Setting up a tunnel using a 3G-based gateway

[Tarmac]

Hello,

I'm trying to set up a tunnel on my connection, but for some reason I can't get it to work.
So, I've got 2 routers.
The first router which is the 3G gateway is a Huawei (with its own firmware which does not seem to support IPv6)
and the second one is the one I'm trying to set up IPv6 to work on, a Linksys WRT54GL (running DD-WRT v24-sp2 (10/10/09) std-nokaid).
The two routers work together via WDS.

Here's a network map to help you make a better idea on how the network is set up like:


I followed the instructions from the DD-WRT wiki and few other websites and set up the script with the ipv6/radvd config to work.
It looks like the Linksys router assigns a v6 address to my laptop as how I set it up like in the radvd but nothing else happens.
Also, when I look at my Linksys' router IP tables, the connection to HE tunnel broker server seems to appear as "Unknown", but I don't know why.
I have to mention that both routers' firewalls are disabled, enabled DMZ on the Huawei router and set the DMZ IP to point to the Linksys.

I think the problem somehow relates to the Huawei gateway but I'm not sure what's wrong there.

Here's the radvd config of the Linksys:

Code Select Expand


interface br0
{
   AdvSendAdvert on;
   prefix 2001:470:1f15:90d::/64
   {
      AdvOnLink on;
      AdvAutonomous on;
      AdvRouterAddr on;
   };
};

... and the startup script:

Code Select Expand


#tunnel info
SERVER_IP4_ADDR="216.66.84.46"
CLIENT_IPV6_ADDR="2001:470:1f14:90d::2"
ROUTED_64_ADDR="2001:470:1f15:90d::"

#acc info
USERID="tb50c8ce30b99870.87885149"
PASSWD="<removed>"
TUNNELID="188634"

#other settings
ENABLE_OPENDNS_IPV6_DNS=1
HE_VERIFY_SERVER_IP="66.220.2.74"
USE_NVRAM_WAN_ADDR_INSTEAD=1
WAN_IP_SOURCE_ADDR="http://automation.whatismyip.com/n09230945.asp"
STARTUP_SCRIPT_LOG_FILE="/tmp/ipv6.log"
CRON_STATUS_LOG_FILE="/tmp/lastHEUpdate.log"
ENABLE_WANUP_SCRIPT=1
WANUP_SCRIPT_FILE_PATH="/tmp/etc/config/tunnelUpdate.wanup"

#Generated files paths
CRON_JOB_FILE="/tmp/report.sh"
RADVD_CONFIG="/tmp/radvd.conf"

#endof settings


echo "" >> $STARTUP_SCRIPT_LOG_FILE
echo "HE IPv6 Script started" >> $STARTUP_SCRIPT_LOG_FILE

insmod ipv6
sleep 10

MD5PASSWD=`echo -n $PASSWD | md5sum | sed -e 's/  -//g'`
echo `date` >> $STARTUP_SCRIPT_LOG_FILE

ROUTED_64_ADDR=`echo $ROUTED_64_ADDR|cut -f1 -d/`
SERVER_IP4_ADDR=`echo $SERVER_IP4_ADDR|cut -f1 -d/`
CLIENT_IPV6_ADDR=`echo $CLIENT_IPV6_ADDR|cut -f1 -d/`
echo "User added addresses cleaned/checked" >> $STARTUP_SCRIPT_LOG_FILE

if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ]
then
  echo "Fetching WAN IP from NVRAM" >> $STARTUP_SCRIPT_LOG_FILE
  WANIP=$(nvram get wan_ipaddr);
else
  echo "Fetching WAN IP from External Site: " $WAN_IP_SOURCE_ADDR >> $STARTUP_SCRIPT_LOG_FILE
  WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`
fi

echo "External IP detected as:" $WANIP >> $STARTUP_SCRIPT_LOG_FILE
if [ -n $WANIP ]
then
echo "configuring tunnel" >> $STARTUP_SCRIPT_LOG_FILE


iptables -I INPUT 2 -s $HE_VERIFY_SERVER_IP -p icmp -j ACCEPT
echo -e wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O $CRON_STATUS_LOG_FILE  >>$CRON_JOB_FILE
chmod +x $CRON_JOB_FILE
echo "Cron script created, sending endpoint update request to HE" >> $STARTUP_SCRIPT_LOG_FILE
etime=`date +%s`
wget -q "http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID" -O /tmp/wget.tmp.$etime
cat /tmp/wget.tmp.$etime >> $STARTUP_SCRIPT_LOG_FILE
echo "" >> $STARTUP_SCRIPT_LOG_FILE
rm /tmp/wget.tmp.$etime

ip tunnel add he-ipv6 mode sit remote $SERVER_IP4_ADDR local $WANIP ttl 255
ip link set he-ipv6 up
ip addr add $CLIENT_IPV6_ADDR/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
TEMP_ADDR=`echo $ROUTED_64_ADDR'1'`
ip -6 addr add $TEMP_ADDR/64 dev br0
ip route add 2000::/3 dev he-ipv6

