• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

setup L2TP tunnel with IPv6 inside a KVM VM?

Started by tkchan, May 13, 2013, 09:47:23 PM

Previous topic - Next topic

kasperd

When using tcpdump it is almost always desirable to have dumps from both ends of the connection.

Additionally, I think it would be useful to try (re)starting radvd manually on B and see if it sends a router advertisement at startup.

tkchan

Quote from: kasperd on May 16, 2013, 09:51:44 AM
When using tcpdump it is almost always desirable to have dumps from both ends of the connection.

Additionally, I think it would be useful to try (re)starting radvd manually on B and see if it sends a router advertisement at startup.

Thanks kasperd.

I have tried using radvdump and I think there were some issues with my previous config, radvd will not start if there is another instance already running, so I have modified the following configs:

1. radvd.conf

interface ppp0
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc0::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp1
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc1::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp2
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc2::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp3
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc3::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp4
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc4::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp5
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc5::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp6
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc6::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp7
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc7::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp8
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc8::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

interface ppp9
{
  AdvSendAdvert on;
  MaxRtrAdvInterval 30;
  MaxRtrAdvInterval 100;
  IgnoreIfMissing on;
  #UnicastOnly on;

  prefix 2001:123:f123:abc9::/64
  {
       AdvOnLink on;
       AdvAutonomous on;
       AdvRouterAddr off;
  };

  RDNSS 2001:4860:4860::8888 {};
};

2. /etc/ppp/ipv6-up.local

#!/bin/bash
#
# This script is called with the following parameters:
# interface tty speed local-address remote-address ipparam
#
DEVICE="$1"

CFGFILE="/etc/radvd.conf-$DEVICE"
PIDFILE="/var/run/radvd-$DEVICE.pid"
EXEFILE="/usr/sbin/radvd"

HE_NET='2001:470:f30c:abc'
PREFIX=64
GWADDR=1

if [[ "$DEVICE" = ppp[0-9] ]]
then
   eval IPV6=$HE_NET${DEVICE/ppp/}
fi
#echo 1 > /proc/sys/net/ipv6/conf/$DEVICE/autoconf
/sbin/ifconfig $DEVICE add $IPV6::$GWADDR/$PREFIX mtu 1500
/sbin/route -6 add $IPV6::/$PREFIX dev $DEVICE
/etc/init.d/radvd reload

3. /etc/ppp/ipv6-down.local

#!/bin/sh
#
# This script is called with the following parameters:
# interface tty speed local-address remote-address ipparam
#


# Kill the router advertisement daemon on this interface.
# The killing procedure is copied from RedHat 6.0 initscripts.

DEVICE="$1"

echo 0 > /proc/sys/net/ipv6/conf/$DEVICE/autoconf
/etc/init.d/radvd reload


Now, when I use Windows 8 to connect to the VPN, I can obtain IPv6 address automatically (please refer to my first post that I have just updated).

However, Mac, iPhone and iPad are all still having the exact same issue as before. For mac, I still have to create the route manually, for iPhone and iPad, I still cannot get IPv6.

Looks like we are running out of luck?

kasperd

Quote from: tkchan on May 16, 2013, 10:49:55 PMNow, when I use Windows 8 to connect to the VPN, I can obtain IPv6 address automatically (please refer to my first post that I have just updated).

However, Mac, iPhone and iPad are all still having the exact same issue as before. For mac, I still have to create the route manually, for iPhone and iPad, I still cannot get IPv6.
It would be worth testing if the order in which the clients connect has any influence on which clients get IPv6 connectivity.

Quote from: tkchan on May 16, 2013, 10:49:55 PMLooks like we are running out of luck?
We have reached the boundary of my knowledge. I have quite some knowledge about IPv6, but very little knowledge about PPP and L2TP. And as far as the specific combination of IPv6 and PPP goes, I don't know anything except from what is written in this thread.

Maybe somebody with more knowledge about PPP and L2TP could step in and provide advice for the last few details. But it may be the case, that those devices just aren't able to run IPv6 over VPN. An updated VPN client on those devices could fix it. If the VPN client is built into the firmware, that could mean a firmware update would be required.

I'm glad you made it work on at least one device. That proves that most of the setup is functional.

tkchan

Quote from: kasperd on May 17, 2013, 03:02:50 PM
But it may be the case, that those devices just aren't able to run IPv6 over VPN. An updated VPN client on those devices could fix it. If the VPN client is built into the firmware, that could mean a firmware update would be required.

kasperd, thanks a lot for your help.
I have the same believe too, what I have done for Mac is to add /etc/ppp/ip-up with the following contents:

/usr/sbin/sysctl -w net.inet6.ip6.use_tempaddr=0
/usr/sbin/ipconfig set $1 AUTOMATIC-V6
/sbin/route add -inet6 default -interface $1

and chmod 755 /etc/ppp/ip-up to make it work

However, mobile devices are still not working :(