• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

M0n0wall and a HE tunnel

Started by tonyk6, April 26, 2009, 10:52:59 AM

Previous topic - Next topic

tonyk6

Since M0nowall runs on FreeBSD, I figured I'd post this one here...

Okay here it goes: does anyone have any experience ending a "standard tunnel" on a M0n0wall box?

I've been using it for years on IPv4 and now I'm a bit confused with the IPv6 tunnel settings...  ;D

First, I've enabled the ICMP on its IPv4 firewall so that the HE tunnel could be created.

Then I've enabled IPv6. I was supposed to configure IPv6 on the WAN interface of the box, and I can't seem to get it right - the options are: static IP, tunnel and 6to4. I tried with the tunnel option and I can't even ping the IPv6 address of the WAN interface itself!  ???

Before I get into too much unneccessary details: is the anybody here, that has used M0n0wall with a HE tunnel?

I'm using the latest 1.3b16 M0no version.

Tnx!
Tony

tonyk6

OK, after two days of trying, here it goes (attention: always look outside the box, since my original problem was an XP box with a nonworking IPv6 stack... After switching to a laptop (also Win XP) it worked on the first try  :D)...

This is what's been entered into a M0n0wall box:
1. In the SYSTEM->Advanced tick this box: Enable IPv6 support

2. After restart go to FIREWALL->IPv4 Rules and make sure that ICMP type Echo packets are allowed in and outbound on WAN.

Now you can register for a free HE TB tunnel. This is the data I got from the HE TB (the tunnel's been erased... Just FYI  ;)):
Server IPv4 address:     216.66.XX.XX
   Server IPv6 address:    2001:470:1f0a:17c8::1/64
   Client IPv4 address:    193.77.XX.XX
   Client IPv6 address:    2001:470:1f0a:17c8::2/64
   Routed /48:    none
   Routed /64:    2001:470:1f0b:17c8::/64

3. Go to FIREWALL->IPv6 Rules and make sure that ICMP (all types)  packets are allowed in and outbound on WAN. This is good enough for testing, you should figure out for yourself which ICMP types are secure or not.

Still in FIREWALL->IPv6 Rules make sure that you allow all connections from Lan networks to any on LAN interface (since it's blocked by default, this is different as it was for IPv4!). Again, you might want to block some things here after testing is done...

4. Now we're getting down to bussiness. Go to INTERFACES->WAN->IPv6 configuration and select the Tunnel option in IPv6 mode menu. Paste the IP 2001:470:1f0a:17c8::2 into IPv6 address field and leave the mask at /64. That is all.

Then go to INTERFACES->LAN->IPv6 configuration IPv6 and select the static option in IPv6 mode menu. Paste the IP 2001:470:1f0b:17c8::1 into IPv6 address field and leave the mask at /64. Tick the box at Send IPv6 router advertisements.

M0n0 is ready now.

5. If you're gonna do testing on a XP box, go to command line and enter: ipv6 install.

Then check www.kame.net and see the dancing turtle. Congrats, you've just seen how an IPv4/v6 dual stack works.

liuxyon

ok. thanks. I am study this now.


QuoteThen go to INTERFACES->LAN->IPv6 configuration IPv6 and select the static option in IPv6 mode menu. Paste the IP 2001:470:1f0b:17c8::1 into IPv6 address field and leave the mask at /64. Tick the box at Send IPv6 router advertisements.

Server IPv6 address setup in LAN ? Is it right ?
<a href="http://ipv6.he.net/certification/scoresheet.php?pass_name=liuxyon" target="_blank"><img src="http://ipv6.he.net/certification/create_badge.php?pass_name=liuxyon&amp;badge=3" style="border: 0; width: 229px; height: 137px" alt="IPv6 Certification Badge for liuxyon"></img></a>

schaef350

The LAN IPv6 address is actually an address from the /64 that HE issued to you.  2001:470:1f0b:17c8::1/64 in your case.

There are a few tutorials out there with screen shots and all that I worked from:

http://technologyordie.com/configure-he-ipv6-over-ipv4-tunnel-monowall
or
http://superuser.com/questions/317896/how-to-configure-monowall-to-use-tunnelbroker