|
||||||||||
I have just added ICMPv6 to any (shouldn't this be to some LAN IP ?) in the IPv6 rules Egbert Jan van den Bussche schreef: > OK. Could you open the rule a bit more ti allow ICMPv6 (or * for just now) > > EJ > > >> -----Oorspronkelijk bericht----- >> Van: Michel Servaes [mailto:michel at mcmc dot be] >> Verzonden: dinsdag 14 april 2009 23:33 >> Aan: Egbert Jan van den Bussche >> CC: 'Steve Bertrand'; m0n0wall at lists dot m0n0 dot ch >> Onderwerp: Re: [m0n0wall] how do we check, that ipv6 is >> actually working (OT again) >> >> >> I have rebooted both my monowall, and my vista machine. >> The IPv6 addresses were piling up on the Vista box... what is exactly >> the meaning of those temporary addresses ? >> >> Each and every time I do an ipconfig /renew (or /release and >> /renew), I >> get (upto a certain amount) a new temporary address. >> >> IPv6 is working again, at my side... I can access >> http://ipv6.google.com >> again. >> >> This is how the config looks like : >> >> WAN ipv6 : 2001:470:1f14:158c::2/64 >> LAN ipv6 : 2001:470:d39d:1::1/64 >> >> My Vista box, now has another IPv6 address (I already >> modified the AAAA >> record, but I don't know how long it takes to renew... so I >> added also a >> second AAAA : ipv6-2.mcmc.be with the new IPv6 of my Vista >> box... which is : >> >> 2001:470:d39d:1:c4a:2d5e:a428:f703 >> >> I've added a rule in IPv6 Rules, to allow port 80 to my Vista box... >> >> >> >> >> I compared my config against yours, and saw some difference into the >> WAN/LAN side (which I presumable did wrong before). >> >> Kind regards, >> Michel >> >> >> >> >> >> Egbert Jan van den Bussche schreef: >> >>> I can ping both ends of the tunnel now!! Congrets! >>> >>> EJ >>> >>> >>> >>>> -----Oorspronkelijk bericht----- >>>> Van: Michel Servaes [mailto:michel at mcmc dot be] >>>> Verzonden: dinsdag 14 april 2009 23:15 >>>> Aan: Egbert Jan van den Bussche >>>> CC: 'Steve Bertrand'; m0n0wall at lists dot m0n0 dot ch >>>> Onderwerp: Re: [m0n0wall] how do we check, that ipv6 is >>>> actually working (OT again) >>>> >>>> >>>> It is ::1f14:: >>>> Only at the routed part, I read ::1f15:: >>>> >>>> What's special about 1f14, since you put as many ?? :) >>>> >>>> Egbert Jan van den Bussche schreef: >>>> >>>> >>>>> Is there typo in here? Is it really ::1f14::???? Or 1f15 >>>>> >>>>> EJ >>>>> >>>>> >>>>> >>>>> >>>>>> -----Oorspronkelijk bericht----- >>>>>> Van: Michel Servaes [mailto:michel at mcmc dot be] >>>>>> Verzonden: dinsdag 14 april 2009 23:12 >>>>>> Aan: Egbert Jan van den Bussche >>>>>> CC: 'Steve Bertrand'; m0n0wall at lists dot m0n0 dot ch >>>>>> Onderwerp: Re: [m0n0wall] how do we check, that ipv6 is >>>>>> actually working (OT again) >>>>>> >>>>>> >>>>>> Egbert Jan, Steve, >>>>>> >>>>>> >>>>>> I was fiddling a bit more, and now it seems I broke it >>>>>> >> again :'( I >> >>>>>> received following details from the tunnel broker : >>>>>> >>>>>> * server IPv4 address : 216.66.84.46 >>>>>> * server IPv6 address : 2001:470:1f14:158c::1/64 >>>>>> * client IPv4 address : 84.194.206.201 >>>>>> * client IPv6 address : 2001:470:1f14:158c::2/64 >>>>>> >>>>>> * Routed /48 : 2001:470:d39d::/48 >>>>>> * Routed /64 : 2001:470:1f15:158c::/64 >>>>>> >>>>>> >>>>>> I am still thinking IPv4... so it might just be that I try to do >>>>>> NAT'ing anyway ?? >>>>>> >>>>>> >>>>>> In monowall I have now following setup ; >>>>>> >>>>>> WAN >>>>>> * WAN : ipv6 enabled, tunnel mode >>>>>> * WAN IPv6 address : 2001:470:1f15:158c::/64 >>>>>> * Send IPv6 RA >>>>>> * IPv6 tunnel : 216.66.84.46 >>>>>> >>>>>> LAN >>>>>> * IPv6 mode : static >>>>>> * IPv6 address : 2001:470:d39d:1::1 /64 >>>>>> * Send RA router advertisements active >>>>>> >>>>>> >>>>>> Damned ( with a smile ), I had it working for internal to >>>>>> >>>>>> >>>> external- I >>>> >>>> >>>>>> just wanted it reversed as well... >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> Egbert Jan van den Bussche schreef: >>>>>> >>>>>> >>>>>> >>>>>>> Michel, did the tunnel brooker give you a specific >>>>>>> >>>>>>> >>>> address? I would >>>> >>>> >>>>>>> expect that they told you to configure >>>>>>> >>>>>>> >>>>>>> >>>>>> 2001:470:1f15:158c::1 or 2 on >>>>>> >>>>>> >>>>>> >>>>>>> your WAN interface. I tried pinging those but they do >>>>>>> >> not respond. >> >>>>>>> On my Monowall: >>>>>>> traceroute6 