Re: Configuring a tunnel under Linux

[ourkopu]

Tunnel config seems to be working Ok. Just picked up a frustrating problem recently and did not really noticed this during the Certification process but I have now attained Guru Certification.

My tunnel seems to be "dropping off" when there is no ipv6 traffic and clients from the internet browsing to ipv.mow.gov.ck (which is hosted on my server where the tunnel is) get a timeout error. The only way I have been able to fix this so clients can browse from the internet is to restart ip6tables. However, LAN clients can browse to ipv6.mow.gov.ck no problem with no timeouts. However, browsing to ipv6.mow.gov.ck both from the LAN and internet is fine.

For my firewall, I'm using mandriva 2008.1, iptables and ip6tables. Iptables is configured by shorewall (through webmin 1.5) and ip6tables is configured by a script (from my home server which has mandriva 2010.0, iptables, ip6tables and both configured by shorewall and shorewall6 in webmin 1.5). Mandriva 2008.1 does not have an rpm for shorewall6 hence the use of a scipt from home.

Any help and pointers will be very much appreciated.

Timoti Tangiruaine

[snarked]

I'm not certain why a "restart" of ip6tables would fix this.  However, HE will shut down tunnels that have no activity on them, including those that don't respond to their pings.  You should have ICMPv6 echo-request (and on the outbound side, echo-reply) open to your tunnelled ..::2 from their tunnelled ...::1.  If you don't have this, add it and see if it fixes the problem.