[ previous ] [ next ] [ threads ]
 
 From:  Brian Lloyd <brian at lloyd dot com>
 To:  Jakob Schwienbacher <jakob dot schwienbacher at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] setting up an IPv6 tunnel
 Date:  Fri, 18 Mar 2011 07:29:51 -0700
On Fri, Mar 18, 2011 at 5:32 AM, Jakob Schwienbacher <
jakob dot schwienbacher at gmail dot com> wrote:

> Hello,
>
> On the WAN side i configured only the three parameters below. On the
> LAN side i have following configuration:
> IPv6 Mode: static
> IPv6 Address: 2001:470:77:88::1/64
> I didn't touch the IPv6 Prefix Delegation.
> I took a /64 Subnet, the /48 Subnet is needed if you are using more
> than one subnet on the LAN side.
>

That is what I assmed also. I have been designing, building, and deploying
IPv4 routers for 25 years now. (Well, not so much in the last 5-6 years.) I
*know* what needs to be done but I am IPv6 illiterate right now. (Working to
fix that!)

I've configured anything else. I suppose that you don't need to set a
> default gateway for IPv6 because monowall routes all IPv6 traffic
> except the LAN subnet through the tunnel.
>
> - What version of monowall are you running?
>

1.33. I ran it for a week on my home system and then deployed it on our
school system yesterday. I run 6to4 on my home system and that is working
just fine.


> - Is the tunnel between your monowall and he.net established?
>

It appears so but that is not entirely clear.


> - What is listed on "Tunnel Details" on he.net?
>

*IPv6 Tunnel Endpoints*Server IPv4 address:72.52.104.74Server IPv6 address:
2001:470:*1f04*:d49::1/64Client IPv4
address:67.159.139.125<http://www.tunnelbroker.net/ipv4_update.php?tunnel_id=27356>Client
IPv6 address:2001:470:*1f04*:d49::2/64*Available DNS Resolvers*Anycasted
IPv6 Caching Nameserver:2001:470:20::2Anycasted IPv4 Caching Nameserver:
74.82.42.42*Routed IPv6 Prefixes and rDNS Delegations*Routed /48:
2001:470:8301::/48Routed /64:2001:470:*1f05*:d49::/64
All of the above appears correct. Certainly the IPv4 parts are correct and I
had already set up my WAN sides as you suggested. I had already set up the
WAN as you suggested and I used the first address of the Routed /64 prefix
as the LAN address. I set up DHCP to hand out a block of that as well.
Devices in my network seem to be receiving address assignments out of that
block which implies to me that DHCP is working.

I do suspect problems with the sites providing name service but that comes
after getting routing running.

- Do you have a public IPv4 on your WAN side of monowall?
>

Yes. I have a couple of static, routable IPv4 addresses. The router has a
fixed, static IPv4 address. IPv4 is working just fine. HE does report the
proper IPv4 address.

One thing I just discovered is that I never added a firewall rule to pass
anything on the LAN side. (It has been a long time since I started m0n0wall
from scratch on a system.) I assumed (erroneously) that the firewall would
pass all traffic unless configured otherwise. I suspect that might have an
effect. ;-) I have now done so and will work on this again when I reach
school.


> If the tunnel is established try to run test-ipv6.com. I had some
> troubles with MTU.
>

I would expect MTU issues on a tunnel. Either fragmentation needs to be
enabled or the IPv4 MTU needs to be large enough to allow for the IPv6
header overhead in the tunnel payload.

Now back to repairing the furnace in my house. (It seems that everything
breaks at once.)

Thank you for your assistance. I will report back with my results in about 6
hours.


-- 
Brian Lloyd, WB6RQN/J79BPL
3191 Western Dr.
Cameron Park, CA 95682
brian at lloyd dot com
+1.767.617.1365 (Dominica)
+1.931.492.6776 (USA)
(+1.931.4.WB6RQN)