to 2001:470:1f15:158c::2 >>>>>>> >> (2001:470:1f15:158c::2) from >> >>>>>>> 2a02:968:1000:3::2, 18 hops max, 12 byte packets 1 >>>>>>> 2a02:968:1000:3::1 12.033 ms 11.339 ms 11.826 ms (My >>>>>>> >> WAN port >> >>>>>>> tunnel >>>>>>> address) >>>>>>> 2 gateway-bit-vlan-45.hobby.nl 12.387 ms 13.297 ms >>>>>>> >> 12.584 ms >> >>>>>>> 3 815.xe-1-0-0.jun1.kelvin.network.bit.nl 12.650 ms >>>>>>> >>>>>>> >>>>>>> >>>>>> 12.612 ms 11.879 ms >>>>>> >>>>>> >>>>>> >>>>>>> 4 linx.he.net 20.282 ms 20.906 ms 20.184 ms >>>>>>> 5 10gigabitethernet1-1.core1.ams1.he.net 21.084 ms >>>>>>> >>>>>>> >>>>>>> >>>>>> 25.753 ms 25.129 ms >>>>>> >>>>>> >>>>>> >>>>>>> 6 1g-bge0.tserv11.ams1.ipv6.he.net 24.043 ms 23.408 ms >>>>>>> >>>>>>> >>>>>>> >>>>>> 23.378 ms >>>>>> >>>>>> >>>>>> >>>>>>> 7 * * * >>>>>>> >>>>>>> This stops earlier than I expected. There seems no route >>>>>>> >>>>>>> >>>> to Michels >>>> >>>> >>>>>>> tunnelnetwork... >>>>>>> >>>>>>> EJ >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> -----Oorspronkelijk bericht----- >>>>>>>> Van: Steve Bertrand [mailto:steve at ibctech dot ca] >>>>>>>> Verzonden: dinsdag 14 april 2009 22:39 >>>>>>>> Aan: Michel Servaes >>>>>>>> CC: m0n0wall at lists dot m0n0 dot ch >> M0n0wall Mailing List >>>>>>>> Onderwerp: Re: [m0n0wall] how do we check, that ipv6 is >>>>>>>> actually working (OT again) >>>>>>>> >>>>>>>> >>>>>>>> Michel Servaes wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Routed /48: 2001:470:d39d::/48 >>>>>>>>> Routed /64: 2001:470:1f15:158c::/64 >>>>>>>>> >>>>>>>>> >>>>>>>>> This is the config, I got from tunnelbroker.net >>>>>>>>> But I have not configured the routed /48 part on my side at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> all. (the >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> /48 part was optional at tunnelbroker.net) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Ok. This tells me that you have the m0n0wall NAT'ing IPv6 then. >>>>>>>> >>>>>>>> Does the m0n0 have the capability to route IPv6 >>>>>>>> >> between the LAN >> >>>>>>>> interface and the tunnel interface? >>>>>>>> >>>>>>>> If your WAN (tunnel) interface is: >>>>>>>> >>>>>>>> 2001:470:1f15:158c::/64 >>>>>>>> >>>>>>>> Then as a test, assign: >>>>>>>> >>>>>>>> 2001:470:d39d:1::1/64 to the LAN interface, and configure a PC >>>>>>>> within: >>>>>>>> >>>>>>>> 2001:470:d39d:1::/64 >>>>>>>> >>>>>>>> I don't have any m0n0walls in use right now, so >>>>>>>> >> unfortunately I >> >>>>>>>> can't provide any assistance with it's configuration. >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> I'll try to setup Sixxs again, since they have a Windows >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Client too - >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> that way I can try in between the office, and my home. At >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> the office I >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> don't have a monowall yet (have to wait 60 days, >>>>>>>>> >> before I start >> >>>>>>>>> working there :) - and am not going to do experiments at >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> my current >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> job) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Ahhh, I see... >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> Thank you for your testing though... but since I'm >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> completely new to >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> ipv6, I don't want to take your time too much ;) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> Not a problem at all... if you were taking too much of >>>>>>>> >>>>>>>> >>>> my time, you >>>> >>>> >>>>>>>> would know this by a lack of response ;) >>>>>>>> >>>>>>>> Steve >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >> --------------------------------------------------------------------- >> >>>> >>>> >>>>>> >>>>>> >>>>>> >>>>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >> --------------------------------------------------------------------- >> >>>> >>>> >>>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> >>>>> >> --------------------------------------------------------------------- >> >>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >>>> >>>> >>>> >>>> >>> >>> > > |