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

iptables -I INPUT 2 -p ipv6 -i vlan1 -j ACCEPT

iptables -t nat -A POSTROUTING --proto ! 41 -o eth0 -j MASQUERADE
echo "creating radvd conf" >> $STARTUP_SCRIPT_LOG_FILE

if [ $ENABLE_OPENDNS_IPV6_DNS -eq 1 ]
then
  echo "Open DNS ipv6 enabled" >> $STARTUP_SCRIPT_LOG_FILE
  echo "nameserver 2620:0:ccc::2" >> /tmp/resolv.dnsmasq
  echo "nameserver 2620:0:ccd::2" >> /tmp/resolv.dnsmasq
fi

if [ $ENABLE_WANUP_SCRIPT -eq 1 ]
then
echo "WANUP script being generated" >> $STARTUP_SCRIPT_LOG_FILE
dirname $WANUP_SCRIPT_FILE_PATH  | xargs mkdir
echo 'echo "WANUP script triggered on `date`" >>' $STARTUP_SCRIPT_LOG_FILE > $WANUP_SCRIPT_FILE_PATH
if [ $USE_NVRAM_WAN_ADDR_INSTEAD -eq 1 ]
then
echo -e 'WANIP=$(nvram get wan_ipaddr);' >> $WANUP_SCRIPT_FILE_PATH
else
echo -e 'WANIP=`wget $WAN_IP_SOURCE_ADDR -O - 2>/dev/null`' >> $WANUP_SCRIPT_FILE_PATH
fi
echo -e wget -q 'http://ipv4.tunnelbroker.net/ipv4_end.php?ip=$WANIP'"&pass=$MD5PASSWD&apikey=$USERID&tid=$TUNNELID"  >> $WANUP_SCRIPT_FILE_PATH
echo 'ip tunnel change he-ipv6 local $WANIP'>>  $WANUP_SCRIPT_FILE_PATH
chmod +x $WANUP_SCRIPT_FILE_PATH
fi


Now the questions are:
Is this even possible if the main gateway does not have IPv6 support?
If so, then it would clear everything up. Otherwise I don't understand why this doesn't work as long as I've been following all steps and checked them like 10 times to make sure I didn't miss anything out.
And in that case I'd have to wait until the ISP will finally install the wired Internet in my area, which would eliminate the Huawei router from the network scheme.

Why does the DNS work though?
It resolves the hostnames to v6 IPs and viceversa, but whenever I try to connect to a v6 address, I am always timing out.
So therefore I can't do ping6.

This is really annoying as I've been trying for so many hours to make it work and still no positive result.
I also tried the gogo client, but I'd prefer to have it on my router with no other 3rd party clients installed on my devices.
If someone has a clue about what I could do to make it work, I'd appreciate a lot. Any other suggestions are also welcome.
Thank you and I wish you all happy holidays a merry Christmas.

[cholzhauer]

Your 3g router probably isnt passing protocol41.  you can check this by running wireshark and looking for protocol 41 packets being passed between the two.

also, with the settings you have used, you are saying that your linksys has a public ip address..is that true?

[Tarmac]

Your 3g router probably isnt passing protocol41.  you can check this by running wireshark and looking for protocol 41 packets being passed between the two.

also, with the settings you have used, you are saying that your linksys has a public ip address..is that true?

Hi cholzhauer, thank you for the reply.
I'm going to test that.
But if the test turns out to be negative, is there a way I could make the Huawei router pass protocol 41 on a 3G connection?
It doesn't seem to have any option on the firmware.
Afaik 3G connection providers are more strict at ports and such.

Also, the linksys gets the public IP address from the 3g gateway

[cholzhauer]

But if the test turns out to be negative, is there a way I could make the Huawei router pass protocol 41 on a 3G connection?

The 3G connection itself will carry the traffic you need, you just need a router that will pass the packets on to you.

[plugwash]

Afaict many 3G services are also using ISP level NAT which may cause problems.