Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Need help setting up clarkconnect 4.3 to use HE tunnel  (Read 8164 times)

moonman

  • Newbie
  • *
  • Posts: 6
Need help setting up clarkconnect 4.3 to use HE tunnel
« on: June 22, 2009, 01:49:16 PM »

Hi everybody,

I've recently decided to use a dedicated machine with clarkconnect 4.3 as my main router for home and i've been wondering how to set up the tunnel to be used with it. I only have basic Linux knowledge and so I would appreciate step-by step instructions as I'm pretty lost right now but I would like to get it to work and learn along the way.

Any help is appreciated!
Thanks
Logged

moonman

  • Newbie
  • *
  • Posts: 6
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #1 on: June 22, 2009, 10:26:47 PM »

Anybody?  ???
Logged

snarked

  • Hero Member
  • *****
  • Posts: 743
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #2 on: June 23, 2009, 12:20:14 AM »

Your message has been read.  I have never heard of clarkconnect.
Logged

moonman

  • Newbie
  • *
  • Posts: 6
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #3 on: June 24, 2009, 11:01:39 AM »

ClarkConnect (clarkconnect.com) is a linux distro for x86 based on CentOS which is basically a free version of RedHat Enterprise. I just have a dedicated computer working as my main router and trying to get the ipv6 tunnel to work with it.
« Last Edit: June 24, 2009, 11:12:19 AM by moonman »
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 259
    • aRDy Music
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #4 on: June 24, 2009, 01:55:29 PM »

What have you tried so far?
Logged

moonman

  • Newbie
  • *
  • Posts: 6
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #5 on: June 24, 2009, 08:30:14 PM »

Well I have only tried the commands that are listed for linux net-tools and that didn't take me far. I don't really know where to start  :-\
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1705
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #6 on: June 24, 2009, 09:32:21 PM »

Make sure that your machine has IPv6 enabled would be a good start. Check for the IPv6 module with lsmod, or if you don't see it, but have a link-local fe80:: address on your NIC, then its possible it was compiled into the kernel.

When you ran the ifconfig commands, did you get any errors? Provide as much detail about what you did for everyone to get a better idea of what to suggest.
Logged

moonman

  • Newbie
  • *
  • Posts: 6
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #7 on: June 25, 2009, 07:43:51 PM »

that's what I did here:
Code: [Select]
[root@system nettrafd-1.4]# ifconfig sit0 up
[root@system nettrafd-1.4]# ifconfig sit0 inet6 tunnel ::216.218.226.238
[root@system nettrafd-1.4]# ifconfig sit1 up
[root@system nettrafd-1.4]# ifconfig sit1 inet6 add 2001:470:a:b6::2/64
[root@system nettrafd-1.4]# route -A inet6 add ::/0 dev sit1

Check for ipv6:
Code: [Select]
[root@system nettrafd-1.4]# lsmod | grep ipv6
ipv6                  261280  20
xfrm_nalgo             13316  1 ipv6

Code: [Select]
[root@system nettrafd-1.4]# cat /proc/net/if_inet6
00000000000000000000000000000001 01 80 10 80       lo
20010470000a00b60000000000000002 07 40 00 80     sit1
fe800000000000000222b0fffe62414b 03 40 20 80     eth1
0000000000000000000000007f000001 06 60 90 80     sit0
fe800000000000000000000048350b0c 07 40 20 80     sit1
00000000000000000000000048350b0c 06 60 80 80     sit0
fe8000000000000000000000c0a80101 07 40 20 80     sit1
000000000000000000000000c0a80101 06 60 80 80     sit0
fe80000000000000021e58fffea82faa 02 40 20 80     eth0

Output of ifconfig command (No errors):
Code: [Select]
[root@system nettrafd-1.4]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
          inet addr:xx.xx.xx.xx  Bcast:255.255.255.255  Mask:255.255.255.128
          inet6 addr: fe80::21e:58ff:fea8:2faa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:35072 errors:0 dropped:0 overruns:0 frame:0
          TX packets:20745 errors:1 dropped:0 overruns:1 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10309731 (9.8 MiB)  TX bytes:7654101 (7.2 MiB)
          Interrupt:10 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::222:b0ff:fe62:414b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:21567 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18105 errors:1 dropped:0 overruns:1 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7769784 (7.4 MiB)  TX bytes:9055672 (8.6 MiB)
          Interrupt:11 Base address:0x4000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1043 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1043 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:178158 (173.9 KiB)  TX bytes:178158 (173.9 KiB)

sit0      Link encap:IPv6-in-IPv4
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          inet6 addr: ::72.53.11.12/96 Scope:Compat
          inet6 addr: ::192.168.1.1/96 Scope:Compat
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit1      Link encap:IPv6-in-IPv4
          inet6 addr: 2001:470:a:b6::2/64 Scope:Global
          inet6 addr: fe80::4835:b0c/64 Scope:Link
          inet6 addr: fe80::c0a8:101/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

Also the client computer I'm using is running Windows XP without the ipv6, but as far as I understand it doesn't matter what IP version I'm using inside the LAN because it will be redirected to ipv6 as soon as it reaches WAN. But when I go to www.kame.net
 the turtle is not dancing.
« Last Edit: June 25, 2009, 07:51:02 PM by moonman »
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #8 on: June 25, 2009, 09:43:22 PM »

That's not true.  You need v6on the XP box too.  ATM only the sit1 of your gateway box has IPv6.  You need to use the routed /64 assigned by HE on your LAN.  You can do this either by using radvd on the gateway box (or wherever) to distribute the prefix and default router to your other machines (which will cause their IPv6 interfaces to autoconfigure) and set a v6 route to your gateway box, or you need to manually configure IPs on your XP box, or use DHCPv6.

