[nycbug-talk] [Fwd: tunnel help request]
okan at demirmen.com
Tue Oct 30 14:05:59 EDT 2007
On Tue 2007.10.30 at 12:31 -0400, nikolai wrote:
> > On Tue 2007.10.30 at 11:53 -0400, nikolai wrote:
> >> Hi,
> >> Need some help here :)
> > for starters....
> >> Thinking that following Gene's v6 guide would be good
> >> Sunday afternoon fun I registered a tunnel with HE.
> >> 2001:470:1f06:ad::2 is my end of the tunnel,
> >> 2001:470:1f07:ad/64 is my assigned ip space.
> >> No luck so far though.
> >> My router is OpenBSD-current, here's the config:
> >> Tunnel:
> >> ~$ cat /etc/hostname.gif0
> >> up giftunnel 188.8.131.52 184.108.40.206
> >> up inet6 2001:470:1f06:ad::2 2001:470:1f06:ad::1 prefixlen 128
> >> !route -n add -inet6 default 2001:470:1f06:ad::1
> > this should do it:
> > tunnel 220.127.116.11 18.104.22.168
> > inet6 2001:470:1f06:ad::2
> > !route add -inet6 default 2001:470:1f06:ad::1
> Noted, thanks.
> >> Gene's pdf says prefixlen 64 for gif, which I think is wrong -
> >> it should be 128 for the tunnel.
> >> ~$ ifconfig gif0
> >> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
> >> groups: gif
> >> physical address inet 22.214.171.124 --> 126.96.36.199
> >> inet6 fe80::2c0:a8ff:fefd:2a69%gif0 -> prefixlen 64 scopeid 0x6
> >> inet6 2001:470:1f06:ad::2 -> 2001:470:1f06:ad::1 prefixlen 128
> > can you ping the tunnel endpoint over ipv6?
> > ping6 2001:470:1f06:ad::1
> Nope, nothing.
well, that's the first thing to solve :) you've gotta be able to ping
your tunnel endpoint.
can you post your ifconfig gif0 again, after destroying and re-creating
with the noted hostname.gif0? the last line doesn't look right.
> > are you allowing proto ipv6 through pf?
> I have:
> scrub in
> block in log
> pass out
> # and for giggles
> pass in log on $ext_if proto encap from 188.8.131.52
> Do I need explicit ipv6 rules on any of the interfaces,
> ext_if, int_if, gif? What are they?
> tcpdump on external if shows encap icmp6 leaving, nothing back.
but you need to pass in proto ipv6! (over ipv4). for example:
pass in on egress inet proto ipv6 from 184.108.40.206 to (egress) keep state
pass out on egress inet proto ipv6 from (egress) to 220.127.116.11 keep state
More information about the talk