• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Help Autoconfiguration

Started by InterHealthUSA, September 22, 2009, 09:43:59 AM

Previous topic - Next topic

InterHealthUSA

So I setup my tunnel on my Juniper SSG20.   I setup ipv6 on my trusted interface, in router mode, Added the prefix for my /48 addresses.  Selected MTU, link layer address, allow transmission.   My clients, windows 2008 server, win 7, win vista are set with IPv6 autoconfiguration enabled.   But the only IPv6 address I get is the link local.   I tried entering the gateway address manually, and if I manually enter a static IPv6 address I can then access IPv6 sites on the internet an ping -6 ipv6 addresses.

What am I missing that is not allowing my clients to get an IPv6 address from my /48.

cholzhauer

Normally you're supposed to create multiple /64 networks out of your /48...from what your post describes, you didn't do that.  Can you confirm?

InterHealthUSA

I did not - Thank you for pointing this out.  I will pull up a Ipv6 calculator and split this off into /64 subnets and retry.  Thanks

InterHealthUSA

So on my tunnel details it shows my Routed /48:  and my routed /64:  the routed /64 seems to be teh same prefix as my Client and server IPv6 addresses but the routed /48:  appear to be a seperate prefix.  I will plug in the Routed /64: prefix and see if that solves my issue.  (or should i split off a subnet from my routed /48?).

Thanks

cholzhauer

Not a problem...you really don't need a calculator if you don't want to go to the hassle.

HE gave you a /48 which should look like xxxx:xxxx:xxxx::/48

You just need to make up the fourth group, so it would look like this  xxxx:xxxx:xxxx:xxxx::/64

cholzhauer


cholzhauer

I don't use HE for my address allocation, but it appears you need to use the /48 if you have more than one subnet.

Are you planning on using more than on subnet?  If yes, use the /48

If no, you can use either the /48 or /64

broquea

FYI the routed /64 is not the same as your tunnel's point-to-point, there will be a subtle difference in the /48 it is allocated from.

jimb

Does the SSG20 even do the router advertisement/radvd thing?  If so mebbe it's not turned on automatically on screenos (or whatever the SSG series runs ... haven't messed with those yet).

InterHealthUSA

Yes, I appearantly can't read today.  the routed /64 is different then the /48 it is allocated from.  Thank you. I will pay closer attention. I did actually type the correct information into my router configuration.   Anyway.  At the moment I am not sure if I will use more than one subnet, so I will split the first /64 off of my /48 per your advice and run with it.

Yeah, I am now getting ip address being assigned.  I currently have my router flagged as managed (stateful instead of stateless) but I think that is ok.  Now I need to recheck my routing as my tunnel is up, but I am no longer able to ping -6 the endpoints of the tunnel.  I think I am almost there. ;D

InterHealthUSA

Trying to troubleshoot - does anyone have any IPv6 addresses on the internet that are Ping able.  I can not seem to ping my tunnel server address from in my trusted zone and I am trying to determine what is going on.  I could ping it yesterday - my tunnel is up.

jimb

ipv6.l.google.com.      300     IN      AAAA    2001:4860:b002::68
www.kame.net.           86400   IN      AAAA    2001:200:0:8002:203:47ff:fea5:3085
sixxs.net.              86400   IN      AAAA    2001:838:1:1:210:dcff:fe20:7c7c
sixy.ch.                82956   IN      AAAA    2a02:200:3:1::103


(that last is a good one to go to for lots more IPv6 addresses)