• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Problems configuring Mac running 10.12.4

Started by majortom, April 16, 2017, 11:07:41 AM

Previous topic - Next topic

majortom

I have a Mac running 10.12.4 on which I am trying to configure a tunnel.
The Mac's IP is 47.144.xxx.yyy.
The
Server IPv4 Address:66.220.18.42
Server IPv6 Address:2001:470:c:XXX::1/64
Client IPv4 Address:47.144.132.189
Client IPv6 Address:2001:470:c:XXX::2/64

I have the following result from ifconfig gif1

gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
   tunnel inet 47.144.XXX.XXX --> 66.220.18.42
   inet6 fe80::3ac9:86ff:XXXX:5da%gif1 prefixlen 64 scopeid 0x12
   inet6 2001:470:c:XXX::2 --> 2001:470:c:XXX::1 prefixlen 128
   nd6 options=201<PERFORMNUD,DAD>

Unfortunately:

ping6 2001:470:c:f52::2
PING6(56=40+8+8 bytes) 2001:470:c:XXX::2 --> 2001:470:c:XXX::2
^C
--- 2001:470:c:XXX::2 ping6 statistics ---
13 packets transmitted, 0 packets received, 100.0% packet loss

I clearly have something configured incorrectly, but I am not sure what to check. On my working FreeBSD 11 box, that ping of the gif IPv6 address works fine.

cholzhauer

Is the MTU the same?  You're not using the same tunnel on your Mac as you are FreeBSD, right?

majortom

Quote from: cholzhauer on April 17, 2017, 05:39:39 AM
Is the MTU the same?  You're not using the same tunnel on your Mac as you are FreeBSD, right?

Different tunnels on both boxes, but even if they were the same, that would just prevent them from working, but I should still be able to ping6 the local end of the tunnel.

majortom

The problem I was having was that PF was blocking 6in4 traffic (protocol 41). I also discovered that I needed to enable the sysctl net.inet6.ip6.forwarding.

Having been through this now, I think I have all the items I need:

The sample configuration the tunnel broker suggests for Mac OS X is this:

ifconfig gif0 create
ifconfig gif0 tunnel CLIENT_IPv4_ADDRESS TUNNEL_SERVER_IPv4_ADDRESS
ifconfig gif0 inet6 CLIENT_IPv6_ADDRESS TUNNEL_SERVER_IPv6_ADDRESS prefixlen 128
route -n add -inet6 default TUNNEL_SERVER_IPv6_ADDRESS

These lines might need to be added to PF (it does not hurt to have them even if they might not be needed):

icmp6_types = "{ unreach, toobig, timex, paramprob, echoreq, echorep, neighbradv, neighbrsol, routeradv, routersol }"   
pass inet6 proto ipv6-frag   
pass in on EXT_INTERFACE proto 41 from TUNNEL_SERVER_IPv4_ADDRESS   
pass out on EXT_INTERFACE proto 41 to TUNNEL_SERVER_IPv4_ADDRESS   
pass in on gif0 inet6 proto icmp6 all icmp6-type $icmp6_types allow-opts   

Finally, if the machine is going to gateway IPv6 traffic:

sysctl net.inet6.ip6.forwading=1