• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Setting up D-Link DIR-615 router

Started by b1izzard, December 04, 2009, 10:19:07 PM

Previous topic - Next topic

b1izzard

I am unsure of what IPV6 format the router is looking for, as I pasted in the IP information I was assigned and it gives me errors.  (See attachment).

Here is the configuration parameters for the tunnel I created at HE:

Tunnel Endpoints
Server IPv4 address: 72.52.104.74
Server IPv6 address: 2001:470:1f04:6db::1/64
Client IPv4 address: 173.x.x.11 
Client IPv6 address: 2001:470:1f04:6db::2/64 
Available DNS Resolvers
Anycasted IPv6 Caching Nameserver: 2001:470:20::2
Anycasted IPv4 Caching Nameserver: 74.82.42.42
Routed IPv6 Prefixes and rDNS Delegations
Routed /48: Allocate /48 
Routed /64: 2001:470:1f05:6db::/64 

RDNS Delegation NS1: none 
RDNS Delegation NS2: none 
RDNS Delegation NS3: none 


What am I supposed to put in the D-Link for the primary and secondary DNS servers?  You have an IPV6 and an IPV4 DNS server.  Is the primary the IPV6 and the IPV4 the secondary for the D-Link?  I'm not sure if the router is looking for 2 IPV6 DNS servers, or 2 IPV4 DNS servers, or one of each.


For the error 'The 5th address of remote IPV6 address must be a hexidecimal', I tried padding it with zeros, but no luck. 

broquea


b1izzard

I forgot to mention I tried that.  I get the error 'IPV6 address is illegal address' when dropping the /64. 

b1izzard

#3
I had previously used your example (coincidentally) from another post.

http://broquea.corp.he.net/615/615-HE-tunnel.PNG

I set it up like you did, but I didn't realize that the 'LAN IPV6 address' has to be the same as the 'Remote IPV6 address'.  This seems a little confusing.

So what is the difference between the 'Lan IPV6 address', and the 'Local IPV6 address'?

Also, am I using the correct DNS?

broquea

#4
If you looked/used my example, then you'd have noticed that remote and local are NOT the same as the LAN. I used my ROUTED /64 for the LAN.

jimb

#5
bl1z,

The local IPv6 is simply the IPv6 address used on your end of the 6in4 tunnel (as opposed to the remote end).  It's used for addressing the tunnel interface and routing IPv6 traffic.  Notice that all that is under the tunnel section of that config page.  You use the "client IPv6" here.

The LAN IPv6 is the IPv6 address you use on the LAN interface (inside) of your router.  It also implies that the /64 that IPv6 lives in is used on that LAN for other nodes.  You would use an address out of your routed /64 here (example:  2001:470:1f05:6db::1).

As for your DNS questions, you can use either IPv4 or IPv6 for DNS servers.  Both are capable of returning IPv6 AAAA records, etc.  Although in this context (under the tunnel section), I'm not exactly sure what it's used for.  Resolution for the router itself?  Handed out w/ DHCPv6?  Used in RDNSS in IPv6 autoconfig?  As DNS servers to forward DNS queries to for the router's DNS server?  :shrug:

b1izzard

I get most of that, but the thing that doesn't make sense is how in the tunnel details pages for HE, it has 'Client IPv4 address: 173.x.x.11' listed, which is my WAN IP.  However, I couldn't ping Google until I changed the D-Link 'Local IPV4 Address' from 173.x.x.11 to an internal LAN IP in the range of 192.168.1.2-.254.  I would think that the 'Client IPv4' and 'Local IPV4' would be the same thing.  The thing I base this off is that the first 4 categories of the tunnel details shows:

Server IPv4 address: 72.52.104.74
Server IPv6 address: 2001:470:1f04:6db::1/64
Client IPv4 address: 173.x.x.11 
Client IPv6 address: 2001:470:1f04:6db::2/64 

Where the D-Link shows:
Remote IPV4 Address: 72.52.104.74
Remote IPV6 Address: 2001:470:1f04:6db::1
Local IPV4 Address: 192.168.0.2
Local IPv6 Address : 2001:470:1f04:6db::2

Is this an issue with D-Link not following standards?

I also noticed that the DLink does not allow 2 simultaneous connection to the internet.  When I try to ping from 2 separate PC's, one work and the other fails.  If I wait a while, then the one that was not working will.  I found a post on this that shows some recommended settings.  http://forums.dlink.com/index.php?topic=3847.msg25668#msg25668

Can I make this work with 2 PC's simultaneously?

jimb

#7
Quote from: b1izzard on December 06, 2009, 02:12:50 PM
I get most of that, but the thing that doesn't make sense is how in the tunnel details pages for HE, it has 'Client IPv4 address: 173.x.x.11' listed, which is my WAN IP.  However, I couldn't ping Google until I changed the D-Link 'Local IPV4 Address' from 173.x.x.11 to an internal LAN IP in the range of 192.168.1.2-.254.  I would think that the 'Client IPv4' and 'Local IPV4' would be the same thing.  The thing I base this off is that the first 4 categories of the tunnel details shows:

Server IPv4 address: 72.52.104.74
Server IPv6 address: 2001:470:1f04:6db::1/64
Client IPv4 address: 173.x.x.11  
Client IPv6 address: 2001:470:1f04:6db::2/64  

Where the D-Link shows:
Remote IPV4 Address: 72.52.104.74
Remote IPV6 Address: 2001:470:1f04:6db::1
Local IPV4 Address: 192.168.0.2
Local IPv6 Address : 2001:470:1f04:6db::2

Is this an issue with D-Link not following standards?

