SixXS::Sunset 2017-06-06

FreeBSD
[us] Shadow Hawkins on Monday, 22 December 2008 14:55:21
Has anyone been able to get an Ayiya tunnel working in FreeBSD? I am not able to ping the remote end of the tunnel, much less anything else. The system I had been using has recently experienced a hard drive crash, so I'm not able to post exactly what I've tried so far. I've used the following links for reference: http://www.sixxs.net/faq/connectivity/?faq=usingsubnet&os=kame.router http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html I guess my first question is using an Ayiya tunnel supported in FreeBSD?
FreeBSD
[ch] Jeroen Massar SixXS Staff on Monday, 22 December 2008 14:59:24
I guess my first question is using an Ayiya tunnel supported in FreeBSD?
Yes, AYIYA is supported but you need to use AICCU for it to work. The two links you referenced describe how to set up a proto-41 tunnel, which is not an AYIYA tunnel.
FreeBSD
[us] Shadow Hawkins on Tuesday, 23 December 2008 20:15:05
If you still have trouble getting an AYIYA tunnel working after following the instructions at the link in Jeroen's message above, let me know. I got it working without much trouble. Getting rtadvd took a moment, but once I stopped trying to set it up in the middle of the night on no sleep that went pretty quick too. Now if I could only get ecmh to build on FreeBSD 6 Release.
FreeBSD
[ch] Jeroen Massar SixXS Staff on Tuesday, 23 December 2008 20:22:27
Now if I could only get ecmh to build on FreeBSD 6 Release.
Don't waste your time with that at the moment. Let us first get the SixXS inter-PoP multicast network up and running, when that works, a new ecmh release can be released for current platforms. It doesn't make sense to run ecmh at the moment as then you can only mostly connect to other peers. Christmas time is generally the time of the year when most of the new SixXS toys get released, and we are working on a couple, though don't expect them this year before the new year.
FreeBSD
[us] Shadow Hawkins on Tuesday, 23 December 2008 22:05:01
I found a hard drive I can use, so I'm back working on this now. One question I have is how do I make the gif0 interface survive a reboot?
FreeBSD
[ch] Jeroen Massar SixXS Staff on Tuesday, 23 December 2008 22:49:35
AYIYA tunnels (which is what you mentioned before) are per definition not gif tunnels. (gif tunnels are proto-41, though of course one can rename interfaces, but that is a bit dirty ;) In the case of AYIYA, just start AICCU at boot (but don't put it in a loop of course, as that gets you auto-banned from the TIC servers) In the case of gif0/proto41 just see the FAQ entry and put the proper lines in the config files.
FreeBSD
[us] Shadow Hawkins on Wednesday, 24 December 2008 13:30:48
Of course, you're correct. I noticed that once I sync'd the system clock, the tunnel came right up. (amazing what happens if you read the error logs)
FreeBSD
[us] Shadow Hawkins on Wednesday, 24 December 2008 15:51:48
This is probably something obvious that I'm missing...Everything works fine from my BSD router (ping, web browse, ect). I'm able to get IPv6 auto config addresses, but no default routes on client machines. Here are my configs /etc/rc.conf: defaultrouter="192.168.100.1" hostname="ipv6router.sscorp.com" ifconfig_fxp0="inet 192.168.100.10 netmask 255.255.255.0" inetd_enable="YES" ipv6_enable="YES" ipv6_defaultrouter="2001:4978:f:22e::1" ipv6_gateway_enable="YES" linux_enable="YES" sshd_enable="YES" #ifconfig gif0 inet6 2001:4978:f:22e::1 2001:4978:f:22e::2 prefixlen 128 ipv6_ifconfig_fxp0="2001:4978:1d8:f000::9" sixxs_aiccu_enable="YES" rtadvd_enable="YES" rtadvd_interfaces="fxp0" /etc/rtadvd.conf: fxp0:\ :addrs#1="2001:4978:1d8:f000::"prefixlen#64:tc=ether: output of ipconfig on a server 2008 machine: Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:4978:1d8:f000:14c0:9452:3d4:a981 Link-local IPv6 Address . . . . . : fe80::14c0:9452:3d4:a981%12 IPv4 Address. . . . . . . . . . . : 192.168.100.18 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : fe80::21d:a2ff:feaf:2ffc%12 fe80::2e0:18ff:fe9e:5566%12 192.168.100.1 I think the reason that I'm not able to ping/browse IPv6 sites on the Windows machine is because I don't have a default gateway that points back to my BSD machine. If I add one by hand, everything works. What am I missing in the config on my BSD machine to advertise the gateway?
