• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Pinging an IPv6 Site

Started by leeand00, October 27, 2011, 09:29:02 PM

Previous topic - Next topic

leeand00

Hello,

I'm using Windows XP SP3 to attempt to use my new HE IPv6 tunnel.

I am connected to the network with Verizon DSL, and I'm using a Westell 6100 as my dsl modem (it's in bridge mode).

The ip provided by my ISP is 72.92.60.81, which I have a suspicion is maybe NAT'd itself, as when I do a ShieldsUp! Scan, it returns all of my ports as Stealth.  That said, I don't really know how to tell for sure that I'm behind a NAT other than the one on my router.

The modem is connected to my Buffalo WZR-HP-G300NH, running DD-WRT v24-sp2 (08/07/10) std router, and it connects using PPPoE.

I read various places that if you're behind a NAT that you might need to place the tunneling system on the DMZ.

In my router within the admin web GUI, I visited the NAT / QoS->DMZ tabs and entered the IPv4 IP of my Windows XP Machine (192.168.2.110) and clicked Save and then Apply.  (My router only allows one host to be on the DMZ)

Then on my Windows XP machine, I entered the Example Configuration commands for Windows 2000/XP from my tunnel details in the command prompt:

C:\>ipv6 install
Installing...
Succeeded.
C:\>ipv6 rtu ::/0 2/::216.218/224.42 pub
C:\>ipv6 adu 2/2001:470:1f0e:779::2

Next I attempted to ping www.v6.facebook.com using the following command:

C:\>ping -6 www.v6.facebook.com
Pinging www.v6.facebook.com [2620:0:1cfe:face:b00c::3] with 32 bytes of data:

Request timed out

I also tired it with the ip address instead and it resulted in the same problem.

Am I doing something wrong?

Thanks,
 Andrew

cholzhauer

Quote
That said, I don't really know how to tell for sure that I'm behind a NAT other than the one on my router.

You're behind a NAT because the IP address on your computer is 192.168.2.110.  The 72.92.60.81 is a public address being supplied by your ISP.  If your ISP was running carrier grade nat (CGN) then the IP address would be one in the private range.

Unfortunately placing your host in the DMZ of your router doesn't always work; there are some models that still won't pass protocol 41.  The only way I know of to test this is to directly connect your computer to the Westell 6100 and see if it works then.

k1mu

Based on my past experience with VZ DSL, the Westell isn't doing anything funny (NAT, etc.) so it should pass the traffic you need just fine.

Since you're running DD-WRT on your router, why not set that up for IPv6 then use your routed /48 for your Windows host?

See the tutorial at http://www.dd-wrt.com/wiki/index.php/IPv6 for directions.

leeand00

I suppose I gotta take the Westtell outta bridge mode and switch it to router mode to test out the protocol 41 theory...I don't think I've ever hooked into PPPoE with just a PC, and no router...(unless the Westtell is acting as my router)



cholzhauer

k1mu's idea is the best one right now...I skipped right over the fact that you were running DDWRT

snarked

Ii's not the Westell 6100 series DSL modem (in bridge mode) that's the problem.  It's your router.
I too have VZ DSL at home and I don't have a problem.  My router is a DLink DIR-615 (rev C1) and it uses 6in4 IPv6 (both directions) just fine.

leeand00

So I probably have to change some setting on my router?  Or is it just totally incompatible?

leeand00

Ok so I went and changed my router firmware.  It's now running Open-WRT OpenWrt Backfire 10.03.1-rc5.

Using Open-WRT and a tutorial I found, I was able to get IPv6 addresses assigned from Radvd to computers on my internet network. 

These computers get IPv6 addresses that are within the prefix assigned to me by HE (2001:470:1F0F:EA7::/64). 

However I still can't ping anything IPv6 outside of my network, and I believe this is because the router lists a gateway for IPv4, but does not list one for IPv6, as seen here from OpenWrt's Status->Routes menu:


(Didn't scratch out those MAC Addrs quite good enough, but with IPv6 that's not gonna matter anyway...)

It seems to me like I need to setup an IPv6 gateway on the router so that the packets can leave my network...it also seems to me that I need to send them via the tunnel the 6in4-henet which there appear to be two of...

Not sure how to do that. But I'll keep looking...

leeand00

Okay so I tried some more stuff, because I didn't notice earlier that there was an example configuration available from the HE IPv6 tunnel site for  OpenWRT Backfire 10.03.1

I added this to my configuration making the necessary changes and then followed the documentation for configuring the firewall for IPv6.

I now appear to be able to ping www.v6.facebook.com from my router. 

leeand00

Looks like now I just need to be able to connect the machines on the network to the tunnel...

k1mu

Quote from: leeand00 on October 30, 2011, 01:34:24 PM
Looks like now I just need to be able to connect the machines on the network to the tunnel...