I also noticed that the DLink does not allow 2 simultaneous connection to the internet.  When I try to ping from 2 separate PC's, one work and the other fails.  If I wait a while, then the one that was not working will.  I found a post on this that shows some recommended settings.  http://forums.dlink.com/index.php?topic=3847.msg25668#msg25668

Can I make this work with 2 PC's simultaneously?

The Local IPv4 in this context is the IPv4 address you want to use as your tunnel end point.  That is, the IPv4 address that your router will use to originate and receive the IPv4 6in4 tunnel traffic which it uses to tunnel the IPv6 packets.  

I presumed you were using the D-Link as your edge router, and it had a public IPv4 address on its outside interface.  If you are using it behind another router which has your public IP address, and the D-Link has a NATed private IP (192.168.x.x), then you would specify the NATed address as your local IPv4.  

The HE website can only see your public IP, since when you access the internet, your private IPs are NATed to the public.  So, the HE website will always list your public IP as the "client IPv4 address" since it can't know what your "real" address is.  If you were establishing the tunnel from a PC or router which had the public IP, it'd be correct.  But since it appears you're behind a NAT, it wont work, and that line should be ignored.

When behind a NAT, the way it works is that the tunnel traffic uses your private IPv4 address as the source address of the 6in4 packets.  When this packet reaches your NAT firewall/router, it will NAT this source address to your public IP, and "remember" which internal private IP originated the traffic via its connection/nat table.  When return traffic comes back to the public IP, it will NAT it back to the original private IP and deliver it to your DIR-615.  However, since 6in4 doesn't have ports, it only "remembers" the last internal host which sent IPv4 protocol 41 (6in4) traffic out, and sets that as the place to send any return traffic, unless you set up a static NAT entry for 6in4 and point it to a specific IP.

As for only one IPv6 host working at once, this is really odd.  It's either a bad bug with the DIR-615, or the LAN side of your IPv6 network isn't set up properly, or there's more than one host on the inside (something other than your 615) trying to do 6in4 and "poisoning" your NAT table on your edge firewall/router.  Or a combo of the last two.

Make sure that autoconfiguration, or DHCPv6 are setting proper IPv6 IPs and default gateways on your LAN hosts.  The IPv6s should be addresses in your routed /64, and the default gateway should be the IPv6 LAN interface for your DIR-615.  It may use one of your routed /64 addresses, but it may also use the link local IPv6 address of your DIR-615 for the def gateway.  Either should work.

Also make sure nothing else on your LAN is generating 6in4 traffic.  I've heard windows vista and/or 7 tries to do 6to4 before it tries Teredo.  If this is the case, 6to4 actually uses 6in4 for the actual tunnels it establishes.  So if this is happening it's "poisoning" your NAT device and shunting 6in4 traffic to itself instead of your DIR-615.

You should really establish a static NAT entry on the edge firewall/router, sending all IPv4 proto 41 traffic to your 615, if possible (some routers only allow static NATs rules matching TCP or UDP ports, and not IPv4 protocol numbers).  If you can't do that, then see if you can block outgoing IPv4 protocol 41 traffic from any inside host but the 615 (likely the security policy won't let you match on proto numbers either, if the NAT rules doesn't).  If you can't that, you could try setting DMZ to the 615.  But that probably wouldn't prevent the hijacking of the 6in4 traffic, since the "DMZ" setting usually only applies to unsolicited traffic.  If you can't do any of that, you'll just have to stop any other host but the 615 from trying to do 6in4.  If all your hosts have proper IPv6 global unicast addresses from your routed /64, this should prevent them from trying 6to4 or Teredo.

b1izzard

Thanks for the help everyone.  I think I am going to try a different router such as Vyatta to test this out to see if I can get 2 PC's working at the same time.  Since someone else had the same problem with the D-Link, I suspect it's a firmware issue. 

If you know of any good free firewall downloads I can put on one of my PC's to use as an IPV6 router, that would be awesome. 

b1izzard

Just an FYI, but it appears that the problem with only one computer being able to ping (use the tunnel) at a time is somehow related to Windows XP.  I setup a Windows 2008 Server and a Windows SBS 2003 server using netsh (vs XP using ipv6), and both can ping google simultaneously.  When I try to ping using the XP box AFTER I ping both of the others, it gives me a request timed out error.  If I stop pinging from the 2003 and 2008, after a little while, the XP will be able to ping again. 

So perhaps it's a difference between the Windows xp ipv6 implementation vs the 2003/2008 netsh ipv6 implementation, or just a D-Link bug. 

jimb

I have/have had various operating systems going through a a linux box acting as an IPv6 router to HE.  I have other linux boxes, BSD, XP, and Windows 7.  All can reach the internet and each-other simultaneously via IPv6 without issues.

alt1231

can anyone tell me what commands I have to enter to set my router up under linux ?
I' have my computer setup for dual boot right now with vista. I have the router setup for vista already.
I want to hve access from both operating systems if possible
I tried the script from hurricane it givees for Linux and i get this error.

sit0: ERROR while getting interface flags: No such device

jimb

May need to do a "modprobe sit" first.

alt1231

I get this error
FATAL: Error inserting sit (/lib/modules/2.6.31-20-generic/kernel/net/ipv6/sit.ko): Operation not permitted

alt1231

that was easier than windows to configure.
You just have to select Link-Local Only in Edit Connections