|
FreeBSD
![[us]](/s/countries/us.gif) Shadow Hawkins on Monday, 22 December 2008 14:55:21
Has anyone been able to get an Ayiya tunnel working in FreeBSD? I am not able to ping the remote end of the tunnel, much less anything else. The system I had been using has recently experienced a hard drive crash, so I'm not able to post exactly what I've tried so far. I've used the following links for reference:
http://www.sixxs.net/faq/connectivity/?faq=usingsubnet&os=kame.router
http://www.freebsd.org/doc/en/books/handbook/network-ipv6.html
I guess my first question is using an Ayiya tunnel supported in FreeBSD?
FreeBSD
I guess my first question is using an Ayiya tunnel supported in FreeBSD?
Yes, AYIYA is supported but you need to use AICCU for it to work. The two links you referenced describe how to set up a proto-41 tunnel, which is not an AYIYA tunnel.
FreeBSD
Shadow Hawkins on Tuesday, 23 December 2008 20:15:05
If you still have trouble getting an AYIYA tunnel working after following the instructions at the link in Jeroen's message above, let me know. I got it working without much trouble. Getting rtadvd took a moment, but once I stopped trying to set it up in the middle of the night on no sleep that went pretty quick too.
Now if I could only get ecmh to build on FreeBSD 6 Release.
FreeBSD
Now if I could only get ecmh to build on FreeBSD 6 Release.
Don't waste your time with that at the moment. Let us first get the SixXS inter-PoP multicast network up and running, when that works, a new ecmh release can be released for current platforms. It doesn't make sense to run ecmh at the moment as then you can only mostly connect to other peers.
Christmas time is generally the time of the year when most of the new SixXS toys get released, and we are working on a couple, though don't expect them this year before the new year.
FreeBSD
Shadow Hawkins on Tuesday, 23 December 2008 22:05:01
I found a hard drive I can use, so I'm back working on this now.
One question I have is how do I make the gif0 interface survive a reboot?
FreeBSD
AYIYA tunnels (which is what you mentioned before) are per definition not gif tunnels. (gif tunnels are proto-41, though of course one can rename interfaces, but that is a bit dirty ;)
In the case of AYIYA, just start AICCU at boot (but don't put it in a loop of course, as that gets you auto-banned from the TIC servers)
In the case of gif0/proto41 just see the FAQ entry and put the proper lines in the config files.
FreeBSD
Shadow Hawkins on Wednesday, 24 December 2008 13:30:48
Of course, you're correct. I noticed that once I sync'd the system clock, the tunnel came right up. (amazing what happens if you read the error logs)
FreeBSD
Shadow Hawkins on Wednesday, 24 December 2008 15:51:48
This is probably something obvious that I'm missing...Everything works fine from my BSD router (ping, web browse, ect). I'm able to get IPv6 auto config addresses, but no default routes on client machines. Here are my configs
/etc/rc.conf:
defaultrouter="192.168.100.1"
hostname="ipv6router.sscorp.com"
ifconfig_fxp0="inet 192.168.100.10 netmask 255.255.255.0"
inetd_enable="YES"
ipv6_enable="YES"
ipv6_defaultrouter="2001:4978:f:22e::1"
ipv6_gateway_enable="YES"
linux_enable="YES"
sshd_enable="YES"
#ifconfig gif0 inet6 2001:4978:f:22e::1 2001:4978:f:22e::2 prefixlen 128
ipv6_ifconfig_fxp0="2001:4978:1d8:f000::9"
sixxs_aiccu_enable="YES"
rtadvd_enable="YES"
rtadvd_interfaces="fxp0"
/etc/rtadvd.conf:
fxp0:\
:addrs#1="2001:4978:1d8:f000::"prefixlen#64:tc=ether:
output of ipconfig on a server 2008 machine:
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:4978:1d8:f000:14c0:9452:3d4:a981
Link-local IPv6 Address . . . . . : fe80::14c0:9452:3d4:a981%12
IPv4 Address. . . . . . . . . . . : 192.168.100.18
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::21d:a2ff:feaf:2ffc%12
fe80::2e0:18ff:fe9e:5566%12
192.168.100.1
I think the reason that I'm not able to ping/browse IPv6 sites on the Windows machine is because I don't have a default gateway that points back to my BSD machine. If I add one by hand, everything works. What am I missing in the config on my BSD machine to advertise the gateway?
