• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How can I add a second host from same WAN IP

Started by joeyreep, February 17, 2011, 12:51:36 AM

Previous topic - Next topic

joeyreep

Hi all,

I've successfully created a tunnel on 1 client within my network. Now I want to create a second tunnel (or configure the same tunnel?) on another host within my network. I configured this second host with the same commands as I did on the first host. Now the second host works but my first host doesn't anymore. Can't ping to any IPv6 addresses.

Does anyone know how to set up 2 IPv6 tunnels from 1 WAN IP?

cholzhauer

You don't need two tunnels...you need to have your first tunnel router share the connection with your second machine.

If it's on the same network, you just need to assign an address to your second machine out of your routed /64 (check your tunnel details page)

If it's on a different network, you need to request a /48 and pick a /64 out of there to assign to your second network.

joeyreep

Quote from: cholzhauer on February 17, 2011, 05:04:33 AM
You don't need two tunnels...you need to have your first tunnel router share the connection with your second machine.

If it's on the same network, you just need to assign an address to your second machine out of your routed /64 (check your tunnel details page)

If it's on a different network, you need to request a /48 and pick a /64 out of there to assign to your second network.

Thanks for your reply!

In the tunnel details I read:
We automatically assign a /64 to your account and route it via:
ipv6 route [routed64] [clientV6Endpoint]

This allows your endpoint device to operate as the router for this netblock and allows you to utilize DHCPv6 or RADVD to hand out IP's from this allocation to your internal network.

If you have more than one network segment please consider utilizing the /48 above.


Does this mean my first host operates as a router and therefore always has to be on?

cholzhauer

Quote
Does this mean my first host operates as a router and therefore always has to be on?

That would be correct.  That's why it's nice to terminate the tunnel on a device that's always on, like a firewall or router.


ratcheer

Quote from: cholzhauer on February 17, 2011, 06:08:01 AM
Quote
Does this mean my first host operates as a router and therefore always has to be on?

That would be correct.  That's why it's nice to terminate the tunnel on a device that's always on, like a firewall or router.



I am interested in exploring the above statement further. I am very new to all of this and I want to set up things in the best, most correct way.

I have an HE tunnel that, I think, terminates at the IPv4 WAN address of my DSL modem. The address is static. The DSL modem is then connected to an IPv6-capable router, which in turn is connected to a Gigabit ethernet switch. All of my PC's are connected to the LAN via this switch.

Then, on one client PC (Linux), I have everything working by having created a link to the ::2 address given to me by HE. I can ping6, surf to IPv6 web sites, and run the HE port scan.

Now, I would like to add a Windows 7 PC as a second client to my tunnel. Can I simply create a similar link to a ::3 address on my /64, or do I have to set up radvd on the Linux client and advertise it from there?

I would prefer to do it the first way and I am asking whether my configuration supports that. If it does not, I would like to find out how to reconfigure things so that it will. Having to control subsequent clients from the first client seems to me to be an unnecessary kludge.

Thank you,
Tim

cholzhauer

You can either assign an address manually or automatically through radvd.  However, you need to use a different subnet than your tunnel subnet.  On your tunnel info page, there's a line that says "routed /64" you need to use that subnet to assign addresses to your other computers.

So, if your subnet is 2001:db8:1234:4567/64, you could use 2001:db8:1234:4567::3 as the address on a host internally

ratcheer

Quote from: cholzhauer on February 22, 2011, 07:34:58 AM
You can either assign an address manually or automatically through radvd.  However, you need to use a different subnet than your tunnel subnet.  On your tunnel info page, there's a line that says "routed /64" you need to use that subnet to assign addresses to your other computers.

So, if your subnet is 2001:db8:1234:4567/64, you could use 2001:db8:1234:4567::3 as the address on a host internally

Clear as mud! Sorry, I'm still having trouble understanding.

Ok, my client address is 2001:470:7:b57::2/64 and my routed /64 is 2001:470:8:b57::/64. I notice, and I'm sure you are aware, that the third "node" of this address is different.

So, to a second client on the same subnet, I would configure it as 2001:470:8:b57::3 ? That is how I understand what you said, but I'm still having trouble grasping it.

Thanks,
Tim

cholzhauer

Quote
So, to a second client on the same subnet, I would configure it as 2001:470:8:b57::3 ? That is how I understand what you said, but I'm still having trouble grasping it.

Exactly.  The only time you would use 2001:470:7:b57::/64 is on your tunnel interface. (::2)  Once you have your tunnel working, forget about this address range.

On any other clients, and the "inside" interface of your router, you need to use 2001:470:8:b57::/64. 

