Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Virtual IPv6 tunnel server  (Read 4572 times)

amhorwood

  • Newbie
  • *
  • Posts: 4
Virtual IPv6 tunnel server
« on: April 02, 2012, 03:04:54 AM »

Hi, I have an odd question.

Network:

Inernet -> IpCop 2.0.4 (Proto 41 forwarded) -> Linux KVM host
                                                                                        |-> VM ipv6 with HE endpoint

I have a Linux KVM host and a Linux VM that has the HE endpoint and RADVD, but I cant seem to get the routing right.

The VM can ping both ends of the IPv6TOIPv4 tunnel and ipv6.google.com, but the VM host cant ping ether end of the tunnel or google.

Any help please?

KVM HOST:
br0       Link encap:Ethernet  HWaddr 00:1E:0B:D5:72:22 
          inet addr:192.168.48.3  Bcast:192.168.48.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1f09:181b::3/64 Scope:Global
          inet6 addr: fe80::21e:bff:fed5:7222/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:43939 errors:0 dropped:0 overruns:0 frame:0
          TX packets:42996 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:23456396 (22.3 MiB)  TX bytes:9302714 (8.8 MiB)

eth0      Link encap:Ethernet  HWaddr 00:1E:0B:D5:72:22 
          inet6 addr: fe80::21e:bff:fed5:7222/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1923 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1974 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1245179 (1.1 MiB)  TX bytes:390571 (381.4 KiB)
          Interrupt:19

[root@mhifs ~]# ip -6 route
unreachable ::/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1f09:181b::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev virbr0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vnet0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vnet1  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vnet2  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vnet4  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev vnet3  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev br0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295


VM:
eth0      Link encap:Ethernet  HWaddr 52:54:00:2D:42:34 
          inet addr:192.168.48.254  Bcast:192.168.48.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1f09:181b::254/64 Scope:Global
          inet6 addr: fe80::5054:ff:fe2d:4234/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4626 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3364 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:405349 (395.8 KiB)  TX bytes:629779 (615.0 KiB)
          Interrupt:10 Base address:0x8000

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:29 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:5704 (5.5 KiB)  TX bytes:5704 (5.5 KiB)

sit0      Link encap:IPv6-in-IPv4 
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          inet6 addr: ::192.168.48.254/96 Scope:Compat
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit1      Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f08:181b::2/64 Scope:Global
          inet6 addr: fe80::c0a8:30fe/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:1172 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1013 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:93792 (91.5 KiB)  TX bytes:129352 (126.3 KiB)

[root@ipv6 ~]# ip -6 route
::/96 via :: dev sit0  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
unreachable ::/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable ::ffff:0.0.0.0/96 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2001:470:1f08:181b::/64 via :: dev sit1  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
2001:470:1f09:181b::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
unreachable 2002:a00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:7f00::/24 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:a9fe::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:ac10::/28 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:c0a8::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 2002:e000::/19 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
unreachable 3ffe:ffff::/32 dev lo  metric 1024  error -101 mtu 16436 advmss 16376 hoplimit 4294967295
2000::/3 via 2001:470:1f08:181b::1 dev sit1  metric 1  mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev sit1  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
default dev sit1  metric 1  mtu 1480 advmss 1420 hoplimit 4294967295
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 953
Re: Virtual IPv6 tunnel server
« Reply #1 on: April 02, 2012, 11:23:44 AM »

Can the two ping each other using link local and/or global addresses?
Logged

amhorwood

  • Newbie
  • *
  • Posts: 4
Re: Virtual IPv6 tunnel server
« Reply #2 on: April 03, 2012, 12:01:11 AM »

Thanks for your reply Kasperd, yes the KVM host and the VM can ping6 each other with both link and global addresses.

The main issue I now have is how do I route all IPv6 traffic to my VM and up the tunnel?
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 953
Re: Virtual IPv6 tunnel server
« Reply #3 on: April 05, 2012, 05:26:06 AM »

Sounds like you just didn't enable forwarding of IPv6 packets. What's in /proc/sys/net/ipv6/conf/*/forwarding?
Logged

amhorwood

  • Newbie
  • *
  • Posts: 4
Re: Virtual IPv6 tunnel server
« Reply #4 on: April 05, 2012, 06:20:27 AM »

Hi Kasperd,

[root@mhifs ~]# cat  /proc/sys/net/ipv6/conf/*/forwarding - this is the KVM host
1
1
1
1
1
1
1
1
1
1
1
1

[root@ipv6 ~]# cat /proc/sys/net/ipv6/conf/*/forwarding - this is the IPv6 VM
1
1
1
1
Logged

kasperd

  • Founder, Netiter ApS
  • Hero Member
  • *****
  • Posts: 953
Re: Virtual IPv6 tunnel server
« Reply #5 on: April 05, 2012, 09:01:31 AM »

Try to run tcpdump on both interfaces on the tunnel endpoint (the guest VM). Then try to ping both the KVM host and an external machine and verify that the tcpdump output looks as expected.

As far as I understood what you said earlier, both of those ping commands worked.

Then try to ping from the KVM host to an external machine and look on the still running tcpdump commands to find out how far the pings get.

Could it be that the guest VM have some firewall rules blocking the traffic?
Logged

amhorwood

  • Newbie
  • *
  • Posts: 4
Re: Virtual IPv6 tunnel server
« Reply #6 on: July 05, 2012, 01:00:05 AM »

good news, I have got pings working from my VM host to the out side world.

this is the setup I have:
VM with ipv6 tunnel -> VM host -> IPCop 2.0.4 with Proto41 forward -> HE

script on VM to bring up tunnel from HE website (using linux-net-tools)
VM host with default gateway of the VM
IPCop with Proto41 forwarding to and from the VM

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.80.26
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:XXXX:XXXX::2/64
route -A inet6 add ::/0 dev sit1

/etc/sysconfig/network
IPV6_DEFAULTGW=2001:470:XXXX:XXXX::254

Both VM and VM host have static IPv6 addresses, but will add RADVD to the mix to get the rest of tyhe VMs IPv6.

Last part will be the firewall config, will need to think about what access I need.
Logged