FreeBSD
Shadow Hawkins on Wednesday, 24 December 2008 22:55:18
Here is some of my setup info, hope it helps. (I make no claims that it is CORRECT only that it works)
/etc/rc.conf
(non IPv6 entries cut out, because you don't care about my other services]
# Added for IPv6 Host/Router
ipv6_enable="YES"
ipv6_network_interfaces="dc1"
ipv6_gateway_enable="YES"
# Address generated by MAC to EUI-64 converstion (hope I did it right)
ipv6_ifconfig_dc1="2001:1938:107:0000:0220:78ff:fe10:2837"
ipv6_prefix_dc1="2001:1938:107"
rtadvd_enable="YES"
rtadvd_interfaces="dc1"
sixxs_aiccu_enable="YES"
/etc/rtadvd.conf
dc1:\
:addr"2001:1938:107::"prefixlen#64:
Output of ifconfig from FreeBSD machine
dc0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
ether 00:20:78:10:28:a8
media: Ethernet autoselect (none)
status: no carrier
dc1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::220:78ff:fe10:2837%dc1 prefixlen 64 scopeid 0x2
inet 172.16.1.15 netmask 0xffffff00 broadcast 172.16.1.255
inet6 2001:1938:107:: prefixlen 64 anycast
inet6 2001:1938:107:0:220:78ff:fe10:2837 prefixlen 64
ether 00:20:78:10:28:37
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
plip0: flags=108810<POINTOPOINT,SIMPLEX,MULTICAST,NEEDSGIANT> mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff000000
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
inet6 fe80::220:78ff:fe10:28a8%tun0 prefixlen 64 scopeid 0x5
inet6 fe80::1838:80:18:2%tun0 prefixlen 64 scopeid 0x5
inet6 2001:1938:80:18::2 --> 2001:1938:80:18::1 prefixlen 128
Opened by PID 631
I'm at work, and the firewalls on the Windows machines won't let me in remotely, but the IPv6 default route on my Mac is:
fe80::0220:78ff:fe10:2837
That is the local address for dc1 on the FreeBSD machine, which as I understand it is what I should be seeing for a local router. Like I said, I'm not saying it's right, but it does work.
If I've got it wrong someone feel free to let me know. Definitly still learning here.
FreeBSD
Having a Link-Local as a gateway is correct.
And good that it works, enjoy :)
FreeBSD
Shadow Hawkins on Friday, 26 December 2008 15:39:19
Here's an update. I am now receiving the link-local address as a gateway on client machines:
Windows IP Configuration
Ethernet adapter Local Area Connection 3:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:4978:1d8:f000:14c0:9452:3d4:a981
Link-local IPv6 Address . . . . . : fe80::14c0:9452:3d4:a981%12
IPv4 Address. . . . . . . . . . . : 192.168.100.18
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::21d:a2ff:feaf:2ffc%12
fe80::2e0:18ff:fe9e:5566%12
192.168.100.1
However, I am not able to ping anything on the IPv6 network
Pinging www.kame.net [2001:200:0:8002:203:47ff:fea5:3085] from 2001:4978:1d8:f00
0:14c0:9452:3d4:a981 with 32 bytes of data:
Request timed out.
Request timed out.
Ping statistics for 2001:200:0:8002:203:47ff:fea5:3085:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),
I'm assuming I have something set incorrectly on the BSD machine that's causing it not to route traffic, but I haven't figured out what that something is. One thing that I did think about was the extra default gateway line. The address that ends in 5566 is the address of the BSD router. As for the 2ffc, I have no idea. Is there a way I can figure out who owns that address?
/etc/rc.conf (removed stuff you didn't care about)
ipv6_defaultrouter="2001:4978:f:22e::1"
ipv6_network_interfaces="fxp0"
ipv6_gateway_enable="YES"
ipv6_ifconfig_fxp0="2001:4978:1d8:f000::9"
ipv6_prefix_fxp0="2001:4978:1d8"
rtadvd_enable="YES"
rtadvd_interfaces="fxp0"
sixxs_aiccu_enable="YES"
ipv6router# netstat -nr
Routing tables
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default 2001:4978:f:22e::1 UGS tun0
::1 ::1 UHL lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:4978:f:22e::1 link#6 UHL tun0
2001:4978:f:22e::2 link#6 UHL lo0
2001:4978:1d8:: 00:e0:18:9e:55:66 UHL lo0 =>
2001:4978:1d8::/64 link#3 UC fxp0
2001:4978:1d8:f000::/64 link#3 UC fxp0
2001:4978:1d8:f000::9 00:e0:18:9e:55:66 UHL lo0
FreeBSD
> Default Gateway . . . . . . . . . : fe80::21d:a2ff:feaf:2ffc%12
You have two link-locals, pointing to two gateways, thus which one is the correct one and which one is being used?
fe80::2e0:18ff:fe9e:5566%12 192.168.100.1 As for the 2ffc, I have no idea. Is there a way I can figure out who owns that address?
Somebody on your local network at least, fe80::21d:a2ff:feaf:2ffc => MAC 00:1d:a2:af:2f:fc, which is in the Cisco OUI range, thus most likely a router or something.
