• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Solaris client configuration of HE's Tunnel Broker tunnels

Started by drydog, November 18, 2008, 10:44:21 AM

Previous topic - Next topic

drydog

For those who may be interested, I wrote a blog entry about using Hurricane Electric's Tunnel Broker and IP Protocol 41 IPv6/IPv4 tunnel on Solaris.
It's at:

http://blogs.sun.com/DanX/entry/solaris_ipv6_tunnel_setup

HE also provides the ifconfig/route commands needed to configure the tunnel.  To see these, select "Solaris" under the "Example Configurations" pull-down menu on the "Tunnel Details" after creating a tunnel.

This works for both Solaris 10 and OpenSolaris.  IPv6 is also supported back to Solaris 8 out-of-the-box, but I haven't tried the older versions personally.

- Dan

drydog

#1
For HE IPv6 tunnels, there are example configurations for various operating systems, including Solaris.  For example, for my tunnel:
ifconfig ip.tun0 inet6 plumb
ifconfig ip.tun0 inet6 tsrc 66.27.60.10 tdst 66.220.18.42 up
ifconfig ip.tun0 inet6 addif 2001:470:c:2ed::2 2001:470:c:2ed::1 up
route add -inet6 default 2001:470:c:2ed::1


To make this persistent across reboots, here's what's needed:
# cat >/etc/hostname6.ip.tun0
tsrc 66.27.60.10 tdst 66.220.18.42 up
addif 2001:470:c:2ed::2 2001:470:c:2ed::1 up
^D

# cat >/etc/inet/ndpd.conf
# Times in milliseconds; see RFC 1970 and 4861:
ifdefault AdvReachableTime 30000 AdvRetransTimer 2000
ifdefault AdvSendAdvertisements on
# Advertise local IPv6 subnet routed by HE:
prefix 2001:470:d:2ed::/64      e1000g0
^D


(replace "e1000g0" with your network interface from "ifconfig -a")

Use "route -p" to make routes persistent across reboots:
# /usr/sbin/route -p add -inet6 default 2001:470:c:2ed::1

(change 66.27.60.10 to your local LAN IP address if your side of the tunnel is behind a NAT firewall (e.g., 192.168.0.100).  These local NAT addresses should begin with 192.168, 10, or 172.16-172.31)

For more information see my blog:
   http://blogs.sun.com/DanX/entry/solaris_ipv6_tunnel_setup
And this posting:
   http://www.optix.org/~dxy/solaris/ipv6/

drydog

I moved my HE tunnelbroker.net IPv6 in IPv4 tunnel client off my Solaris server to a D-Link DIR-825 router.  Now my Solaris server is just another IPv6 client on my local network, but with a "simpler" hard-coded IPv6 address ending in ::2.  Here's how I configure it with a address and route:

Step 1, create a /etc/hostname6.(Interface) file.  It could be empty if you want a default address based on the MAC address.  I want an address ending with ::2, so I specify it:

# cat /etc/hostname6.e1000g0
addif 2001:470:d:2ed::2/128 up


Step 2, add a default route to the router link-local address.  This is usually automatic, but I think because I need to enable DHCPv6 on the D-Link DIR router (which runs the IPv6 tunnel to HE).  Create a persistent route (that lasts through reboots) with route -p (this does the equivalent of /etc/defaultrouter for IPv6):

# route -p add -inet6 default fe80::218:e7ff:fef7:3a73
add net default: gateway fe80::218:e7ff:fef7:3a73
add persistent net default: gateway fe80::218:e7ff:fef7:3a73


Step 3, trust but verify:

# cat /etc/inet/static_routes
# File generated by route(1M) - do not edit.
-inet6 default 2001:470:c:2ed::1
-inet6 default fe80::218:e7ff:fef7:3a73

# netstat -rn
. . . (IPv4 routes) . . .
Routing Table: IPv6
 Destination/Mask            Gateway                   Flags Ref   Use    If
--------------------------- --------------------------- ----- --- ------- -----
::1                         ::1                         UH      8    1434 lo0
2001:470:d:2ed::2           2001:470:d:2ed::2           UH      2       0 e1000g0
fe80::/10                   fe80::215:17ff:fef4:1221    U       3       7 e1000g0
default                     fe80::218:e7ff:fef7:3a73    UG      2      23

# ifconfig -a
. . . (IPv4 interfaces) . . .
lo0: flags=2002000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv6,VIRTUAL> mtu 8252 index 1
       inet6 ::1/128
e1000g0: flags=2004841<UP,RUNNING,MULTICAST,DHCP,IPv6> mtu 1500 index 2
       inet6 fe80::215:17ff:fef4:1221/10
e1000g0:1: flags=2000841<UP,RUNNING,MULTICAST,IPv6> mtu 1500 index 2
       inet6 2001:470:d:2ed::2/128


drydog

Here's an article on configuring a 6to4 (RFC 3056) IPv6 tunnel on Solaris, by Sebastien Roy:

http://blogs.sun.com/seb/entry/configuring_a_solaris_6to4_router

Also, a similar writeup in the Solaris System Administration Guide, "How to Configure a 6to4 Tunnel":
http://docs.sun.com/app/docs/doc/819-3000/ipv6-config-tasks-24

For example, here's how I did it with HE's tunnel server:
# cat /etc/hostnam6.ip.tun0:
tsrc 10.11.12.30 tdst 66.220.18.42 up
addif 2001:470:c:2ed::2 2001:470:c:2ed::1 up
# cat /etc/inet/ndpd.conf
ifdefault AdvReachableTime 30000 AdvRetransTimer 2000
ifdefault AdvSendAdvertisements on
prefix 2001:470:d:2ed::/64      e1000g0
# svcadm disable /network/physical:nwam
# svcadm enable /network/routing/ndp /network/physical:default


There's a newer way to configure tunnels with dladm(1M), but I haven't taken the time to try it:
http://hub.opensolaris.org/bin/view/Project+clearview/iptun
http://hub.opensolaris.org/bin/download/Project+clearview/docs/iptunnel.pdf

brianewell

Quote from: drydog on November 22, 2010, 10:54:59 AM
There's a newer way to configure tunnels with dladm(1M), but I haven't taken the time to try it:
http://hub.opensolaris.org/bin/view/Project+clearview/iptun
http://hub.opensolaris.org/bin/download/Project+clearview/docs/iptunnel.pdf

I use dladm to configure my tunnels exclusively now.


dladm create-iptun -T ipv4 -a local=<local_ipv4_endpoint>,remote=<remote_ipv4_endpoint> he0
ipadm create-addr -T static -a local=<local_ipv6_address>,remote=<remote_ipv6_address> he0/v6
route -p add -inet6 default <remote_ipv6_address>


by default, dladm and ipadm configurations are persistent (unless -t is used), and routes are persistent with -p.  No configuration scripts are needed after you configure your tunnels this way in Solaris.