• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

[SOLVED] ssh over ipv6

Started by magnuswallin, October 02, 2013, 11:39:54 PM

Previous topic - Next topic

magnuswallin

Hello all!

After figuring out why on earth I had such problems settings things up initially, I now have a working ipv6 from HE.

ping6 ipv6.google.com
PING ipv6.google.com(lb-in-x68.1e100.net) 56 data bytes
64 bytes from lb-in-x68.1e100.net: icmp_seq=1 ttl=54 time=66.3 ms
64 bytes from lb-in-x68.1e100.net: icmp_seq=2 ttl=54 time=66.8 ms


Great! But (there is always a but!), in order to actually do something other than browsing with ipv6 (such as connecting via ssh and setting up a web server), I realize I have to fiddle around some more. Problem is, I have no clue where to begin (be gentle folks, I am only at 'Explorer' level as of yet).

Here is what I do know:

  • I have an external ipv6: 2001:470:27:6d9::2 (not obfuscated, that is the real ipv6 address)
  • I cannot ssh or ping that address (see below)
  • I can connect using my public ipv4
  • I have double and triple checked that no firewall is stopping ipv6
  • sshd_config is configured as it should be

Also here is my /etc/network/interfaces:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
address         192.168.1.160
netmask         255.255.255.0
network         192.168.1.0
broadcast       192.168.1.255
gateway         192.168.1.254
wpa-ssid        xxxxxxx
wpa-psk         xxxxxxxxxxx

# Entries for the ipv6 tunnel below
auto ipv6_tunnel
iface ipv6_tunnel inet6 v4tunnel
       address 2001:470:27:6d9::2
       netmask 64
       endpoint 216.66.80.90
       local 192.168.1.160
       gateway 2001:470:27:6d9::1
       ttl 255
       dns-nameservers 2001:470:20::2 74.82.42.42


ifconfig shows:
ipv6_tunnel Link encap:IPv6-in-IPv4  
         inet6 addr: fe80::c0a8:1a0/128 Scope:Link
         inet6 addr: 2001:470:27:6d9::2/64 Scope:Global
         UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
         RX packets:769 errors:0 dropped:0 overruns:0 frame:0
         TX packets:841 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:526315 (513.9 KiB)  TX bytes:88175 (86.1 KiB)

lo        Link encap:Local Loopback  
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:7822 errors:0 dropped:0 overruns:0 frame:0
         TX packets:7822 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:3198360 (3.0 MiB)  TX bytes:3198360 (3.0 MiB)

wlan0     Link encap:Ethernet  HWaddr 00:15:af:42:63:7c  
         inet addr:192.168.1.160  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::215:afff:fe42:637c/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:8729 errors:0 dropped:0 overruns:0 frame:0
         TX packets:8317 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:3976335 (3.7 MiB)  TX bytes:2176718 (2.0 MiB)


Now, and this is just me guessing, I think I might need to add some more information to my interfaces file - so that wlan0 gets an ipv6 address. Because now that interface only have a static ipv4 address. Maybe like this (an example, haven't tried this):

iface wlan0 inet6 static
address 2001:470:27:6d9::2
netmask 64
gateway 2001:470:27:6d9::1


Am I on the correct path, or am I thinking completely wrong?

Oh, and just to confirm, here is what happens when I try to ssh to 2001:470:27:6d9::2
ssh 2001:470:27:6d9::2
ssh: connect to host 2001:470:27:6d9::2 port 22: Network is unreachable


But I can connect to the ipv6 link address on wlan0 (showing this just to assure no firewalls are blocking ipv6):
ssh fe80::215:afff:fe42:637c%wlan0
magnus@fe80::215:afff:fe42:637c%wlan0's password:


Any help on this would be much appreciated. Honestly, I thought that once I got an ipv6 address I was set to go, since I read that with ipv6 you don't need NAT anymore, and that every machine gets a unique globally accessible ipv6 address. I was wrong. Again!

Thanks for reading this!

cholzhauer

You're right...you need an IPv6 address on your WLAN address.

I"m not familiar with your OS, so unfortunately I have no idea what exactly you have to do, but I can give you the outline.

HE gave you two IPv6 ranges...one's routed and ones your tunnel /64 (the one you listed above).  Use an address from your routed /64 and assign it to your WLAN address; your gateway should be your tunnel ::1 address on the HE side


magnuswallin

#2
Quote from: cholzhauer on October 03, 2013, 05:53:18 AM
You're right...you need an IPv6 address on your WLAN address.

I"m not familiar with your OS, so unfortunately I have no idea what exactly you have to do, but I can give you the outline.

HE gave you two IPv6 ranges...one's routed and ones your tunnel /64 (the one you listed above).  Use an address from your routed /64 and assign it to your WLAN address; your gateway should be your tunnel ::1 address on the HE side


cholzhauer, thank you for confiriming my suspicion.

Now, being a complete newbie on ipv6, and still stuck in ipv4 thinking, I guess that something like this:
2001:470:27:6d9::3 # <- This is the old ipv4 way of thinking
...is not a correct static address. But rather something like:
2001:470:27:6d10::2

Am I correct?

Thanks for your reply!

cholzhauer

Quote
2001:470:27:6d9::3 # <- This is the old ipv4 way of thinking
...is not a correct static address. But rather something like:
2001:470:27:6d10::2

Yep, assuming 2001:470:27:6d10::/64 is the routed range from HE


magnuswallin

Quote from: cholzhauer on October 03, 2013, 11:48:07 AM
Quote
2001:470:27:6d9::3 # <- This is the old ipv4 way of thinking
...is not a correct static address. But rather something like:
2001:470:27:6d10::2

Yep, assuming 2001:470:27:6d10::/64 is the routed range from HE


And... since I am an idiot; is there a calculator of sorts for this. Or else, a formula or algorithm I can use to find out?

I told you: I am really new to ipv6!!!

cholzhauer

I don't follow...what are you trying to figure out?  If it's the address ranges you're supposed to use, they're listed on your HE account page

magnuswallin

Quote from: cholzhauer on October 03, 2013, 12:02:08 PM
I don't follow...what are you trying to figure out?  If it's the address ranges you're supposed to use, they're listed on your HE account page

Found it:
Routed /64:       2001:470:28:6d9::/64

It's late where I am. Thank you very much for your help this far. I appreciate it, better get some rest now.

Thanks!

magnuswallin

Ok, I got some sleep. Now my /etc/network/interfaces looks like:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
        address         192.168.1.160
        netmask         255.255.255.0
        network         192.168.1.0
        broadcast       192.168.1.255
        gateway         192.168.1.254
        wpa-ssid        xxxxxxxxxx
        wpa-psk         xxxxxxxxxxxxx

iface wlan0 inet6 static
        address         2001:470:28:6d9::1
        netmask         64

# Entries for the ipv6 tunnel below
auto ipv6_tunnel
iface ipv6_tunnel inet6 v4tunnel
        address         2001:470:27:6d9::2
        netmask         64
        endpoint        216.66.80.90
        local           192.168.1.160
        gateway         2001:470:27:6d9::1
        ttl 255
        dns-nameservers 2001:470:20::2 74.82.42.42


Nothing is obfuscated, this is how it actually is in real life. According to this thread, I should not put the gateway in the static ipv6 - but rather let it be in the tunnel, so I did.

ifconfig tells me:
ipv6_tunnel Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::c0a8:1a0/128 Scope:Link
          inet6 addr: 2001:470:27:6d9::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


wlan0     Link encap:Ethernet  HWaddr 00:15:af:42:63:7c 
          inet addr:192.168.1.160  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::215:afff:fe42:637c/64 Scope:Link
          inet6 addr: 2001:470:28:6d9::1/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:249 errors:0 dropped:0 overruns:0 frame:0
          TX packets:218 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:27544 (26.8 KiB)  TX bytes:46022 (44.9 KiB)



Sadly, it is still a no-go to reach this machine on the address 2001:470:28:6d9::1

Neither ping or ssh works. Do I need to install the radvd package although I (for now) only want to use ipv6 on this machine, and not route to the other machines in the network?

Pardon for pestering you all, but it would be fun to get this working!

cholzhauer

You're going to need the gateway address..what do your routing tables look like?

magnuswallin

Quote from: cholzhauer on October 04, 2013, 04:55:55 AM
You're going to need the gateway address..what do your routing tables look like?
Actually, it DOES work now. Without the gateway address (pardon my late reply by the way). I talked to a friend with an ipv6 tunnel from HE as well, and we fiddled around a bit. After a while, he could both ping and connect to my machine using ssh. Great!

Thank you very much for your help cholzhauer. Much appreciated!