• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Need help setting up clarkconnect 4.3 to use HE tunnel

Started by moonman, June 22, 2009, 01:49:16 PM

Previous topic - Next topic

moonman

Hi everybody,

I've recently decided to use a dedicated machine with clarkconnect 4.3 as my main router for home and i've been wondering how to set up the tunnel to be used with it. I only have basic Linux knowledge and so I would appreciate step-by step instructions as I'm pretty lost right now but I would like to get it to work and learn along the way.

Any help is appreciated!
Thanks

moonman


snarked

Your message has been read.  I have never heard of clarkconnect.

moonman

ClarkConnect (clarkconnect.com) is a linux distro for x86 based on CentOS which is basically a free version of RedHat Enterprise. I just have a dedicated computer working as my main router and trying to get the ipv6 tunnel to work with it.

kriteknetworks


moonman

Well I have only tried the commands that are listed for linux net-tools and that didn't take me far. I don't really know where to start  :-\

broquea

Make sure that your machine has IPv6 enabled would be a good start. Check for the IPv6 module with lsmod, or if you don't see it, but have a link-local fe80:: address on your NIC, then its possible it was compiled into the kernel.

When you ran the ifconfig commands, did you get any errors? Provide as much detail about what you did for everyone to get a better idea of what to suggest.

moonman

that's what I did here:
[root@system nettrafd-1.4]# ifconfig sit0 up
[root@system nettrafd-1.4]# ifconfig sit0 inet6 tunnel ::216.218.226.238
[root@system nettrafd-1.4]# ifconfig sit1 up
[root@system nettrafd-1.4]# ifconfig sit1 inet6 add 2001:470:a:b6::2/64
[root@system nettrafd-1.4]# route -A inet6 add ::/0 dev sit1


Check for ipv6:
[root@system nettrafd-1.4]# lsmod | grep ipv6
ipv6                  261280  20
xfrm_nalgo             13316  1 ipv6


[root@system nettrafd-1.4]# cat /proc/net/if_inet6
00000000000000000000000000000001 01 80 10 80       lo
20010470000a00b60000000000000002 07 40 00 80     sit1
fe800000000000000222b0fffe62414b 03 40 20 80     eth1
0000000000000000000000007f000001 06 60 90 80     sit0
fe800000000000000000000048350b0c 07 40 20 80     sit1
00000000000000000000000048350b0c 06 60 80 80     sit0
fe8000000000000000000000c0a80101 07 40 20 80     sit1
000000000000000000000000c0a80101 06 60 80 80     sit0
fe80000000000000021e58fffea82faa 02 40 20 80     eth0


Output of ifconfig command (No errors):
[root@system nettrafd-1.4]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
         inet addr:xx.xx.xx.xx  Bcast:255.255.255.255  Mask:255.255.255.128
         inet6 addr: fe80::21e:58ff:fea8:2faa/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:35072 errors:0 dropped:0 overruns:0 frame:0
         TX packets:20745 errors:1 dropped:0 overruns:1 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:10309731 (9.8 MiB)  TX bytes:7654101 (7.2 MiB)
         Interrupt:10 Base address:0x4000

eth1      Link encap:Ethernet  HWaddr 00:xx:xx:xx:xx:xx
         inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
         inet6 addr: fe80::222:b0ff:fe62:414b/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:21567 errors:0 dropped:0 overruns:0 frame:0
         TX packets:18105 errors:1 dropped:0 overruns:1 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:7769784 (7.4 MiB)  TX bytes:9055672 (8.6 MiB)
         Interrupt:11 Base address:0x4000

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:1043 errors:0 dropped:0 overruns:0 frame:0
         TX packets:1043 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:178158 (173.9 KiB)  TX bytes:178158 (173.9 KiB)

sit0      Link encap:IPv6-in-IPv4
         inet6 addr: ::127.0.0.1/96 Scope:Unknown
         inet6 addr: ::72.53.11.12/96 Scope:Compat
         inet6 addr: ::192.168.1.1/96 Scope:Compat
         UP RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit1      Link encap:IPv6-in-IPv4
         inet6 addr: 2001:470:a:b6::2/64 Scope:Global
         inet6 addr: fe80::4835:b0c/64 Scope:Link
         inet6 addr: fe80::c0a8:101/64 Scope:Link
         UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


Also the client computer I'm using is running Windows XP without the ipv6, but as far as I understand it doesn't matter what IP version I'm using inside the LAN because it will be redirected to ipv6 as soon as it reaches WAN. But when I go to www.kame.net
the turtle is not dancing.

jimb

That's not true.  You need v6on the XP box too.  ATM only the sit1 of your gateway box has IPv6.  You need to use the routed /64 assigned by HE on your LAN.  You can do this either by using radvd on the gateway box (or wherever) to distribute the prefix and default router to your other machines (which will cause their IPv6 interfaces to autoconfigure) and set a v6 route to your gateway box, or you need to manually configure IPs on your XP box, or use DHCPv6.

Your v4 traffic won't automatically be converted to v6.  There's no "NAT" going on here.  It's just straight IPv6 routing.

