[nycbug-talk] [Fwd: tunnel help request]

Okan Demirmen okan at demirmen.com
Tue Oct 30 12:13:49 EDT 2007


On Tue 2007.10.30 at 11:53 -0400, nikolai wrote:
> Hi,
> 
> Need some help here :)

for starters....

> Thinking that following Gene's v6 guide would be good
> Sunday afternoon fun I registered a tunnel with HE.
> 2001:470:1f06:ad::2 is my end of the tunnel,
> 2001:470:1f07:ad/64 is my assigned ip space.
> No luck so far though.
> My router is OpenBSD-current, here's the config:
> 
> Tunnel:
> ~$ cat /etc/hostname.gif0
> up giftunnel 67.86.49.123 209.51.161.14
> up inet6 2001:470:1f06:ad::2 2001:470:1f06:ad::1 prefixlen 128
> !route -n add -inet6 default 2001:470:1f06:ad::1

this should do it:
tunnel 67.86.49.123 209.51.161.14
inet6 2001:470:1f06:ad::2
!route add -inet6 default 2001:470:1f06:ad::1

> Gene's pdf says prefixlen 64 for gif, which I think is wrong -
> it should be 128 for the tunnel.
> 
> ~$ ifconfig gif0
> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>         groups: gif
>         physical address inet 67.86.49.123 --> 209.51.161.14
>         inet6 fe80::2c0:a8ff:fefd:2a69%gif0 ->  prefixlen 64 scopeid 0x6
>         inet6 2001:470:1f06:ad::2 -> 2001:470:1f06:ad::1 prefixlen 128
 
can you ping the tunnel endpoint over ipv6?
ping6 2001:470:1f06:ad::1

> External interface:
> ~$ ifconfig fxp0
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:c0:a8:fd:2a:69
>         groups: egress
>         media: Ethernet autoselect (100baseTX full-duplex)
>         status: active
>         inet6 fe80::2c0:a8ff:fefd:2a69%fxp0 prefixlen 64 scopeid 0x1
>         inet 67.86.49.123 netmask 0xfffff000 broadcast 255.255.255.255
> 
> Internal interface:
> ~$ ifconfig re0
> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         lladdr 00:0e:2e:a9:0d:11
>         media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
> status: active
>         inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
>         inet6 fe80::20e:2eff:fea9:d11%re0 prefixlen 64 scopeid 0x2
>         inet6 2001:470:1f07:ad::1 prefixlen 64
> 
> As far as I can see PF is not in the way.
 
are you allowing proto ipv6 through pf?

> I can't ping anything through the tunnel. I see encap packets
> leaving external interface, but see no replies. When trying pinging
> my end of the tunnel from their web interface, again 100% packet loss.
> If this is relevant, my ISP is Cablevision in Connecticut.
> 
> Have I missed anything?

and:
$ sysctl net.inet6.ip6.forwarding  
net.inet6.ip6.forwarding=1



More information about the talk mailing list