Print

[peebles]

Hi Folks,

I've just written a How-to "Setting up a Raspberry Pi as an IPv6 Gateway using Hurricane Electric. Before I put it on my blog proper, (It's currently resident on my home network). Could you have a quick look at it (if you have the time) and tell me if I've missed something obvious.

Any kind of opinion (good or bad) appreciated. It's based on previous work on my main website.

http://www.linuxhome.co.uk/?p=274

It's 3 pages.
1) Setting up the tunnel
2) Setting up a stateful firewall
3) Setting up DNSMasq to advertise the default IPv6 route and handle DNS (If needed).

Thanks in advance,

Billy

[nickbeee]

Nice detailed article.

You may want to consider using DHCPv6 to hand out IPv6 DNS servers to the clients - HE has 2001:470:20::2 and Google public DNS has IPv6 servers. You set the other stateful configuration flag in the RA's and then the hosts should be able to get their IPv6 DNS servers from DHCPv6.

Make sure your Pi and the corresponding switch port on the main router have negotiated a full-duplex connection otherwise you will see serious throughput problems. You can check this with one of the IPv6 speedtest sites such as ipv6-test.com or ipv6-speedtest.net

I've used this method with Cisco IOS, NetBSD and OpenBSD. I really must order a Pi, pity it only has one nic though as it limits its use as a router.

[kasperd]

tell me if I've missed something obvious.

You misspelled "their website".

The example configuration for the tunnel interface is incorrect. You are assigning an address from the routed /64 instead of the tunnel /64.

[peebles]

Well spotted kasperd, just amended it. 

nickbeee, I'll look into that in the next day or so and amend. I'll test the speed and the duplex and post the results tonight (just for general interest).

Thanks Guys,

Billy

[nickbeee]

The example configuration for the tunnel interface is incorrect. You are assigning an address from the routed /64 instead of the tunnel /64.

I read it as 2001:DB8:8:7aa::1/64 dev eth0 for the LAN interface and address 2001:DB8:7:7aa::2 for the tunnel (on page 1).

[kasperd]

just amended it.

I see the addresses were fixed, but "their website" is still not spelt correctly.

I read it as 2001:DB8:8:7aa::1/64 dev eth0 for the LAN interface and address 2001:DB8:7:7aa::2 for the tunnel (on page 1).

The table in the start of the article looked correct. But further down in the actual configuration it was incorrect (but that has been fixed).

[nickbeee]

I read it as 2001:DB8:8:7aa::1/64 dev eth0 for the LAN interface and address 2001:DB8:7:7aa::2 for the tunnel (on page 1).

The table in the start of the article looked correct. But further down in the actual configuration it was incorrect (but that has been fixed).

Our viewing times may have differed 

However, the important point has been made that it is a common mistake that people make trying to allocate the tunnel and the LAN side to the same /64. Fortunately most of us learn from this and go on to advise others of the same.

[peebles]

Amended with the following.

Tunnel Details follow :
Client IPv6 Endpoint    2001:DB8:7:7aa::2 (From the top of page one)

# IPv6 via Hurricane Electric Tunnel
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:DB8:7:7aa::1
netmask 64
endpoint 216.66.80.26
gateway 2001:DB8:7:7aa::2
ttl 255

Look ok now.

2001:DB8:8:7aa::/64 (My address range)
2001:DB8:8:7aa::1 (IP address of the ethernet interface)

Looks ok now.

Pffff 

Will post a speed test tomorrow and add the rest of the suggested settings.

Much appreciated,

Billy

[peebles]

[peebles]

Hi nickbeee

You may want to consider using DHCPv6 to hand out IPv6 DNS servers to the clients - HE has 2001:470:20::2 and Google public DNS has IPv6 servers. You set the other stateful configuration flag in the RA's and then the hosts should be able to get their IPv6 DNS servers from DHCPv6.

I read the dnsmasq man page and it was quite easy to do, so I changed the dnsmasq.conf file to do the above.

Make sure your Pi and the corresponding switch port on the main router have negotiated a full-duplex connection otherwise you will see serious throughput problems. You can check this with one of the IPv6 speedtest sites such as ipv6-test.com or ipv6-speedtest.net

Checked duplex using ethtool and it seemed ok (see below), I also tested the speed using [url]www.thinkbroadband.com/ipv6/speed-test.html/url].

Code: [Select]

Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes:   10baseT/Half 10baseT/Full
                        100baseT/Half 100baseT/Full
Supported pause frame use: No
Supports auto-negotiation: Yes
Advertised link modes:  10baseT/Half 10baseT/Full
                        100baseT/Half 100baseT/Full
Advertised pause frame use: Symmetric Receive-only
Advertised auto-negotiation: Yes
Link partner advertised link modes:  10baseT/Half 10baseT/Full
                                     100baseT/Half 100baseT/Full
Link partner advertised pause frame use: Symmetric Receive-only
Link partner advertised auto-negotiation: Yes
Speed: 100Mb/s
Duplex: Full
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Supports Wake-on: g
Wake-on: d
Current message level: 0x00000007 (7)
       drv probe link
Link detected: yes

If you can think of anything else that you think might need added/amended then please let me know.

Thanks for the help and suggestions,

Billy

[nickbeee]

That's quite a useful howto. As i've just ordered a 'Pi today I shall be investigating this particularly the dnsmasq config. I'm thinking of using mine to create an IPv6-capable 3G -> Wifi HostSpot. I just need to figure out if the Linux version supplied will support my Huwei 3G dongle.

Cheers,

[peebles]

I've been having a bit of trouble with my IPv6 tunnel routing through my Raspberry Pi, I've managed to work out what the problem was and added it to the instructions.

My Hurricane Electric Tunnel is set to 1480 (which should be the correct size for PPPoA "ADSL2+") so everything should be fine you would think (and it has been up until a few days ago)

My router rebooted (power cut) and as far as I understand it, my router negotiates it's MTU with my ISP and comes up with 1492 bytes. At this point my tunnel drops almost everything that tries to go through it.

So, to cut a long story short I've changed the MTU from 1480 to 1472 on both sides of the tunnel and everything is working fine now.

Added the following to the instructions.

# The MTU set on my router "negotiated via my ISP" is
# 1492. So 1492 - 20 = 1472.
# If your routers MTU is 1500, then you can just leave
# the following line out, as it will default to 1480.
mtu 1472

I was wondering if I should now advertise the new MTU via my DHCPv6 Setup? and update the documentation?

Any suggestions/advice appreciated.

Cheers,

Billy

[iav]

Actual article link http://www.dickson.me.uk/2013/03/15/setting-up-a-raspberry-pi-as-an-ipv6-gateway-using-hurricane-electric/