From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe006.messaging.microsoft.com [216.32.181.186]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.global.frontbridge.com", Issuer "Microsoft Secure Server Authority" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id F212D200B1B for ; Wed, 23 May 2012 17:39:20 -0700 (PDT) Received: from mail232-ch1-R.bigfish.com (10.43.68.250) by CH1EHSOBE018.bigfish.com (10.43.70.68) with Microsoft SMTP Server id 14.1.225.23; Thu, 24 May 2012 00:39:11 +0000 Received: from mail232-ch1 (localhost [127.0.0.1]) by mail232-ch1-R.bigfish.com (Postfix) with ESMTP id 6A6F2D4016A for ; Thu, 24 May 2012 00:39:03 +0000 (UTC) X-Forefront-Antispam-Report: CIP:157.56.244.213; KIP:(null); UIP:(null); IPV:NLI; H:CH1PRD0510HT001.namprd05.prod.outlook.com; RD:none; EFVD:NLI X-SpamScore: -9 X-BigFish: VPS-9(zz617I103dK1a09J616Rzz1202hzz8275ch8275bh12b0oz31h2a8h668h839h944hd25he5bhf0ah) Received-SPF: softfail (mail232-ch1: transitioning domain of dartware.com does not designate 157.56.244.213 as permitted sender) client-ip=157.56.244.213; envelope-from=richard.e.brown@dartware.com; helo=CH1PRD0510HT001.namprd05.prod.outlook.com ; .outlook Received: from mail232-ch1 (localhost.localdomain [127.0.0.1]) by mail232-ch1 (MessageSwitch) id 133781994112238_18977; Thu, 24 May 2012 00:39:01 +0000 (UTC) Received: from CH1EHSMHS021.bigfish.com (snatpool3.int.messaging.microsoft.com [10.43.68.229]) by mail232-ch1.bigfish.com (Postfix) with ESMTP id EBF7719C0048 for ; Thu, 24 May 2012 00:39:00 +0000 (UTC) Received: from CH1PRD0510HT001.namprd05.prod.outlook.com (157.56.244.213) by CH1EHSMHS021.bigfish.com (10.43.70.21) with Microsoft SMTP Server (TLS) id 14.1.225.23; Thu, 24 May 2012 00:39:09 +0000 Received: from CH1PRD0510MB381.namprd05.prod.outlook.com ([169.254.11.127]) by CH1PRD0510HT001.namprd05.prod.outlook.com ([10.255.150.36]) with mapi id 14.16.0164.004; Thu, 24 May 2012 00:39:15 +0000 From: Richard Brown To: "" Thread-Topic: Not quite getting IPv6 tunnel to work Thread-Index: AQHNOUWlOiMBTGkdCkOGJVto7U82AA== Date: Thu, 24 May 2012 00:39:15 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.255.150.4] Content-Type: text/plain; charset="us-ascii" Content-ID: Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: dartware.com Subject: [Cerowrt-devel] Not quite getting IPv6 tunnel to work X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 May 2012 00:39:21 -0000 Folks, I'm using a new/clean install of CeroWrt 3.3.6-2 on a WNDR3700v2. I am havi= ng trouble making my Hurricane Electric 6in4 tunnel work with CeroWrt. I ha= ve created the script below that uses the suggested configurations from tun= nelbroker.net to set up the tunnel. (This is substantially the same script = as posted to: http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel = ) Here's what I see: a) The script below uses the tunnel's Client IPv6 /64 address, and does est= ablish the tunnel. If I ssh to the router, I can ping ipv6 hosts from the r= outer, traceroute to ipv6 addresses, etc. However, my MacBook on sw10, for = example, does not get a global IPv6 address. b) I also used tunnelbroker.net to obtain a routed /48 address. I use the L= uCI GUI to set an IPv6 address for the interface from that /48 subnet. For = example, if the routed /48 is 2001:470:ABCD::/48, I have assigned the IPv6= address of sw10 to 2001:470:ABCD:902::/64. My Macbook gets the global addr= ess 2001:0470:ABCD:0902:0221:e9ff:fee3:d4b0/64, and I can ping IPv6 address= es. But... c) I cannot reliably connect to certain hosts, even IPv4 hosts such as tunn= elbroker.net. When I traceroute6 from my Macbook, I get: % traceroute6 ipv6.google.com traceroute6 to ipv6.l.google.com (2607:f8b0:4004:803::1010) from 2001:470:A= BCD:902:221:e9ff:fee3:d4b0, 64 hops max, 12 byte packets 1 2001:470:ABCD:902:: 4.622 ms 108.652 ms * 2 2001:470:ABCD:902:: 2.704 ms 6.961 ms 17.329 ms %=20 What am I missing? If I can get some help here, I'll write this up and post= it to the CeroWrt wiki. Many thanks! Rich Brown Hanover, NH USA --------------- Cut Here -------------- #!