FreeBSD
[us] Shadow Hawkins on Wednesday, 24 December 2008 22:55:18
Here is some of my setup info, hope it helps. (I make no claims that it is CORRECT only that it works)
/etc/rc.conf (non IPv6 entries cut out, because you don't care about my other services] # Added for IPv6 Host/Router ipv6_enable="YES" ipv6_network_interfaces="dc1" ipv6_gateway_enable="YES" # Address generated by MAC to EUI-64 converstion (hope I did it right) ipv6_ifconfig_dc1="2001:1938:107:0000:0220:78ff:fe10:2837" ipv6_prefix_dc1="2001:1938:107" rtadvd_enable="YES" rtadvd_interfaces="dc1" sixxs_aiccu_enable="YES"
/etc/rtadvd.conf dc1:\ :addr"2001:1938:107::"prefixlen#64:
Output of ifconfig from FreeBSD machine
dc0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> ether 00:20:78:10:28:a8 media: Ethernet autoselect (none) status: no carrier dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 options=8<VLAN_MTU> inet6 fe80::220:78ff:fe10:2837%dc1 prefixlen 64 scopeid 0x2 inet 172.16.1.15 netmask 0xffffff00 broadcast 172.16.1.255 inet6 2001:1938:107:: prefixlen 64 anycast inet6 2001:1938:107:0:220:78ff:fe10:2837 prefixlen 64 ether 00:20:78:10:28:37 media: Ethernet autoselect (100baseTX <full-duplex>) status: active plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff000000 tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280 inet6 fe80::220:78ff:fe10:28a8%tun0 prefixlen 64 scopeid 0x5 inet6 fe80::1838:80:18:2%tun0 prefixlen 64 scopeid 0x5 inet6 2001:1938:80:18::2 --> 2001:1938:80:18::1 prefixlen 128 Opened by PID 631
I'm at work, and the firewalls on the Windows machines won't let me in remotely, but the IPv6 default route on my Mac is: fe80::0220:78ff:fe10:2837 That is the local address for dc1 on the FreeBSD machine, which as I understand it is what I should be seeing for a local router. Like I said, I'm not saying it's right, but it does work. If I've got it wrong someone feel free to let me know. Definitly still learning here.
FreeBSD
[ch] Jeroen Massar SixXS Staff on Thursday, 25 December 2008 04:22:44
Having a Link-Local as a gateway is correct. And good that it works, enjoy :)
FreeBSD
[us] Shadow Hawkins on Friday, 26 December 2008 15:39:19
Here's an update. I am now receiving the link-local address as a gateway on client machines: Windows IP Configuration Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:4978:1d8:f000:14c0:9452:3d4:a981 Link-local IPv6 Address . . . . . : fe80::14c0:9452:3d4:a981%12 IPv4 Address. . . . . . . . . . . : 192.168.100.18 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : fe80::21d:a2ff:feaf:2ffc%12 fe80::2e0:18ff:fe9e:5566%12 192.168.100.1 However, I am not able to ping anything on the IPv6 network Pinging www.kame.net [2001:200:0:8002:203:47ff:fea5:3085] from 2001:4978:1d8:f00 0:14c0:9452:3d4:a981 with 32 bytes of data: Request timed out. Request timed out. Ping statistics for 2001:200:0:8002:203:47ff:fea5:3085: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss), I'm assuming I have something set incorrectly on the BSD machine that's causing it not to route traffic, but I haven't figured out what that something is. One thing that I did think about was the extra default gateway line. The address that ends in 5566 is the address of the BSD router. As for the 2ffc, I have no idea. Is there a way I can figure out who owns that address? /etc/rc.conf (removed stuff you didn't care about) ipv6_defaultrouter="2001:4978:f:22e::1" ipv6_network_interfaces="fxp0" ipv6_gateway_enable="YES" ipv6_ifconfig_fxp0="2001:4978:1d8:f000::9" ipv6_prefix_fxp0="2001:4978:1d8" rtadvd_enable="YES" rtadvd_interfaces="fxp0" sixxs_aiccu_enable="YES" ipv6router# netstat -nr Routing tables Internet6: Destination Gateway Flags Netif Expire ::/96 ::1 UGRS lo0 => default 2001:4978:f:22e::1 UGS tun0 ::1 ::1 UHL lo0 ::ffff:0.0.0.0/96 ::1 UGRS lo0 2001:4978:f:22e::1 link#6 UHL tun0 2001:4978:f:22e::2 link#6 UHL lo0 2001:4978:1d8:: 00:e0:18:9e:55:66 UHL lo0 => 2001:4978:1d8::/64 link#3 UC fxp0 2001:4978:1d8:f000::/64 link#3 UC fxp0 2001:4978:1d8:f000::9 00:e0:18:9e:55:66 UHL lo0
FreeBSD
[ch] Jeroen Massar SixXS Staff on Friday, 26 December 2008 15:48:04
> Default Gateway . . . . . . . . . : fe80::21d:a2ff:feaf:2ffc%12
fe80::2e0:18ff:fe9e:5566%12
192.168.100.1
You have two link-locals, pointing to two gateways, thus which one is the correct one and which one is being used?
As for the 2ffc, I have no idea. Is there a way I can figure out who owns that address?
Somebody on your local network at least, fe80::21d:a2ff:feaf:2ffc => MAC 00:1d:a2:af:2f:fc, which is in the Cisco OUI range, thus most likely a router or something.
2001:4978:1d8::/64 link#3 UC fxp0
2001:4978:1d8:f000::/64 link#3 UC fxp0
Why do you have 2 /64's on the same link? The second one seems to be used by your Windows XP box. going a bit back up:
ipv6_ifconfig_fxp0="2001:4978:1d8:f000::9"
ipv6_prefix_fxp0="2001:4978:1d8"
I guess you made a typo there, one of the two is wrong.
