[nycbug-talk] [Fwd: tunnel help request]

nikolai nikolai at fetissov.org
Tue Oct 30 12:31:25 EDT 2007 

> On Tue 2007.10.30 at 11:53 -0400, nikolai wrote:
>> Hi,
>>
>> Need some help here :)
>
> for starters....
>
>> Thinking that following Gene's v6 guide would be good
>> Sunday afternoon fun I registered a tunnel with HE.
>> 2001:470:1f06:ad::2 is my end of the tunnel,
>> 2001:470:1f07:ad/64 is my assigned ip space.
>> No luck so far though.
>> My router is OpenBSD-current, here's the config:
>>
>> Tunnel:
>> ~$ cat /etc/hostname.gif0
>> up giftunnel 67.86.49.123 209.51.161.14
>> up inet6 2001:470:1f06:ad::2 2001:470:1f06:ad::1 prefixlen 128
>> !route -n add -inet6 default 2001:470:1f06:ad::1
>
> this should do it:
> tunnel 67.86.49.123 209.51.161.14
> inet6 2001:470:1f06:ad::2
> !route add -inet6 default 2001:470:1f06:ad::1

Noted, thanks.

>
>> Gene's pdf says prefixlen 64 for gif, which I think is wrong -
>> it should be 128 for the tunnel.
>>
>> ~$ ifconfig gif0
>> gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
>>         groups: gif
>>         physical address inet 67.86.49.123 --> 209.51.161.14
>>         inet6 fe80::2c0:a8ff:fefd:2a69%gif0 ->  prefixlen 64 scopeid 0x6
>>         inet6 2001:470:1f06:ad::2 -> 2001:470:1f06:ad::1 prefixlen 128
>
> can you ping the tunnel endpoint over ipv6?
> ping6 2001:470:1f06:ad::1

Nope, nothing.
>
>> External interface:
>> ~$ ifconfig fxp0
>> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>         lladdr 00:c0:a8:fd:2a:69
>>         groups: egress
>>         media: Ethernet autoselect (100baseTX full-duplex)
>>         status: active
>>         inet6 fe80::2c0:a8ff:fefd:2a69%fxp0 prefixlen 64 scopeid 0x1
>>         inet 67.86.49.123 netmask 0xfffff000 broadcast 255.255.255.255
>>
>> Internal interface:
>> ~$ ifconfig re0
>> re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>>         lladdr 00:0e:2e:a9:0d:11
>>         media: Ethernet autoselect (100baseTX
>> full-duplex,rxpause,txpause)
>> status: active
>>         inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
>>         inet6 fe80::20e:2eff:fea9:d11%re0 prefixlen 64 scopeid 0x2
>>         inet6 2001:470:1f07:ad::1 prefixlen 64
>>
>> As far as I can see PF is not in the way.
>
> are you allowing proto ipv6 through pf?
>

I have:
scrub in
block in log
pass out
# and for giggles
pass in log on $ext_if proto encap from 209.51.161.14

Do I need explicit ipv6 rules on any of the interfaces,
ext_if, int_if, gif? What are they?
tcpdump on external if shows encap icmp6 leaving, nothing back.

>> I can't ping anything through the tunnel. I see encap packets
>> leaving external interface, but see no replies. When trying pinging
>> my end of the tunnel from their web interface, again 100% packet loss.
>> If this is relevant, my ISP is Cablevision in Connecticut.
>>
>> Have I missed anything?
>
> and:
> $ sysctl net.inet6.ip6.forwarding
> net.inet6.ip6.forwarding=1

Yes, forwarding is on.

Thanks, Okan.

--
 Nikolai

More information about the talk mailing list