[nycbug-talk] [Fwd: tunnel help request]
nikolai at fetissov.org
Tue Oct 30 12:31:25 EDT 2007
> On Tue 2007.10.30 at 11:53 -0400, nikolai wrote:
>> Need some help here :)
> for starters....
>> Thinking that following Gene's v6 guide would be good
>> Sunday afternoon fun I registered a tunnel with HE.
>> 2001:470:1f06:ad::2 is my end of the tunnel,
>> 2001:470:1f07:ad/64 is my assigned ip space.
>> No luck so far though.
>> My router is OpenBSD-current, here's the config:
>> ~$ cat /etc/hostname.gif0
>> up giftunnel 188.8.131.52 184.108.40.206
>> up inet6 2001:470:1f06:ad::2 2001:470:1f06:ad::1 prefixlen 128
>> !route -n add -inet6 default 2001:470:1f06:ad::1
> this should do it:
> tunnel 220.127.116.11 18.104.22.168
> inet6 2001:470:1f06:ad::2
> !route add -inet6 default 2001:470:1f06:ad::1
>> Gene's pdf says prefixlen 64 for gif, which I think is wrong -
>> it should be 128 for the tunnel.
>> ~$ ifconfig gif0
>> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>> groups: gif
>> physical address inet 22.214.171.124 --> 126.96.36.199
>> inet6 fe80::2c0:a8ff:fefd:2a69%gif0 -> prefixlen 64 scopeid 0x6
>> inet6 2001:470:1f06:ad::2 -> 2001:470:1f06:ad::1 prefixlen 128
> can you ping the tunnel endpoint over ipv6?
> ping6 2001:470:1f06:ad::1
>> External interface:
>> ~$ ifconfig fxp0
>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> lladdr 00:c0:a8:fd:2a:69
>> groups: egress
>> media: Ethernet autoselect (100baseTX full-duplex)
>> status: active
>> inet6 fe80::2c0:a8ff:fefd:2a69%fxp0 prefixlen 64 scopeid 0x1
>> inet 188.8.131.52 netmask 0xfffff000 broadcast 255.255.255.255
>> Internal interface:
>> ~$ ifconfig re0
>> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> lladdr 00:0e:2e:a9:0d:11
>> media: Ethernet autoselect (100baseTX
>> status: active
>> inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
>> inet6 fe80::20e:2eff:fea9:d11%re0 prefixlen 64 scopeid 0x2
>> inet6 2001:470:1f07:ad::1 prefixlen 64
>> As far as I can see PF is not in the way.
> are you allowing proto ipv6 through pf?
block in log
# and for giggles
pass in log on $ext_if proto encap from 184.108.40.206
Do I need explicit ipv6 rules on any of the interfaces,
ext_if, int_if, gif? What are they?
tcpdump on external if shows encap icmp6 leaving, nothing back.
>> I can't ping anything through the tunnel. I see encap packets
>> leaving external interface, but see no replies. When trying pinging
>> my end of the tunnel from their web interface, again 100% packet loss.
>> If this is relevant, my ISP is Cablevision in Connecticut.
>> Have I missed anything?
> $ sysctl net.inet6.ip6.forwarding
Yes, forwarding is on.
More information about the talk