You don't connect them to the tunnel.

What you do is to set up the internal network adapter on the OpenWRT host to have an IPv6 address in the routed /64 that HE gives you. (Probably the 192.168.1.1 interface.)
You then run radvd on the OpenWRT system to hand out router advertisements on that network. Now the internal hosts will use the OpenWRT host as their IPv6 router.

leeand00

So radvd needs configured then.

I have radvd installed on my OpenWRT router, I don't imagine it is configured though.

I set the 'AdvManagedFlag' to '1' in the interface block to enable stateless auto configuration


config 'interface'
         option 'interface' 'lan'
         option 'AdvSendAdvert' '1'
         option 'AdvManagedFlag' '1'
         option 'AdvOtherConfigFlag' '0'
         list 'client' ''
         option 'ignore' '0'


To configure it I went into /etc/config/radvd and found the following sections which I believe need to be configured to do what you are suggesting:


config 'prefix'
         option 'interface' 'lan'
         list 'prefix' '2001:470:20::2/64'
         option 'AdvOnLink' '1'
         option 'AdvAutonomous' '1'
         option 'AdvRouterAddr' '0'
         option 'ignore' '0'



config 'route'
         option 'interface' 'lan'
         list 'prefix' '2001:470:20::2/64'
         option 'ignore' '0'

/etc/config/radvd - config file docs

Both of the 'prefix' listings above I pulled from the Routed IPv6 Prefixes in my tunnel configuration.



When I restart networking on my router I also get the message:

Cannot determine local IPv4 address for 6in4 tunnel henet - skipping
Configuration file: /var/run/hostapd-phy0.conf

The error appears here, but it appears that the bug was a duplicate that has since been fixed.

Now I get limited ipv6 connectivity on my Windows 7 box, it receives an IP address ala radvd and I can both ping and visit the ipv6 versions of facebook and google.  For some reason I can't reach any of HE's websites on it, and after running a test on test-ipv6.com I think I know why, but I'm not sure I know what to do about it:



I would imagine I need to set an IPv6 compatible DNS up somewhere.  But I think the larger problem that I need to solve first is what to do about those large packets that don't appear to be coming through.

I also clicked on the "Technical Info" tab, on test-ipv6.com and it offered the following suggestions for getting the failed tests to pass:





Test for Dault Stack DNS and large packet
timeout (15.012s
Validates that you can connect ot a dual-stack server (like the ds test); and that you can send/receive large packets on that conneciton.  If this test times out for any reason, it indicates trouble for World IPv6 Day.
Test IPv6 large packet
timeout (15.009s)
Validates that IPv6 requests with large packets work.   If this test times out, but other IPv6 tests work, it suggests that there may be many PMTUD issues; possibly involving IP tunnels.
Test if your ISPs DNS server uses IPv6
bad (0.227s)
This is a test of your ISP's resolver (instead of a test of your host).  If this test passes, your DNS server (often run my your ISP) is capable of reaching IPv6 DNS authoritative servers on the Internet.  This is not critical (at this time) for you to reach sites via IPv6..

Not sure how to fix the issue with the large packets.

Also a little concerned about my security at this point...I have the firewall turned on, on my Windows 7 box, but I don't know what tool is the equivalent of good old fashion ShieldsUp! other than something like nmap, but I imagine I'd have to leave my house to try that.

cholzhauer

What IP address is your client getting? The prefix you specified in your config files is an actual address, not a prefix....

leeand00

IPv6 Address: 2001:470:1f0f:ea7:7d3f:cd02:4201:4ddc
Temporary IPv6 Address: 2001:470:1f0f:ea7:d165:12da:3ecf:5880

leeand00

Yeah you're right. The prefix I specified in the config files was wrong.  I added 2001:470:1f0f:ea7::/64 instead and restarted the network on the router again.  Now my settings look like:


config 'interface'
         option 'interface' lan'
         option 'AdvSendAdvert' '1'
         option 'AdvManagedFlag' '1'
         option 'AdvOtherConfigFlag' '0'
         list 'client' ''
         option 'ignore' '0'

config 'prefix'
         option 'interface' 'lan'
         list 'prefix' '2001:470:1f0f:ea7::/64'
         option 'AdvOnLink' '1'
         option 'AdvAutonomous' '1'
         option 'AdvRouterAddr' '0'
         option 'ignore' '0'

config 'route'
         option 'interface' 'lan'
         list 'prefix' '2001:470:1f0f:ea7::/64'
         option 'ignore' '0'
         option 'AdvRouteLifetime' 'infinity'


But now I have no IPv6 internet access on my Windows 7 box.  That's odd because I thought radvd dolled one out before.