proto ipv6-icmp from any to any icmp6-type echoreq keep state allow-opts
pass in inet6 proto ipv6-icmp from any to any icmp6-type echoreq keep state (max 32)

$ipv6 = gif1 (ipv6 tunnel int)
$if = vr0 (ipv4 int)

I can't even ping my local IP address:
[got][~]# ping6 2001:470:4:2dc::1
PING6(56=40+8+8 bytes) 2001:470:4:2dc::2 --> 2001:470:4:2dc::1
ping6: sendmsg: Network is down
ping6: wrote 2001:470:4:2dc::1 16 chars, ret=-1
ping6: sendmsg: Network is down
ping6: wrote 2001:470:4:2dc::1 16 chars, ret=-1

Any ideas?

Also for sake of getting the tunnel working across reboots, I have created the following in rc.conf:
#IPv6 Tunnel
ipv6_enable="YES"
gif_interfaces="gif1"
gifconfig_gif1="64.251.22.161 209.51.161.58"
ipv6_network_interfaces="gif1 lo0"
ipv6_ifconfig_gif1="2001:470:5:2dc::2/64"
ipv6_defaultrouter="-interface gif1"

Could anyone please lend a hand and let me know what I am doing wrong?
The ipv4 address I have assigned for my endpoint of the tunnel is one of my available IP addresses which is an alias to vr0.

Thanks in advance.

Terry

jimb

::2 is yer local IP, not ::1.

If your BSD box is behind a NAT, use the interface IPv4 address, not the NATed address.

Make sure ip and ipv6 routing is turned on, presuming BSD has such a setting (not real up on BSD kernels).

You may also want to try including your enet interface in the "ipv6" interfaces, since it might require it for some odd reason.

-Jim

tabmow

[got][~]# sysctl -a | grep forwarding
net.inet.ip.forwarding: 1
net.inet6.ip6.forwarding: 1

Forwarding is both enabled... I am not behind a NAT at all either.

When trying to ping my local address (sorry about previous post, was a typo):

[got][~]# ping6 2001:470:4:2dc::2
PING6(56=40+8+8 bytes) 2001:470:4:2dc::2 --> 2001:470:4:2dc::2
ping6: sendmsg: Network is down
ping6: wrote 2001:470:4:2dc::2 16 chars, ret=-1
ping6: sendmsg: Network is down
ping6: wrote 2001:470:4:2dc::2 16 chars, ret=-1

At a bit of a loss now...

jimb

I also notice prefixlen 128.  It should be a /64, unless it's some BSD peculiarity. 

cholzhauer

The prefix length on your tunnel should be 64

Try this in /etc/rc.conf

gif_interfaces="gif1"
gifconfig_gif1="64.251.22.161 209.51.161.58"
ipv6_network_interfaces="[your_interface_here] gif1 lo0"
ipv6_prefix_nfe0="2001:470:c27d:d000"
ipv6_gateway_enable="YES"
ipv6_ifconfig_gif1="2001:470:5:2dc::2/64"
ipv6_defaultrouter="-interface gif1"


From what I saw, you did not include your primary interface in the "ipv6_interfaces=..." line  (eth0, em0, ect)