New tunnel, 1/2 working

[Curt Howland <Howland@priss.com>]

Hi. I've arranged a tunnel with Hurricane Electric, tunnelbroker.net 
They have a nice tool that sets up a "sample config". Here's what I 
get:

=====
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::64.71.128.82 
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1F00:FFFF::F01/127
route -A inet6 add ::/0 dev sit1
=====

This seems to work:

=====
# ifconfig
sit0      Link encap:IPv6-in-IPv4
          inet6 addr: ::192.168.1.11/96 Scope:Compat
          inet6 addr: ::127.0.0.1/96 Scope:Unknown
          inet6 addr: ::192.168.0.1/96 Scope:Compat
          UP RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

sit1      Link encap:IPv6-in-IPv4
          inet6 addr: fe80::c0a8:10b/64 Scope:Link
          inet6 addr: 2001:470:1f00:ffff::f01/127 Scope:Global
          inet6 addr: fe80::c0a8:1/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:3736 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4145 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1897462 (1.8 MiB)  TX bytes:2311280 (2.2 MiB)
=====

and...

=====
# ping6 2001:470:1f00:ffff::f00
PING 2001:470:1f00:ffff::f00(2001:470:1f00:ffff::f00) 56 data bytes
64 bytes from 2001:470:1f00:ffff::f00: icmp_seq=1 ttl=64 time=136 ms
64 bytes from 2001:470:1f00:ffff::f00: icmp_seq=2 ttl=64 time=130 ms
64 bytes from 2001:470:1f00:ffff::f00: icmp_seq=3 ttl=64 time=117 ms

--- 2001:470:1f00:ffff::f00 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 117.972/128.368/136.818/7.821 ms
=====

and...

=====
# route -A inet6
Kernel IPv6 routing table
Destination     Next Hop   Flags Metric Ref    Use Iface
::1/128         ::         U     0      2        2 lo
::127.0.0.1/128 ::         U     0      0        2 lo
::192.168.0.1/128 ::       U     0      0        2 lo
::192.168.1.11/128 ::      U     0      0        2 lo
::/96           ::         U     256    0        0 sit0
2001:470:1f00:ffff::f01/128 :: U 0      3693     2 lo
2001:470:1f00:ffff::f00/127 :: U 256    4004     0 sit1
fe80::c0a8:1/128 ::        U     0      0        2 lo
fe80::c0a8:10b/128 ::      U     0      0        2 lo
fe80::202:8aff:fe94:4801/128 :: U 0     0        2 lo
fe80::a00:46ff:fea8:d8d1/128 :: U 0     0        2 lo
fe80::/64       ::         U     256    0        0 eth1
fe80::/64       ::         U     256    0        0 eth0
fe80::/64       ::         U     256    0        0 sit1
ff00::/8        ::         U     256    0        0 eth1
ff00::/8        ::         U     256    0        0 eth0
ff00::/8        ::         U     256    0        0 sit1
::/0            ::         U     1      0        0 sit1
=====

However, the tunnelbroker.net ping tool fails to 
2001:470:1f00:ffff::f01, which seems to be my end of the tunnel. 
Also, I cannot successfully ping anywhere else.

It's interesting that the blah:blah:f01 is directed to "lo" above, 
unless that's just more of the IPv6 stuff that's different from IPv4. 
(lots of "second system" overhead here, that's for sure)

There are two things I see that may be screwing this up: I'm being a 
NAT firewall, and I defined the tunnel with Hurricane Electric as 
being the global address outside the firewall, rather than the 
private address on my eth0.

Second, ping packets to the global address are dropped right now, 
which H.E. notes should be responsive. I know I need to fix that.

One other thing, what would entries for these look like 
in /etc/network/interfaces ? The examples in the mailing list 
archives all relate to IPv6 directly on the local interfaces, rather 
than through tunnels.

Any suggestions gladly accepted.

Curt-




-- 
September 11th, 2001
The proudest day for gun control and central 
planning advocates in American history