Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Static route between two tunnels on internet side of their routers?  (Read 9749 times)

bombcar

  • Jr. Member
  • **
  • Posts: 55

I have a m0n0wall router that uses one HE tunnel. It works great.

I have a Gentoo box that is alongside the router (not behind it); it has its own tunnel and it also works great.

However, when I go via IPv6 from my network behind the m0n0wall router to my Gentoo server, I travel down the tunnel over the internet.

It seems to me I should be able to add a static route somehow to make it shortcut, but I'm not sure how to do it.

Would it be as simple as adding the other tunnel's /64 to each side as being on the WAN port directly?
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Static route between two tunnels on internet side of their routers?
« Reply #1 on: January 25, 2010, 08:33:19 PM »

Is there a direct link between the two?  Or are they on separate internet connections?  If the latter, you could set up a 6in4 between them directly and statically route the /64s over that link.

It's hard to say w/o more details on your network.  Are you running separate IPv6 space on the same LAN?  If that's the case it's as easy as adding an IPv6 address from each's respective /64 onto the LAN interface, and voila, they each have direct connectivity to each-other plus routes to each-others /64s.  If you want to also get to the 6in4 interface address directly, a simple static route would suffice.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #2 on: January 25, 2010, 09:51:24 PM »

I have 4 "real" IPv4 IPs from Speakeasy - so their DSL modem is connected to my boring switch. The x.5 address is my m0n0wall router, plugged into that switch. The x.254 address is my Gentoo server, plugged in the same switch.

The m0n0wall hands out IPv6 addresses behind it to the 10.x LAN. The Gentoo server squats on a /64 all by itself.

Quote
If that's the case it's as easy as adding an IPv6 address from each's respective /64 onto the LAN interface, and voila, they each have direct connectivity to each-other plus routes to each-others /64s.

This would seem to be what I need to do, but I need to make sure it won't kill the connection, especially as the Gentoo box doesn't have an IPv6 address on eth0 (besides the link local one), only on sit1.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Static route between two tunnels on internet side of their routers?
« Reply #3 on: January 25, 2010, 10:08:16 PM »

I have 4 "real" IPv4 IPs from Speakeasy - so their DSL modem is connected to my boring switch. The x.5 address is my m0n0wall router, plugged into that switch. The x.254 address is my Gentoo server, plugged in the same switch.

The m0n0wall hands out IPv6 addresses behind it to the 10.x LAN. The Gentoo server squats on a /64 all by itself.

Quote
If that's the case it's as easy as adding an IPv6 address from each's respective /64 onto the LAN interface, and voila, they each have direct connectivity to each-other plus routes to each-others /64s.

This would seem to be what I need to do, but I need to make sure it won't kill the connection, especially as the Gentoo box doesn't have an IPv6 address on eth0 (besides the link local one), only on sit1.
Right.  I have statics myself too.

Are you opposed to putting one of the /64s from the m0n0wall tunnel block on the gentoo's LAN interface?  If not, you could do that and just add a static /128 route for the gentoo box's tunnel interface address, and on the gentoo box, it'd have a connected route to the /64, and you could add a similar /128 route for the m0n0wall's tunnel interface address if you wish.  Then traffic would cross your LAN instead of the internet.

If you're opposed to doing that, you could add the statics through the link local addresses of their respective LAN interfaces.  You'd have to specify the interface in the route command of course.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #4 on: January 25, 2010, 10:22:23 PM »

Quote
Are you opposed to putting one of the /64s from the m0n0wall tunnel block on the gentoo's LAN interface?  If not, you could do that and just add a static /128 route for the gentoo box's tunnel interface address, and on the gentoo box, it'd have a connected route to the /64, and you could add a similar /128 route for the m0n0wall's tunnel interface address if you wish.  Then traffic would cross your LAN instead of the internet.

I tried this using:

ifconfig eth0 add 2001:x:x:x::4/64

It seemed to do something, but broke reverse communication somehow. Do I need to add something on the m0n0wall box? I'm trying to add a /128 static route, but it wants a gateway.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #5 on: January 25, 2010, 10:38:20 PM »

I get:

Code: [Select]
From 2001:x:x:x::4 icmp_seq=1 Destination unreachable: Port unreachable
From 2001:x:x:x::4 icmp_seq=1 Destination unreachable: Port unreachable

when I run the route add command and try to ping6 the other side.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Static route between two tunnels on internet side of their routers?
« Reply #6 on: January 25, 2010, 11:27:10 PM »

For the gentoo to get to the routed /64, you add an address from the routed /64 to the LAN interface of the gentoo box.  It shouldn't break anything.

For the m0n0wall to get to the tunnel ipv6 of the gentoo box, you would have to add a host route to the m0n0wall box, with the gateway being the IPv6 you added to the LAN interface of the gentoo box.  You also need to make sure IPv6 forwarding is turned on (sysctl -w net.ipv6.conf.all.forwarding=1).

For the gentoo box to get to the m0n0wall tunnel interface, you need to add a host route to gentoo box with the gateway being the LAN interface of the m0n0wall box.  You will also likely have to adjust the m0n0wall security policy to allow this traffic.

Also, why are you running two tunnels to two boxes?  You could put the gentoo box on the LAN and simply run a routed /64 address on the LAN interface.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #7 on: January 26, 2010, 12:09:48 AM »

That would be an option, but it would require redoing the entire IPv4 setup, which I'm not yet certain I want to do. It may be the "route" I end up taking, however.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #8 on: January 26, 2010, 09:13:31 PM »

It looks like I cannot add additional IPv6 addresses to the WAN side of the m0n0wall router, so I cannot do this.

I guess it's time to look at moving the machine into the network or onto a DMZ.
Logged

jimb

  • Hero Member
  • *****
  • Posts: 805
  • ^^^ Warped picture
Re: Static route between two tunnels on internet side of their routers?
« Reply #9 on: January 27, 2010, 07:44:05 AM »

You'd add it to the LAN side... not the WAN side.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #10 on: January 27, 2010, 05:11:48 PM »

Would that work? The LAN side isn't physically connected to the WAN cable which is connected to the switch the Gentoo box is on ...

I think I'm going to have to draw a diagram.
Logged

bombcar

  • Jr. Member
  • **
  • Posts: 55
Re: Static route between two tunnels on internet side of their routers?
« Reply #11 on: January 28, 2010, 08:52:20 PM »

AUGH!

It was shorewall! I forgot to tell it that eth0 was part of the net (it was just looking at sit1)!

Now it works, all is happy, I am happy.
Logged