[ previous ] [ next ] [ threads ]
 From:  Brian Lloyd <brian dash wb6rqn at lloyd dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: setting up an IPv6 tunnel
 Date:  Fri, 18 Mar 2011 07:34:14 -0700
On Fri, Mar 18, 2011 at 5:32 AM, Jakob Schwienbacher <
jakob dot schwienbacher at gmail dot com> wrote:

> Hello,
> On the WAN side i configured only the three parameters below. On the
> LAN side i have following configuration:
> IPv6 Mode: static
> IPv6 Address: 2001:470:77:88::1/64
> I didn't touch the IPv6 Prefix Delegation.
> I took a /64 Subnet, the /48 Subnet is needed if you are using more
> than one subnet on the LAN side.

That is what I assmed also. I have been designing, building, and deploying
IPv4 routers for 25 years now. (Well, not so much in the last 5-6 years.) I
*know* what needs to be done but I am IPv6 illiterate right now. (Working to
fix that!)

I've configured anything else. I suppose that you don't need to set a
> default gateway for IPv6 because monowall routes all IPv6 traffic
> except the LAN subnet through the tunnel.
> - What version of monowall are you running?

1.33. I ran it for a week on my home system and then deployed it on our
school system yesterday. I run 6to4 on my home system and that is working
just fine. I plan to switch to a tunnel to HE in order to gain more
experience with a tunnel.

> - Is the tunnel between your monowall and he.net established?

It appears so but I haven't been able to push any data through yet.

> - What is listed on "Tunnel Details" on he.net?

*IPv6 Tunnel Endpoints* Server IPv4 address: Server IPv6
address:2001:470:*1f04*:d49::1/64 Client IPv4
IPv6 address:2001:470:*1f04*:d49::2/64 *Available DNS Resolvers* Anycasted
IPv6 Caching Nameserver:2001:470:20::2Anycasted IPv4 Caching Nameserver: *Routed IPv6 Prefixes and rDNS Delegations* Routed /48:
2001:470:8301::/48 Routed /64:2001:470:*1f05*:d49::/64
All of the above appears correct. Certainly the IPv4 parts are correct and I
had already set up my WAN side as you suggested. I used the first address of
the Routed /64 prefix as the LAN address. I set up DHCP to hand out a block
of that as well. Devices in my network seem to be receiving address
assignments out of that block which implies to me that DHCP is working.

I do suspect problems with the sites providing name service to our network
but that comes after getting routing running.

- Do you have a public IPv4 on your WAN side of monowall?

Yes. I have a couple of static, routable IPv4 addresses. The router has a
fixed, static IPv4 address. IPv4 is working just fine. HE does report the
proper IPv4 address. (See above.)

One thing I just discovered is that I never added a firewall rule to pass
anything on the LAN side. (It has been a long time since I started m0n0wall
from scratch on a system.) I assumed (erroneously) that the firewall would
pass all traffic unless configured otherwise. I suspect that might have an
effect. ;-) I have now done so and will work on this again when I reach

> If the tunnel is established try to run test-ipv6.com. I had some
> troubles with MTU.

I would expect MTU issues on a tunnel. Either fragmentation needs to be
enabled or the IPv4 MTU needs to be large enough to allow for the IPv6
header overhead in the IPv4 tunnel payload.

Now back to repairing the furnace in my house. (It seems that everything
breaks at once.)

Thank you for your assistance. I will report back with my results in about 6

Brian Lloyd, WB6RQN/J79BPL
3191 Western Dr.
Cameron Park, CA 95682
brian at lloyd dot com
+1.767.617.1365 (Dominica)
+1.931.492.6776 (USA)

Brian Lloyd, WB6RQN/J79BPL
3191 Western Dr.
Cameron Park, CA 95682
brian at lloyd dot com
+1.767.617.1365 (Dominica)
+1.931.492.6776 (USA)