FreeBSD
[us] Shadow Hawkins on Friday, 26 December 2008 17:14:13
It looks like it was a problem with the ASA advertising its default route...thanks Jeroen. I turned that off and the second gateway went away. Everything is working now, but I am having some problems on a few select Vista machines. The majority of machines work, but I have two that do not. They are able to ping ipv6.google.com and www.kame.net via ipv6 and receive a response, but I am not able to browse ipv6 websites. C:\Users\cholzhauer>netsh int ipv6 sh route Publish Type Met Prefix Idx Gateway/Interface Name ------- -------- --- ------------------------ --- ------------------------ No Manual 256 ::/0 8 fe80::2e0:18ff:fe9e:5566 No Manual 256 ::1/128 1 Loopback Pseudo-Interface 1 No Manual 8 2001:4978:1d8::/64 8 Local Area Connection No Manual 256 2001:4978:1d8:0:4039:54fa:9c8d:c9f0/128 8 Local Area Connection No Manual 256 2001:4978:1d8:0:6585:e320:407d:ac6e/128 8 Local Area Connection No Manual 8 2001:4978:1d8:f000::/64 8 Local Area Connection No Manual 256 2001:4978:1d8:f000:4039:54fa:9c8d:c9f0/128 8 Local A rea Connection No Manual 256 2001:4978:1d8:f000:6585:e320:407d:ac6e/128 8 Local A rea Connection No Manual 256 fe80::/64 8 Local Area Connection No Manual 256 fe80::5efe:192.168.100.190/128 16 Local Area Connecti on* 14 No Manual 256 fe80::4039:54fa:9c8d:c9f0/128 8 Local Area Connectio n No Manual 256 ff00::/8 1 Loopback Pseudo-Interface 1 No Manual 256 ff00::/8 8 Local Area Connection C:\Users\cholzhauer>ipconfig Windows IP Configuration Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : IPv6 Address. . . . . . . . . . . : 2001:4978:1d8:f000:4039:54fa:9c8d:c9f0 Temporary IPv6 Address. . . . . . : 2001:4978:1d8:f000:6585:e320:407d:ac6e Link-local IPv6 Address . . . . . : fe80::4039:54fa:9c8d:c9f0%8 IPv4 Address. . . . . . . . . . . : 192.168.100.190 Subnet Mask . . . . . . . . . . . : 255.255.254.0 Default Gateway . . . . . . . . . : fe80::2e0:18ff:fe9e:5566%8 192.168.100.1 I tried a "netsh int ipv6 reset" but that didn't help either. Oh, FWIW, I couldn't make my FreeBSD router work with the settings for /etc/rtadvd.conf that were provided previously. (It gave me errors) I'm running 7.0, so if anyone else has this problem, this is the line that worked for me: cat /etc/rtadvd.conf fxp0:\ :addrs#1:addr="2001:4978:1d8:f000::":prefixlen#64:tc=ether:
FreeBSD
[ch] Jeroen Massar SixXS Staff on Friday, 26 December 2008 17:35:09
Maybe these are interfering:
> No Manual 8 2001:4978:1d8::/64 8 Local Area Connection
No Manual 256 2001:4978:1d8:0:4039:54fa:9c8d:c9f0/128 8 Local Area
Connection
No Manual 256 2001:4978:1d8:0:6585:e320:407d:ac6e/128 8 Local Area
Connection
You have to get rid of those, it seems they are manual routes and addresses. You'll need to use something like 'netsh int ipv6 delete route 2001:4978:1d8::/64 "Local Area Connection"'. An "netsh int ipv6 reset" should do that too though (and then you have to disable Teredo, ISATAP etc again).
(It gave me errors)
What kind of errors? Except for the addition of tc=ether (which is afaik default) it is the same as the entry in the FAQ
FreeBSD
[us] Shadow Hawkins on Friday, 26 December 2008 18:02:20
I'll try it, but I haven't added any manual routes on this machine. I did a check on a machine that is working and all of the routes listed on there are "manual" as well, although I haven't edited any of them either.
FreeBSD
[us] Shadow Hawkins on Friday, 26 December 2008 20:01:12
Got it working...this problem had surfaced before...I had to turn off HTTP filtering in our anti-virus program for IPv6 to work in a web browser. Oh, and in response to an earlier question, this was the error I received when using the posted syntax in rtadvd.con Dec 26 08:53:54 ipv6router rtadvd[919]: <getconfig> inet_pton failed for 2001:4978:1d8:f000::prefixlen#64 Thanks to everyone for their help.
FreeBSD
[ch] Jeroen Massar SixXS Staff on Friday, 26 December 2008 20:36:10
Dec 26 08:53:54 ipv6router rtadvd[919]: <getconfig> inet_pton failed for 2001:4978:1d8:f000::prefixlen#64
You are clearly missing a separation character there, that is why one has to use the quotes " around the address. Quite silly actually that they make a config file format containing IPv6 addresses and then pick colon as a separator.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker