• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 works on single machine, now want to spread the love to LAN

Started by garrickstrom, January 01, 2014, 10:04:18 AM

Previous topic - Next topic

garrickstrom

I have had my IPv6 tunnel working on my single Windows workstation for the last few years, but now have the itch to provide the rest of my network with IPv6 routed through this Windows (8.1 now) machine.  I found an older article on here on how to enable routing to the rest of the LAN using netsh commands, but which IPv6 addresses to use were not clear, and I don't want to break my system just guessing.  Here is how I am currently configured (from my notes):
To enable IPv6 on Win7/Win8 for Garrick's Hurricane Electric IP range

(assuming 192.168.242.233 is being NATted through ASA and protocol 41 is being passed through)

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.242.233 216.218.226.238
netsh interface ipv6 add address IP6Tunnel 2001:470:a:64::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:a:64::1


That gets me IPv6 connectivity on my box (through an ASA5505 configured to pass protocol 41 through and static NAT configured).  Here is my configuration as provided by HE:
IPv6 Tunnel Endpoints
Server IPv4 Address:216.218.226.238
Server IPv6 Address:2001:470:a:64::1/64
Client IPv4 Address:50.197.86.211
Client IPv6 Address:2001:470:a:64::2/64

Routed IPv6 Prefixes
Routed /64:2001:470:b:64::/64
Routed /48:2001:470:e8f9::/48


The /48 is new today, didn't know if I needed to use that for the internal network or if I would just hand out IPs from the /64 (not like there isn't enough).  From the prior post in this forum, I think I have to do something like this (Ethernet 4 is the virtual interface on my system that Hyper-V set up, with all of my existing IPv4 config on it already):
netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface "Ethernet 4" forwarding=enabled advertise=enabled
netsh int ipv6 add address "Ethernet 4" 2001:470:e8f9::1
netsh int ipv6 set route 2001:470:e8f9::/48 "Ethernet 4" publish=yes
netsh int ipv6 set route ::/0 IP6Tunnel 2001:470:e8f9::1 publish=yes


My only worry is that it looks like I would end up having two different default routes set up, and two different IPv6 addresses on my machine.  Can someone sanity-check me and correct where necessary?  Thanks muchly!

snarked

Your lan should use this allocation:  Routed /64:2001:470:b:64::/64

You don't need the /48 allocation unless you're running more than one network segment.

garrickstrom

So I have successfully got it all working.  There was an error in one of the commands in the prior forum post.  What I ended up doing is:

(original IPv6 config for single host)
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel 192.168.242.233 216.218.226.238
netsh interface ipv6 add address IP6Tunnel 2001:470:a:64::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:a:64::1

(new config added to route)
netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface "Ethernet 4" forwarding=enabled advertise=enabled
netsh int ipv6 add address "Ethernet 4" 2001:470:b:64::1
netsh int ipv6 set route 2001:470:b:64::/64 "Ethernet 4" publish=yes
netsh int ipv6 delete route ::/0 IP6Tunnel 2001:470:a:64::1                         <- had to remove old default route
netsh int ipv6 add route ::/0 IP6Tunnel 2001:470:b:64::1 publish=yes           <- command is "add" and not "set"


The generic form of the instructions then, if you want to do it all in one fel swoop would be (correct me if I am wrong):

Legend of variables:
$ipv4a   = tunnel server's IPv4 IP
$ipv4b   = user's IPv4 IP
$ipv6a   = tunnel server's side of point-to-point /64 allocation
$ipv6b   = user's side of point-to-point /64 allocation
$ipv6c   = first address of user's routed /64 allocation
$ipv6d   = user's routed /64 allocation
$adapter = name of local area network connection (where your IPv4 address is configured now)

netsh int teredo set state disabled
netsh int ipv6 add v6v4tunnel IP6Tunnel $ipv4b $ipv4a
netsh int ipv6 add address IP6Tunnel $ipv6b

netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface "$adapter" forwarding=enabled advertise=enabled
netsh int ipv6 add address "$adapter" $ipv6c
netsh int ipv6 set route $ipv6d "$adapter" publish=yes
netsh int ipv6 add route ::/0 IP6Tunnel $ipv6c publish=yes


Only hiccup might be getting IPv6 DNS resolution.  I had to put the HE IPv6 DNS server in my own DNS servers resolver list, but your mileage may vary.


ravenstar

The reason they used
set route ::/0 in the forum post you found was most likely as they'd already added it without publishing it when setting up the tunnel earlier in the instructions.  So they were just modifying the existing route so it was published.

Ravenstar68

watsonm

Sorry to be late to the party  :-)

but does this configuration mean that for the second machine to be able to use IPV6 then the first machine
needs to be switched on.



watsonm

Thanks  cholzhauer,

Is there a way of setting this up so that the first workstation does not need to be running

Mike

johanbar