Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: 6in4 tunnel with ns25  (Read 3390 times)

crobin

  • Newbie
  • *
  • Posts: 2
6in4 tunnel with ns25
« on: December 31, 2011, 02:30:53 AM »

Hi Folks,

Need some help getting this one working again, I had it working earlier, but now cannot reproduce.

ns25 on 5.4.0r19.0 in NAT/route mode

ethernet1 is the 'trust' interface -- lan switches
ethernet3 is the 'Untrust' interface -- cable modem

set interface "ethernet1" ipv6 mode "host"
set interface "ethernet1" ipv6 ip 2001:X:X:X::2/64
set interface "ethernet1" ipv6 enable
unset interface ethernet1 ipv6 nd nud
set interface ethernet1 ipv6 nd dad-count 0

set interface "tunnel.1" zone "Untrust"
set interface tunnel.1 ip unnumbered interface ethernet3
set interface "tunnel.1" ipv6 mode "host"
set interface "tunnel.1" ipv6 enable
set interface tunnel.1 tunnel encap ip6in4 manual
set interface tunnel.1 tunnel local-if ethernet3 dst-ip X.X.X.X
set interface tunnel.1 mtu 1480
unset interface tunnel.1 ipv6 nd nud
set interface tunnel.1 ipv6 nd dad-count 0

set policy id 13 from "Untrust" to "Trust"  "Any-IPv6" "Any-IPv6" "ANY" permit
set policy id 12 from "Trust" to "Untrust"  "Any-IPv6" "Any-IPv6" "ANY" permit traffic priority 0

set route ::/0 interface tunnel.1 gateway 2001:X:X:X::1

The 'automatic' ipv6 configuration for OSX used to work on the lan, now nothing.
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2714
Re: 6in4 tunnel with ns25
« Reply #1 on: December 31, 2011, 06:12:32 AM »

Removing the X's in your ip addresses will help us help you
Logged

crobin

  • Newbie
  • *
  • Posts: 2
Re: 6in4 tunnel with ns25
« Reply #2 on: December 31, 2011, 02:47:38 PM »

set interface "ethernet1" ipv6 ip 2001:470:1f04:87::2/64

set interface tunnel.1 tunnel local-if ethernet3 dst-ip 72.52.104.74

set route ::/0 interface tunnel.1 gateway 2001:470:1f04:87::1


I vaguely remember the ipv6 address was on the LAN interface, so client can talk directly through the tunnel, but I can't remember what the unnumbered config was set to.

I also remember the Untrust interface, ethernet3, had an MTU of 1498, which had adverse affects on ipv4 traffic, it would stall, however the ipv6 tunnel was working.
« Last Edit: December 31, 2011, 02:50:39 PM by crobin »
Logged

maestroevolution

  • Newbie
  • *
  • Posts: 49
Re: 6in4 tunnel with ns25
« Reply #3 on: January 09, 2012, 12:24:15 PM »

My ScreenOS is rusty, but IIRC, it's easier to use the /64 tunnel network on the tunnel, and the /64 assigned network on ethernet1.

Also, I don't think that 'set ipv6 mode host' is correct on the tunnel interface; Ithink that needs to be set on a routed port.

My old 5GT (5XT) is in a box somewhere and had a working config on it.  I can dig it out if needed.

Also IIRC, the IPv6 guide for ScreenOS was pretty good.  After setting a variable, rebooting, and a few cryptic commands, everything else was just like IPv4 in ScreenOS: address book entries, policies written from zone to zone, etc.

http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_Routing.pdf

http://www.juniper.net/techpubs/software/screenos/screenos6.3.0/630_ce_Dual_Stack_IPv6.pdf

Regards,

Joel
Logged