• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

New tunnel set up, but which IP's to use?

Started by ASTV, October 18, 2014, 03:19:35 PM

Previous topic - Next topic

ASTV

Hi all,

I've just set up a tunnel but am confused over what IP's I should be using for internet facing services.  Hope I'm not putting myself at risk by posting real IP's but this is the config I used to set the tunnel up -

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel 65.181.120.57 209.51.161.14
netsh interface ipv6 add address IP6Tunnel 2001:470:1f06:ec1::2
netsh interface ipv6 add route ::/0 IP6Tunnel 2001:470:1f06:ec1::1


This is my routed /64

2001:470:1f07:ec1::/64

I added IP addresses from this block to IP6Tunnel using the command

netsh interface ipv6 add address IP6Tunnel 2001:470:1f07:ec1::?   (replace ? with various numbers)

I've set these addresses up in DNS and now cannot reach the services set up with these addresses

Where have I gone wrong?

Thanks for looking

cholzhauer

Here's a general overview:

Tunnel /64:  ::1 is the HE end, ::2 is assigned to the tunnel adapter on your end
Routed /64.  You use these IP addresses as you wish on one subnet; your default gateway is the ::1 address of your tunnel /64

ASTV

Sort of half understood your answer, but what do I actually have to do to fix it, no services with IP's on the routed /64 can be reached

cholzhauer

The easy way?  Tear down everything you have and start over.

Or, you can attempt to undo the last command you issued:

Quote
netsh interface ipv6 add address IP6Tunnel 2001:470:1f07:ec1::?   (replace ? with various numbers)

What you did was to add a second IP address to your tunnel adapter, and that confused the heck out of it. 

ASTV

Now I'm really confused

I think what I'm trying to ask is what IP's should be used for internet facing hosts, what subnet (sorry if that's the wrong terminology) should they be taken from (routed /64?), and how I should set these IP's up so they're available for services like IIS

cholzhauer

Let me try again

Step one, make your tunnel work.

Step two, take IP addresses from your routed /64 and assign them to all of your hosts, including the inside interface of the device that's hosting your tunnel. 
You didn't post your IP allocations, so I'll make some up as an example

If your routed /64 is 2001:db8:1234:5678::/64 then you could do something like

2001:db8:1234:5678::1 = inside interface of your router
2001:db8:1234:5678::2 = email
2001:db8:1234:5678::3 = IIS
ect

Hopefully that helps.

ASTV

I think I'm starting to understand what you're saying (and I gave all the information I had in my first post)

I'll keep plugging away and see how it goes, thanks for your help

ASTV

Ok, I've had another bash at this, you'll probably laugh at some of the things I've done but that's how I learn.

These are my he.net IP's

Server IPv4 Address:  209.51.161.14
Server IPv6 Address:  2001:470:1f06:ec1::1/64
Client IPv4 Address:   65.181.120.57
Client IPv6 Address:   2001:470:1f06:ec1::2/64

This is my routed /64

2001:470:1f07:ec1::/64

I've removed the extra IP addresses I added to the IP6Tunnel interface

I'm trying to set this tunnel up on a Windows Server 2012 VPS, I don't have access to the router, rightly or wrongly I've added the addresses I want to use for internet facing services to the Ethernet interface

I'm at a point where I can ping the client end of the tunnel (ping -6 2001:470:1f06:ec1::2), but can't ping anything in the 2001:470:1f07:ec1::/64 network

The Windows firewall is passing protocol 41

Services are still not available on IPv6 so I don't know what to try next or if this will ever work

ASTV

Ok, it looks like I've cracked it, I found these extra commands in another thread and entered them (after translating to my IP's)

netsh int ipv6 set interface IP6Tunnel forwarding=enabled
netsh int ipv6 set interface Ethernet forwarding=enabled advertise=enabled
netsh int ipv6 add address Ethernet 2001:470:1f07:ec1::1       <<<    I'd already added this IP
netsh int ipv6 set route 2001:470:1f07:ec1::/64 Ethernet publish=yes
netsh interface ipv6 set route ::/0 IP6Tunnel 2001:470:1f06:ec1::1 publish=yes

The following output (from my laptop at home) shows I'm now connecting to two websites running on the VPS via their IPv6 addresses

C:\Users\Danny>netstat -af -p tcpv6

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    [2001:470:1f08:f19::2]:64322  www.airseatac.net:http  ESTABLISHED
  TCP    [2001:470:1f08:f19::2]:64330  beta.airseatac.net:http  ESTABLISHED


C:\Users\Danny>netstat -an -p tcpv6

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    [2001:470:1f08:f19::2]:64410  [2001:470:1f07:ec1::14]:80  ESTABLISHED
  TCP    [2001:470:1f08:f19::2]:64414  [2001:470:1f07:ec1::19]:80  ESTABLISHED