• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 newbie, Ubuntu, dd-wrt - cannot get tunnel to work

Started by ratcheer, February 19, 2011, 08:31:19 AM

Previous topic - Next topic

ratcheer

I have been around and around for several days, so I will ask for help. At one point I had my tunnel working with IP Passthrough using my DSL modem as the router, but I really want it to be more secure than that.

So, I installed dd-wrt on my wireless router and enabled IPv6. I also allowed anonymous pings in the router software. dd-wrt version is DD-WRT v24-sp2 (09/18/10) std-nokaid-nohot-nostore - build 15230M NEWD Eko.

On Ubuntu 10.10, I ran the following commands, all successfully:
sudo modprobe ipv6
sudo ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local xx.xxx.xxx.xxx ttl 255  <-- using my WAN IP address. Should I use the NAT address?
sudo ip link set he-ipv6 up
sudo ip addr add 2001:470:7:b57::2/64 dev he-ipv6
sudo ip route add ::/0 dev he-ipv6
sudo ip -f inet6 addr

Then I allowed IPv6 in the Linux ufw firewall, stopped the ufw service, and started it again.

I have seen very complex scripts in the dd-wrt forums for getting the HE tunnel working. Do I need to get into all of that? Shouldn't the above be enough?

Thanks,
Tim

antillie

I believe that most of those scripts revolve around dynamically updating the IPv4 tunnel endpoint for people that have a dynamic IPv4 address at their location. I think some of them handle automatically setting up the tunnel, radvd, and ip6tables after a reboot as well. And I think I saw one somewhere that dealt with dynamically updating IPv6 DNS records.

If you don't need any of those things then I wouldn't worry about the scripts too much. The Linux template on HE.net's site should be all you really need to get IPv6 connectivity up and running. If you can ping ipv6.google.com you should be pretty much set. However it might be worth looking into the scripts that setup things automatically during boot up just to save yourself the hassle of re doing everything if your box happens to loose power.

ratcheer

Thank you for your response, antillie.

Ok, my WAN IP is static, so I don't need to worry about that part.

I don't understand whether I need radvd. I saw that it is for "routed subnets", but I'm not sure what that means. I have a single-layer NAT subnet and I would hope that that is not what it is referring to.

But, I cannot ping or surf to ipv6.google.com. And, if I try to run the simple port scan from he.net, it tells me that my host appears to be down.

So, I am lost. Like I said, I was able to get full ipv6 tunnel functionality when I exposed my PC to the external IP by setting IP Passthrough. But that seems far too insecure.

I think I will redefine my client-side with my NAT address and see if that works.

Tim

ratcheer

#3
Quote
I think I will redefine my client-side with my NAT address and see if that works.

And that fixed it. So simple, why didn't I try it before?

Problem Solved


Tim