Your v4 traffic won't automatically be converted to v6.  There's no "NAT" going on here.  It's just straight IPv6 routing.

You should probably also become familiar with he iproute2 (ip, etc) tools.  They're better than ifconfig for configuring tunnels and such.  They can be installed and used at the same time as ifconfig.
« Last Edit: June 25, 2009, 09:52:32 PM by jimb »
Logged

moonman

  • Newbie
  • *
  • Posts: 6
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #9 on: June 25, 2009, 11:50:59 PM »

I've installed radvd with the default config file (just changed the interface and AdvRouterAddr to on):

Code: [Select]
interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};

};

launched it. Did "ipv6 install" on my xp machine and now it seems to be getting assigned an ipv6 address:
Code: [Select]
C:\Documents and Settings\Oleg>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : moonman
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : clarkconnect.lan

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . : clarkconnect.lan
        Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
        Physical Address. . . . . . . . . : 00-14-A4-22-B3-4B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.146
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::214:a4ff:fe22:b34b%4
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Friday, June 26, 2009 00:06:30
        Lease Expires . . . . . . . . . . : Friday, June 26, 2009 12:06:30

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : clarkconnect.lan
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-01-92
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.146%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        NetBIOS over Tcpip. . . . . . . . : Disabled

And now every page on the internet seems forever to resolve.

I tried pinging an ipv6 host and it didn't work from the linux box itself:

Code: [Select]
[root@system ~]# ping6 www.kame.net
PING www.kame.net(orange.kame.net) 56 data bytes

--- www.kame.net ping statistics ---
18 packets transmitted, 0 received, 100% packet loss, time 16996ms

[root@system ~]# ping www.kame.net
PING www.kame.net (203.178.141.194) 56(84) bytes of data.
64 bytes from orange.kame.net (203.178.141.194): icmp_seq=1 ttl=49 time=178 ms
64 bytes from orange.kame.net (203.178.141.194): icmp_seq=2 ttl=49 time=176 ms

--- www.kame.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 176.389/177.529/178.669/1.140 ms

So how do i get the sit0 interface to work and what is it for?

Thanks for all your help so far everybody!
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Need help setting up clarkconnect 4.3 to use HE tunnel
« Reply #10 on: June 26, 2009, 12:51:42 AM »

OK.  First, you need to get your tunnel working.  I suggest reading up on it.  The instructions from the tunnel creation should work.  Make sure that iptables (if you're running it) is allowing IPv4 proto 41 through, etc, etc.  Get that tunnel pinging first.  If you can ping the other side w/ v6, the tunnel is working.  Then try pinging something farther out, that means the routing is working.  I suggest selecting the example config for "Linux-route2" on the HE web site under your tunnel and using that (as a starting point).

Make sure it's not NATing the traffic etc.  I'm presuming that your box is on the edge and doing routing/firewall/NAT for your v4 traffic, if not, and it's behind a NAT, then you need to make sure you place a static NAT on your NAT firewall and map ip proto 41 traffic to that box.  Also, if your gateway is behind a NAT, make sure you use the inside IP for your tunnel endpoint when you set up the interface, not your public, and of course tell HE your public address.  Your NAT will take care of NATing the tunnel traffic.  But if that box has the public IP on the outside interface, just make sure it's NOT natting it, and that iptables isn't blocking it.  Also check ip6tables to make sure you don't have rules blocking the ipv6 traffic.

Also make sure that you have IPv6 forwarding is enabled in the kernel (sysctl -w net.ipv6.conf.all.forwarding=1).  If you don't, your gateway box won't forward the traffic from other hosts (like your XP box).

Second.  The IPv6 addresses on your interfaces on XP are simply link local addresses (addresses in the fe80:/10 range are link local).  They are automatically created on every IPv6 interface.  Did you anonymize the IPv6 in your config?  If not, your v6 boxes should be autoconfiguring with IP addresses with the prefix you are advertising in your radvd.conf.  If that's the actual address you used in your config, obviously you need to replace it with your HE assigned routed /64.

Here's mine for comparison:

Code: [Select]
interface eth0
{
        AdvSendAdvert on;
        AdvLinkMTU 1280;
        MaxRtrAdvInterval 300;
        # advertise subnet 0 of our /48
        prefix 2001:db8:1234::/64
        {
                AdvOnLink on;
                AdvAutonomous on;
        };
};
(obviously the prefix has been anonymized)

If this is working, it will advertise the prefix and default route to your v6 boxes, and they should autoconfig w/ an address using the prefix and an EUI-64 based on their MAC address (note that windows boxes also anonymize the IPv6 addresses as time goes by, adding a new random host numbers and using those for purposes of privacy.  You can turn this behavior off with "netsh int ipv6 set privacy disabled").  It should also get a v6 default route through the interface on your gateway box (mine advertises the link local address, which works just fine).

If you have the tunnel up, and ipv6 forwarding turned on, and iptables and ip6tables sorted, it should work.  Works for me on my gentoo gateway box.  :P

EDIT:  Here's a link to my config on my gentoo box for comparison.  Addresses anonymized.  Also note that my box is behind a NAT, and I have static destination NAT set up directing IPv4 proto 41 traffic to that box, and the 6in4 inside IP gets NATed to my public on the way to HE.  (I have to do this 'cause my edge firewall presently doesn't support v6.  :-[  That will probably be replaced by this box when I stop being lazy about it.)
« Last Edit: June 26, 2009, 01:27:15 AM by jimb »
Logged