On Sun, Dec 03, 2006 at 04:34:29PM +0200, Bo Granlund wrote:
> Hi,
> I'm new here so please bear with me. :)
> I have a machine (Debian) which makes a 6to4 tunnel to some tunnel broker on
> the net, and locally ipv6 works:
> root@nexus:~# ping6 -c 2 www.kame.net
> PING www.kame.net(orange.kame.net) 56 data bytes
> 64 bytes from orange.kame.net: icmp_seq=1 ttl=51 time=355 ms
> 64 bytes from orange.kame.net: icmp_seq=2 ttl=51 time=355 ms
> My configure script to setup ipv6 networking is as follows:
> ----------------------------------
##! /bin/sh
> /sbin/ip -6 route flush dev tun6to4
> /sbin/ip link set dev tun6to4 down
> /sbin/ip tunnel del tun6to4
> ipv4="83.145.245.29"; ipv6=$(printf "2002:%02x%02x:%02x%02x::1" echo $ipv4 |
> tr "." " ")
> echo $ipv6
> /sbin/ip tunnel add tun6to4 mode sit ttl 125 remote any local $ipv4
> /sbin/ip link set dev tun6to4 up
> /sbin/ip -6 addr add $ipv6/16 dev tun6to4
##/sbin/ip -6 route add 2000::/3 via ::192.88.99.1 dev tun6to4 metric 1
> /sbin/ip -6 route add 2000::/3 via ::203.254.38.130 dev tun6to4 metric 1
> Now I try to start radvd with this configuration file (/etc/radvd.conf):
> ---------------------------------
> interface eth0
> {
> AdvSendAdvert on;
> MinRtrAdvInterval 3;
> MaxRtrAdvInterval 10;
> prefix 2001:5391:f51d:0006::/64
> {
> AdvOnLink on;
> AdvAutonomous on;
> AdvRouterAddr on;
}};
}};
> ---------------------------------
I don't see the commands here to setup ipv6 on eth0 of your router...
Hmm, a thought... AdvRouterAddr usually requires you to specifiy
the address, not the prefix, in the "prefix" entry.
In fact, since you're using 6to4, there's a sample at the bottom of
the radvd.conf manpage for auto-advertising the 6to4 address of a given
network interface.
> Dec 3 13:50:37 nexus radvd[10426]: version 0.8 started
> Dec 3 13:50:37 nexus radvd[10427]: sendmsg: Operation not permitted
> Dec 3 14:00:37 nexus radvd[10427]: sendmsg: Operation not permitted
> Dec 3 14:05:05 nexus radvd[10427]: sendmsg: Operation not permitted
> Dec 3 14:08:54 nexus radvd[10427]: sendmsg: Operation not permitted
> Dec 3 14:16:17 nexus radvd[10427]: sendmsg: Operation not permitted
And usually when I see this, it means I've not got a route to the
desired IP range...
Of course, as mentioned, check your firewall counters and make sure
you're not blocking it by accident.
> Also I configured on the host (nexus) an ipv6 address to eth0, and whenever
> I ping6 it it complains like this:
> ---------------------------------
> root@nexus:~# ping6 -c 2 2002:5391:f51d::2
> PING 2002:5391:f51d::2(2002:5391:f51d::2) 56 data bytes
> ping: sendmsg: Operation not permitted
> ping: sendmsg: Operation not permitted
> --- 2002:5391:f51d::2 ping statistics ---
> 2 packets transmitted, 0 received, 100% packet loss, time 999ms
> ---------------------------------
This address is outside the prefix you specified in radvd's config.
This may or may not be correct, there's nothing there showing the
eth0 ipv6 setup.
> I have tried to read google for hints howto get this working but I've gotten
> nowhere. Is there some suggestions you might have as to howto get router
> solicitation working? Is there something particular that I'm doing wrong
> here? I have allowed --proto 41 through on nexus for INPUT, OUTPUT and
> FORWARD, and I have a ip6tables firewall filtering stuff. Any hints will be
> greatly appreciated.
I'm using TSPC to connect to a tunnel broker here, and it includes
scripts to setup the local interface with the assigned ipv6 address,
so I can't provide a sample ipv6 setup for /etc/network/interfaces,
but tspc's process for setting up a router's internal interface is:
ip -6 route add unreachable $TSP_PREFIX::/$TSP_PREFIXLEN
sysctl -q -w net.ipv6.conf.all.forwarding=1
ip -6 addr add $TSP_PREFIX:c000::1/64 dev $TSP_HOME_INTERFACE
TSP_PREFIXLEN is the length of the prefix assigned from the tunnel
broker (for 6to4 it's 48)
TSP_PREFIX is the prefix for your network (2002::ip::v4)
TSP_HOME_INTERFACE is eth0 generally
In my case, my eth0 is PREFIX:c000::1/64, since this machine
actually has a couple of interfaces, each with its own /64,
and this parallels the IPv4 private address space 192.168.192.0/24
tap0 for uml is PREFIX:c001::1/64 and vmnet0 is PREFIX:c002::1/64
although since I recently had to rebuild this machine, those aren't
set up yet.
It looks like you're using a static IP address above, so you're
prolly safe enough to put the 'add unreachable' command in your
script that brings up ipv6, and set up the eth0 using the inet6
static mode in /etc/network/interfaces
My (nicely minimal) radvd.conf: (intel0 is the internal NIC)
interface intel0
{
AdvSendAdvert on;
prefix 2001:388:c00f:c000::/64
{
AdvOnLink on;
AdvAutonomous on;
};
};
--
-----------------------------------------------------------
Paul "TBBle" Hampson, B.Sc, LPI, MCSE
On-hiatus Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)
Paul.Hampson@Pobox.Com
Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
-- Kristian Wilson, Nintendo, Inc, 1989
License: http://creativecommons.org/licenses/by/2.1/au/
-----------------------------------------------------------
Attachment:
pgpHt451xIbT1.pgp
Description: PGP signature