So, lets say you had a Windows7 machine hosting your tunnel.  The IP address of your IP6Tunnel adapter is 2001:470:7:b57::2

Now, on your local area connection adapter, you would assign an address out of your routed /64, say 2001:470:8:b57::1.  Now, if you wanted to connect a second Windows7 machine on your lan, you could assign 2001:470:8:b57::2 to the local area connection on that machine.  Your default gateway on the second machine becomes your router.

ratcheer

Thank you very much. I will see if I can put that into practice.

Tim

ratcheer

I am still having trouble with this. I could not get radvd to start up on my Linux client, so I deleted the link to the tunnel and tried to implement radvd in my router. The router scripting bamboozles me, so I did it all manually, a command at a time into the router's command interface.

I believe I got everything configured on the router and got radvd started. Then I went back to my Linux client and ran:

tim@tim-mav-prod:~$ ip -f inet6 addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
    inet6 2001:470:8:b57:230:1bff:feb5:9a1d/64 scope global dynamic
       valid_lft 86357sec preferred_lft 14357sec
    inet6 fe80::230:1bff:feb5:9a1d/64 scope link
       valid_lft forever preferred_lft forever


So, it definitely picked up something from the router's radvd. Does that inet6 address look reasonable? It looks very strange, to me.

Anyway, I cannot surf or ping 6 from the Linux client. Here is a ping6 result:

ping6 ipv6.google.com
PING ipv6.google.com(yi-in-x69.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6048ms

I suppose I need to show all the commands I gave the router to set this all up:

insmod ipv6
ip tunnel add he-ipv6 mode sit remote 216.66.22.2 local 192.168.1.127 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:7:b57::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -6 addr add 2001:470:8:b57::/64 dev he-ipv6
ip -6 addr add 2001:470:8:b57::/64 dev br0
ip route add 2000::/3 dev he-ipv6
radvd -C /tmp/radvd.conf &


This is a lot of stuff, but can anyone give me help or advice? Thanks.

Tim

cholzhauer

Does everything still work on your router?

Let's see your routing tables and a copy if ipconfig/ifconfig from a non-working computer

Oh, and yes, that 2001 address on eth0 on tim-mav-prod looks correct.

ratcheer

Ok, looks like its not still working from the router. Looking Glass shows my IPv4 address, again. And pinging gives an IPv4 resolution. This is from the router:

PING ipv6.he.net (66.220.2.75): 56 data bytes
64 bytes from 66.220.2.75: seq=0 ttl=46 time=162.108 ms
64 bytes from 66.220.2.75: seq=1 ttl=46 time=96.203 ms
64 bytes from 66.220.2.75: seq=2 ttl=46 time=95.877 ms
--- ipv6.he.net ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 95.877/118.062/162.108 ms

What did I mess up?

Here is the displayed routing table from the router:

Destination LAN NET    Subnet Mask    Gateway    Interface
70.159.240.22   255.255.255.255   0.0.0.0   ppp0
70.159.240.22   255.255.255.255   0.0.0.0   ppp0
192.168.1.0   255.255.255.0   0.0.0.0   LAN & WLAN
169.254.0.0   255.255.0.0   0.0.0.0   LAN & WLAN
0.0.0.0   0.0.0.0   70.159.240.22   ppp0

Here is ifconfig from my client PC:

tim@tim-mav-prod:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:30:1b:b5:9a:1d 
          inet addr:192.168.1.127  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::230:1bff:feb5:9a1d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:246951 errors:0 dropped:0 overruns:0 frame:0
          TX packets:224628 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:224553151 (224.5 MB)  TX bytes:33513421 (33.5 MB)
          Interrupt:19

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4508 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4508 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:368942 (368.9 KB)  TX bytes:368942 (368.9 KB)

Sorry I'm such a newbie. But I'm trying to learn. Thanks,
Tim

ratcheer

Error in the above: I had to disable IPv6 on the client to even be able to post to tunnelbroker.net forums, so the ifconfig I posted is not valid. I guess I need to turn it back on, run the command, store output in a file, turn ipv6 back off, and repost the results.

Sorry,
Tim

cholzhauer

Here's the first thing I noticed.

On reply #10, you said that you used 192.168.1.127 to create the tunnel on your router, but on the last reply, you show 192.168.1.127 as being on your client PC.  Do I have the two of them confused or are we talking about two separate machines?


ratcheer

Quote from: cholzhauer on February 24, 2011, 09:41:54 AM
Here's the first thing I noticed.

On reply #10, you said that you used 192.168.1.127 to create the tunnel on your router, but on the last reply, you show 192.168.1.127 as being on your client PC.  Do I have the two of them confused or are we talking about two separate machines?



Oh, yes, I'm such a dunce. I need to reconfigure the tunnel to point to my real WAN address, instead of the NAT address like I had to do to make it work on the client PC. Wow, this is complex.

Thanks, I'll try to manually reconfigure the router tunnel.

Tim