2001:4978:1d8::/64 link#3 UC fxp0 2001:4978:1d8:f000::/64 link#3 UC fxp0
Why do you have 2 /64's on the same link? The second one seems to be used by your Windows XP box.
going a bit back up:
ipv6_ifconfig_fxp0="2001:4978:1d8:f000::9" ipv6_prefix_fxp0="2001:4978:1d8"
I guess you made a typo there, one of the two is wrong.
FreeBSD
Shadow Hawkins on Friday, 26 December 2008 17:14:13
It looks like it was a problem with the ASA advertising its default route...thanks Jeroen. I turned that off and the second gateway went away. Everything is working now, but I am having some problems on a few select Vista machines. The majority of machines work, but I have two that do not. They are able to ping ipv6.google.com and www.kame.net via ipv6 and receive a response, but I am not able to browse ipv6 websites.
C:\Users\cholzhauer>netsh int ipv6 sh route
Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- --- ------------------------ --- ------------------------
No Manual 256 ::/0 8 fe80::2e0:18ff:fe9e:5566
No Manual 256 ::1/128 1 Loopback Pseudo-Interface
1
No Manual 8 2001:4978:1d8::/64 8 Local Area Connection
No Manual 256 2001:4978:1d8:0:4039:54fa:9c8d:c9f0/128 8 Local Area
Connection
No Manual 256 2001:4978:1d8:0:6585:e320:407d:ac6e/128 8 Local Area
Connection
No Manual 8 2001:4978:1d8:f000::/64 8 Local Area Connection
No Manual 256 2001:4978:1d8:f000:4039:54fa:9c8d:c9f0/128 8 Local A
rea Connection
No Manual 256 2001:4978:1d8:f000:6585:e320:407d:ac6e/128 8 Local A
rea Connection
No Manual 256 fe80::/64 8 Local Area Connection
No Manual 256 fe80::5efe:192.168.100.190/128 16 Local Area Connecti
on* 14
No Manual 256 fe80::4039:54fa:9c8d:c9f0/128 8 Local Area Connectio
n
No Manual 256 ff00::/8 1 Loopback Pseudo-Interface
1
No Manual 256 ff00::/8 8 Local Area Connection
C:\Users\cholzhauer>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:4978:1d8:f000:4039:54fa:9c8d:c9f0
Temporary IPv6 Address. . . . . . : 2001:4978:1d8:f000:6585:e320:407d:ac6e
Link-local IPv6 Address . . . . . : fe80::4039:54fa:9c8d:c9f0%8
IPv4 Address. . . . . . . . . . . : 192.168.100.190
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::2e0:18ff:fe9e:5566%8
192.168.100.1
I tried a "netsh int ipv6 reset" but that didn't help either.
Oh, FWIW, I couldn't make my FreeBSD router work with the settings for /etc/rtadvd.conf that were provided previously. (It gave me errors) I'm running 7.0, so if anyone else has this problem, this is the line that worked for me:
cat /etc/rtadvd.conf
fxp0:\
:addrs#1:addr="2001:4978:1d8:f000::":prefixlen#64:tc=ether:
FreeBSD
Maybe these are interfering:
> No Manual 8 2001:4978:1d8::/64 8 Local Area Connection
You have to get rid of those, it seems they are manual routes and addresses. You'll need to use something like 'netsh int ipv6 delete route 2001:4978:1d8::/64 "Local Area Connection"'. An "netsh int ipv6 reset" should do that too though (and then you have to disable Teredo, ISATAP etc again).
No Manual 256 2001:4978:1d8:0:4039:54fa:9c8d:c9f0/128 8 Local Area Connection
No Manual 256 2001:4978:1d8:0:6585:e320:407d:ac6e/128 8 Local Area Connection
(It gave me errors)
What kind of errors? Except for the addition of tc=ether (which is afaik default) it is the same as the entry in the FAQ
FreeBSD
Shadow Hawkins on Friday, 26 December 2008 18:02:20
I'll try it, but I haven't added any manual routes on this machine.
I did a check on a machine that is working and all of the routes listed on there are "manual" as well, although I haven't edited any of them either.
FreeBSD
Shadow Hawkins on Friday, 26 December 2008 20:01:12
Got it working...this problem had surfaced before...I had to turn off HTTP filtering in our anti-virus program for IPv6 to work in a web browser.
Oh, and in response to an earlier question, this was the error I received when using the posted syntax in rtadvd.con
Dec 26 08:53:54 ipv6router rtadvd[919]: <getconfig> inet_pton failed for 2001:4978:1d8:f000::prefixlen#64
Thanks to everyone for their help.
FreeBSD
Dec 26 08:53:54 ipv6router rtadvd[919]: <getconfig> inet_pton failed for 2001:4978:1d8:f000::prefixlen#64
You are clearly missing a separation character there, that is why one has to use the quotes " around the address. Quite silly actually that they make a config file format containing IPv6 addresses and then pick colon as a separator.
|
![[ch]](/s/countries/ch.gif)
on Monday, 22 December 2008 14:59:24
Posting is only allowed when you are