Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Routing clients through Server's IP6 tunnel  (Read 1227 times)

johanbar

  • Newbie
  • *
  • Posts: 4
Routing clients through Server's IP6 tunnel
« on: April 20, 2021, 04:30:14 PM »

Hi Guys

I've been trying to route my client PC's off my server through the IP6 tunnel.

My DHCP6 hands out fd::/64 to my clients and I've set the ethernet port vWan as the router (which the tunnel and clients are connected to).

I've been reading https://forums.he.net/index.php?topic=3067.0 this post but he removes the default gateway on the Tunnel and all falls over, not sure how this setup is working?

My Tunnel works great:
netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel localaddress=10.1.1.1 remoteaddress=216.66.87.134

netsh interface ipv6 add address IP6Tunnel 2001:470:1f22:60::2
netsh interface ipv6 set interface IP6Tunnel forwarding=enabled
netsh interface ipv6 add route prefix=::/0 interface=IP6Tunnel nexthop=2001:470:1f22:60::1  publish=yes store=persistent

Tunnel on the server works fine.

To get clients routed through vWan If added as per post:
netsh interface ipv6 set interface vWan routerdiscovery=enabled
netsh interface ipv6 set interface vWan forwarding=enabled

I have no idea how to route incoming connections from the fd::/64 network through the tunnel to use fd::1 as the router?
DHCP6 clients see fd::1 as dns and default route (dns works fine)

Lan/Wan is:

Ethernet adapter vWan:

   Connection-specific DNS Suffix  . : domain
   IPv6 Address. . . . . . . . . . : fd::1
   IPv6 Address. . . . . . . . . . : fd::de         (for some reason DHCP6 assigned another)
   Link-local IPv6 Address . .  : fe80::b4c1:ba9c:dddd:28a8%5
   IPv4 Address. . . . . . . . . .  : 10.1.1.1
   Subnet Mask . . . . . . . . . .. : 255.0.0.0
   IPv4 Address. . . . . . . . . . . : 192.168.88.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . .  . : 10.1.1.100

Tunnel adapter IP6Tunnel:

   Connection-specific DNS Suffix  . : domain
   IPv6 Address. . . . . . . . . . . : fd::c7            (also assigned by the DHCP6)
   IPv6 Address. . . . . . . . . . . : 2001:470:1f22:60::2
   Link-local IPv6 Address . . . . . : fe80::9852:9aa8:4e2:5bb5%8
   Default Gateway . . . . . . . . . : 2001:470:1f22:60::1


Do someone know how to route the fd::/64 clients through the tunnel please?
Thanks allot
Johan
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1751
Re: Routing clients through Server's IP6 tunnel
« Reply #1 on: April 20, 2021, 06:22:30 PM »

Why are you trying to use fd:: instead of the routed /64 or /48? Is your router acting as a nat66 gateway appliance as well, or did you just pick rando space in hopes it would route through the tunnel? We're only going to allow traffic sourced from the correct ranges/allocations through the tunnel.
Logged

johanbar

  • Newbie
  • *
  • Posts: 4
Re: Routing clients through Server's IP6 tunnel
« Reply #2 on: April 20, 2021, 08:38:30 PM »

Hi

Thank you so much for replying.

My understanding was that fd:: is a private network range and hence a logical choice.  Should I change the network to be 2001:470:1f22:60::/64 and assign IPs to the clients i.e. 2001:470:1f22:60::3/64, 2001:470:1f22:60::4/64 instead?

I'm a bit out of my depth here.

Thanks again.
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1751
Re: Routing clients through Server's IP6 tunnel
« Reply #3 on: April 21, 2021, 11:35:52 AM »

I mean, if you've got a working nat66 set up, then fd:: shouldn't be an issue. If you don't, maybe start with the routed space, then graduate to trying out nat66.
Logged

johanbar

  • Newbie
  • *
  • Posts: 4
Re: Routing clients through Server's IP6 tunnel
« Reply #4 on: April 22, 2021, 01:26:04 AM »

Thanks

Got it working.  This post https://forums.he.net/index.php?topic=3067.0 helped.  Thanks garrickstrom

Thanks again for replying.
Logged