/bin/sh # Script for setting CeroWrt (and OpenWrt) to create an IPv6 tunnel=20 # to Hurricane Electric at http://www.tunnelbroker.net/ # There are two steps: # 1) Go to the Tunnelbroker.net site to set up your free account # 2) Run the script below, using the parameters supplied by Tunnelbroker # This CeroWrt page gives detailed instructions for setting up an IPv6 tunn= el:=20 # http://www.bufferbloat.net/projects/cerowrt/wiki/IPv6_Tunnel =20 #=20 # Once you've created your account and a tunnel, get the "Example # Configurations" for OpenWRT Backfire, and paste them into this file # named "tunnel.sh" Finally, ssh into the router and execute this script=20 # using these steps: #=20 # ssh root@172.30.42.1 # cd /tmp # cat > tunnel.sh=20 # [paste in the contents of this file, then hit ^D] # sh tunnel.sh # # Presto! Your tunnel is set up. You should now be able=20 # communicate directly with IPv6 devices.=20 # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Download and update all the interesting packages # Some of these are pre-installed, but there is no=20 # harm in updating/installing them a second time. opkg update opkg install 6in4 # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Set the credentials for the tunnel login # NB: These lines are automatically generated=20 # specifically for *your* tunnel when you set it up # Copy/paste them from the Example Configurations # generated for the OpenWRT Backfire 10.03.1 dropdown # # ------- PASTE YOUR EXAMPLE CONFIGURATION LINES HERE -------- uci set network.henet=3Dinterface uci set network.henet.proto=3D6in4 uci set network.henet.peeraddr=3D1.2.3.4 uci set network.henet.ip6addr=3D'auto-generated IPv6' uci set network.henet.tunnelid=3DTUNNELID uci set network.henet.username=3Dtb4############### uci set network.henet.password=3D'plaintext-password' uci commit network uci set firewall.@zone[1].network=3D'wan henet' uci commit firewall ifup henet /etc/init.d/firewall restart # ------- END OF EXAMPLE CONFIGURATION LINES -------- # =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D # Re-establishing the Tunnel # # NB: As of April 2012 (CeroWrt 3.3.1-4), the automatic re-establishment co= de=20 # of the 6in4 module appears not to be working. You will need to re-establi= sh=20 # the tunnel manually when your external IP address changes. # # To re-establish the tunnel, say, because your external IP address changed= , # you can also use the following URL with these parameters. Note that the=20 # USERNAME and PASSWORD are what you type to log into the Tunnelbroker site= . # # USERNAME is the Account Name=20 # PASSWORD is the current password # TUNNELID is the Tunnel ID =20 # https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=3DTUNNEL= ID #=20 # You can also use a non-HTTPS URL and parameters to re-establish the link. # This form relies on hashed representations of the credentials since they'= re # not carried on a secure connection. You can get more information about th= e # parameters at https://ipv4.tunnelbroker.net/ipv4_end.php # # USERID is the "User ID" from the Tunnelbroker site's Main Page # PWHASH is the MD5 hash of the password # TUNNELID is the Tunnel ID # http://ipv4.tunnelbroker.net/ipv4_end.php?ip=3DAUTO&apikey=3DUSERID&pass= =3DPWHASH&tid=3DTUNNELID # # --- end of script ---