[Cerowrt-devel] Not quite getting IPv6 tunnel to work

[Richard Brown <richard.e.brown@dartware.com>]

Folks,

I'm using a new/clean install of CeroWrt 3.3.6-2 on a WNDR3700v2. I am having trouble making my Hurricane Electric 6in4 tunnel work with CeroWrt. I have created the script below that uses the suggested configurations from tunnelbroker.net to set up the tunnel. (This is substantially the same script as posted to: http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel ) Here's what I see:

a) The script below uses the tunnel's Client IPv6 /64 address, and does establish the tunnel. If I ssh to the router, I can ping ipv6 hosts from the router, traceroute to ipv6 addresses, etc. However, my MacBook on sw10, for example, does not get a global IPv6 address.

b) I also used tunnelbroker.net to obtain a routed /48 address. I use the LuCI GUI to set an IPv6 address for the interface from that /48 subnet. For example, if the routed /48 is 2001:470:ABCD::/48, I have assigned the  IPv6 address of sw10 to 2001:470:ABCD:902::/64. My Macbook gets the global address 2001:0470:ABCD:0902:0221:e9ff:fee3:d4b0/64, and I can ping IPv6 addresses. But...

c) I cannot reliably connect to certain hosts, even IPv4 hosts such as tunnelbroker.net. When I traceroute6 from my Macbook, I get:

% traceroute6 ipv6.google.com
traceroute6 to ipv6.l.google.com (2607:f8b0:4004:803::1010) from 2001:470:ABCD:902:221:e9ff:fee3:d4b0, 64 hops max, 12 byte packets
 1  2001:470:ABCD:902::  4.622 ms  108.652 ms *
 2  2001:470:ABCD:902::  2.704 ms  6.961 ms  17.329 ms
% 

What am I missing? If I can get some help here, I'll write this up and post it to the CeroWrt wiki. Many thanks!

Rich Brown
Hanover, NH USA

--------------- Cut Here --------------
#!/bin/sh
# Script for setting CeroWrt (and OpenWrt) to create an IPv6 tunnel 
# to Hurricane Electric at http://www.tunnelbroker.net/
# There are two steps:
# 1) Go to the Tunnelbroker.net site to set up your free account
# 2) Run the script below, using the parameters supplied by Tunnelbroker
# This CeroWrt page gives detailed instructions for setting up an IPv6 tunnel: 
#    http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel  
# 
# Once you've created your account and a tunnel, get the "Example
# Configurations" for OpenWRT Backfire, and paste them into this file
# named "tunnel.sh" Finally, ssh into the router and execute this script 
# using these steps:
# 
# ssh root@172.30.42.1
# cd /tmp
# cat > tunnel.sh 
# [paste in the contents of this file, then hit ^D]
# sh tunnel.sh
#
# Presto! Your tunnel is set up. You should now be able 
#   communicate directly with IPv6 devices. 

# ==============================================
# Download and update all the interesting packages
# Some of these are pre-installed, but there is no 
# harm in updating/installing them a second time.
opkg update
opkg install 6in4

# ==============================================
# Set the credentials for the tunnel login
# NB: These lines are automatically generated 
# specifically for *your* tunnel when you set it up
# Copy/paste them from the Example Configurations
# generated for the OpenWRT Backfire 10.03.1 dropdown
#
# ------- PASTE YOUR EXAMPLE CONFIGURATION LINES HERE --------
uci set network.henet=interface
uci set network.henet.proto=6in4
uci set network.henet.peeraddr=1.2.3.4
uci set network.henet.ip6addr='auto-generated IPv6'
uci set network.henet.tunnelid=TUNNELID
uci set network.henet.username=tb4###############
uci set network.henet.password='plaintext-password'
uci commit network

uci set firewall.@zone[1].network='wan henet'
uci commit firewall

ifup henet
/etc/init.d/firewall restart
# ------- END OF EXAMPLE CONFIGURATION LINES --------

# ==============================================
# Re-establishing the Tunnel
#
# NB: As of April 2012 (CeroWrt 3.3.1-4), the automatic re-establishment code 
# of the 6in4 module appears not to be working. You will need to re-establish 
# the tunnel manually when your external IP address changes.
#
# To re-establish the tunnel, say, because your external IP address changed,
# you can also use the following URL with these parameters. Note that the 
# USERNAME and PASSWORD are what you type to log into the Tunnelbroker site.
#
# USERNAME is the Account Name 
# PASSWORD is the current password
# TUNNELID is the Tunnel ID  
# https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID
# 
# You can also use a non-HTTPS URL and parameters to re-establish the link.
# This form relies on hashed representations of the credentials since they're
# not carried on a secure connection. You can get more information about the
# parameters at https://ipv4.tunnelbroker.net/ipv4_end.php
#
# USERID is the "User ID" from the Tunnelbroker site's Main Page
# PWHASH is the MD5 hash of the password
# TUNNELID is the Tunnel ID
# http://ipv4.tunnelbroker.net/ipv4_end.php?ip=AUTO&apikey=USERID&pass=PWHASH&tid=TUNNELID
#
# --- end of script ---