You should probably also become familiar with he iproute2 (ip, etc) tools.  They're better than ifconfig for configuring tunnels and such.  They can be installed and used at the same time as ifconfig.

moonman

I've installed radvd with the default config file (just changed the interface and AdvRouterAddr to on):

interface eth1
{
AdvSendAdvert on;
MinRtrAdvInterval 30;
MaxRtrAdvInterval 100;
prefix 2001:db8:1:0::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};

};


launched it. Did "ipv6 install" on my xp machine and now it seems to be getting assigned an ipv6 address:
C:\Documents and Settings\Oleg>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : moonman
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : clarkconnect.lan

Ethernet adapter Wireless Network Connection:

        Connection-specific DNS Suffix  . : clarkconnect.lan
        Description . . . . . . . . . . . : Broadcom 802.11g Network Adapter
        Physical Address. . . . . . . . . : 00-14-A4-22-B3-4B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.146
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        IP Address. . . . . . . . . . . . : fe80::214:a4ff:fe22:b34b%4
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.1
                                            fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        Lease Obtained. . . . . . . . . . : Friday, June 26, 2009 00:06:30
        Lease Expires . . . . . . . . . . : Friday, June 26, 2009 12:06:30

Tunnel adapter Teredo Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
        Physical Address. . . . . . . . . : FF-FF-FF-FF-FF-FF-FF-FF
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::ffff:ffff:fffd%5
        Default Gateway . . . . . . . . . :
        NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Automatic Tunneling Pseudo-Interface:

        Connection-specific DNS Suffix  . : clarkconnect.lan
        Description . . . . . . . . . . . : Automatic Tunneling Pseudo-Interface

        Physical Address. . . . . . . . . : C0-A8-01-92
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : fe80::5efe:192.168.1.146%2
        Default Gateway . . . . . . . . . :
        DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                            fec0:0:0:ffff::2%1
                                            fec0:0:0:ffff::3%1
        NetBIOS over Tcpip. . . . . . . . : Disabled


And now every page on the internet seems forever to resolve.

I tried pinging an ipv6 host and it didn't work from the linux box itself:

[root@system ~]# ping6 www.kame.net
PING www.kame.net(orange.kame.net) 56 data bytes

--- www.kame.net ping statistics ---
18 packets transmitted, 0 received, 100% packet loss, time 16996ms

[root@system ~]# ping www.kame.net
PING www.kame.net (203.178.141.194) 56(84) bytes of data.
64 bytes from orange.kame.net (203.178.141.194): icmp_seq=1 ttl=49 time=178 ms
64 bytes from orange.kame.net (203.178.141.194): icmp_seq=2 ttl=49 time=176 ms

--- www.kame.net ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 999ms
rtt min/avg/max/mdev = 176.389/177.529/178.669/1.140 ms


So how do i get the sit0 interface to work and what is it for?

Thanks for all your help so far everybody!

jimb

OK.  First, you need to get your tunnel working.  I suggest reading up on it.  The instructions from the tunnel creation should work.  Make sure that iptables (if you're running it) is allowing IPv4 proto 41 through, etc, etc.  Get that tunnel pinging first.  If you can ping the other side w/ v6, the tunnel is working.  Then try pinging something farther out, that means the routing is working.  I suggest selecting the example config for "Linux-route2" on the HE web site under your tunnel and using that (as a starting point).

Make sure it's not NATing the traffic etc.  I'm presuming that your box is on the edge and doing routing/firewall/NAT for your v4 traffic, if not, and it's behind a NAT, then you need to make sure you place a static NAT on your NAT firewall and map ip proto 41 traffic to that box.  Also, if your gateway is behind a NAT, make sure you use the inside IP for your tunnel endpoint when you set up the interface, not your public, and of course tell HE your public address.  Your NAT will take care of NATing the tunnel traffic.  But if that box has the public IP on the outside interface, just make sure it's NOT natting it, and that iptables isn't blocking it.  Also check ip6tables to make sure you don't have rules blocking the ipv6 traffic.

Also make sure that you have IPv6 forwarding is enabled in the kernel (sysctl -w net.ipv6.conf.all.forwarding=1).  If you don't, your gateway box won't forward the traffic from other hosts (like your XP box).

Second.  The IPv6 addresses on your interfaces on XP are simply link local addresses (addresses in the fe80:/10 range are link local).  They are automatically created on every IPv6 interface.  Did you anonymize the IPv6 in your config?  If not, your v6 boxes should be autoconfiguring with IP addresses with the prefix you are advertising in your radvd.conf.  If that's the actual address you used in your config, obviously you need to replace it with your HE assigned routed /64.

Here's mine for comparison:


interface eth0
{
       AdvSendAdvert on;
       AdvLinkMTU 1280;
       MaxRtrAdvInterval 300;
       # advertise subnet 0 of our /48
       prefix 2001:db8:1234::/64
       {
               AdvOnLink on;
               AdvAutonomous on;
       };
};

(obviously the prefix has been anonymized)

If this is working, it will advertise the prefix and default route to your v6 boxes, and they should autoconfig w/ an address using the prefix and an EUI-64 based on their MAC address (note that windows boxes also anonymize the IPv6 addresses as time goes by, adding a new random host numbers and using those for purposes of privacy.  You can turn this behavior off with "netsh int ipv6 set privacy disabled").  It should also get a v6 default route through the interface on your gateway box (mine advertises the link local address, which works just fine).

If you have the tunnel up, and ipv6 forwarding turned on, and iptables and ip6tables sorted, it should work.  Works for me on my gentoo gateway box.  :P

EDIT:  Here's a link to my config on my gentoo box for comparison.  Addresses anonymized.  Also note that my box is behind a NAT, and I have static destination NAT set up directing IPv4 proto 41 traffic to that box, and the 6in4 inside IP gets NATed to my public on the way to HE.  (I have to do this 'cause my edge firewall presently doesn't support v6.  :-[  That will probably be replaced by this box when I stop being lazy about it.)