Linode Forum
https://forum.linode.com/

IPv6, HE Tunnel, and /etc/network/interfaces
https://forum.linode.com/viewtopic.php?f=19&t=5629		 Page 1 of 1
Author:  devjonfos [ Thu May 27, 2010 1:49 am ]
Post subject:  IPv6, HE Tunnel, and /etc/network/interfaces
Okay, I've done the Hurricane Electric tunnel for IPv6 on my Linode, ping'd a few IPv6 places, got my certification up to "Enthusiast". Now how do I get my changes to come back after a reboot? I know I need to edit /etc/network/interfaces on my Ubuntu 10.04 Lucid node, but I have no clue what to put into there for IPv6. Currently, it contains:
Code:
# The loopback interface
auto lo
iface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.
auto eth0 eth0:0

# eth0 - This is the main IP address that will be used for most outbound connections.
# The address, netmask and gateway are all necessary.
iface eth0 inet static
 address 173.230.xxx.xxx
 netmask 255.255.255.0
 gateway 173.230.xxx.1

# eth0:0 - Private IPs have no gateway (they are not publicly routable) so all you need to
# specify is the address and netmask.
iface eth0:0 inet static
 address 192.168.xxx.xxx
 netmask 255.255.128.0
Author:  hoopycat [ Thu May 27, 2010 12:36 pm ]
Post subject: 
Here's mine:

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 97.107.134.213
        netmask 255.255.255.0
        gateway 97.107.134.1

# This is for an IP in the routed /64.
iface eth0 inet6 static
        address 2001:470:1f07:f41::dead:beef
        netmask 64

auto eth0:1
iface eth0:1 inet static
        address 192.168.137.246
        netmask 255.255.128.0

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:470:1f06:f41::2
    netmask 64
    endpoint 209.51.161.14
    local 97.107.134.213
    gateway 2001:470:1f06:f41::1
    ttl 64


Note the IP in eth0... this is an address in the routed /64, used for outgoing connections, such that the reverse IP can be set away from the default one for the point-to-point /64.
Author:  devjonfos [ Thu May 27, 2010 12:46 pm ]
Post subject: 
Thank you! :D
Author:  jed [ Thu May 27, 2010 3:14 pm ]
Post subject: 
hoopycat wrote:
Here's mine:

Interesting. I do a lot more with mine, mainly because Ubuntu (in my experience) eventually begins complaining about no buffer space being available after enough networking restarts. I tracked it down to a crappy error message coming out of the stack in the kernel, and then couldn't be bothered to go much further.

Here's my router at home:

Code:
auto he0
iface he0 inet6 v4tunnel
   endpoint 209.51.161.14
   local 98.225.x.x
   ttl 255
   address 2001:470:1f06:86a::2
   netmask 64
   mtu 1480
   up ip6tables-restore </etc/firewall6.conf

   # Make PTP not preferred_lft
   up ip addr del 2001:470:1f06:86a::2/64 dev he0
   up ip addr add 2001:470:1f06:86a::2/64 preferred_lft 0 dev he0

   up ip -6 route add default dev he0
   down ip -6 route del default dev he0
   down ip6tables-save >/etc/firewall6.conf

   # Kill
   down ip -6 tunnel del he0


I'm probably doing it wrong, but it works and I don't feel like screwing with it. There's a bridge and all kinds of other goodness in there.

Does your configuration set up routing correctly? I could never get mine to do so without an up/down route add/del.
Author:  hoopycat [ Thu May 27, 2010 3:44 pm ]
Post subject: 
Short answer: I don't know how well it survives on networking restarts, as I don't have too much of a need to adjust the network configuration outside the context of a reboot. Makes life easier in some respects :-)

I used to have an up/down for adding routes, but commented it out awhile back with no deleterious effects:

Code:
    # commented out 2010/04/10 by rtucker, from advice on #linode:
    # danieldg the reason for 2000::/3 from #ipv6 topic: manual defaultroute broken in 2.6.20.[5..13], 2.6.21.[0..4], RHEL/CentOS 5.[012], use 2000::/3 or update
    #up     ip -6 route add 2000::/3 dev he-ipv6
    #down   ip -6 route flush dev he-ipv6


But yeah, the routing goes in OK out of the box.
Author:  hojuruku [ Thu May 27, 2010 4:33 pm ]
Post subject:  Gentoo / Sabayon /etc/conf.d/net for ipv6
Here is my setup!

Code:
modules=( "iproute2" ) 
config_eth0=( "74.207.244.17/24" "74.207.244.169/24" "192.168.141.153/17" )
# linoder's I got lucky because both my ip addresses are on the same subnet ;) you may need another entry
# like "default via 74.x.x.1 metric 2" but not outgoing traffic will go out the interface with the lower metric
routes_eth0=( "default via 74.207.244.1" )                            
fallback_eth0=( "dhcp" )                                              
# loopback is set up for you by gentoo scripts. configuration optional                                           
#config_lo=( "127.0.0.1/8" "::1")                                                                                
#coo hiddern network - stop leakage to wan. Private                                                              
config_dummy0=( "172.16.31.254/20" "2001:470:1f05:430:ef1b::ffff/64" "2001:470:83de:c00:ffff:ffff:ffff:ffff/48" )
                             
modules_hetunnel=("iptunnel")
depend_hetunnel() {  
        need net.eth0                                                         
}                                                                             
                                                                                
iptunnel_hetunnel=("mode sit remote 72.52.104.74 local 74.207.244.17 ttl 255")  
config_hetunnel=("2001:470:1f04:430::2/64")                                     
routes_hetunnel=( "2000::/3 dev hetunnel metric 0" "::/0 dev hetunnel metric 1")
                             
modules_pub6tun0=("iptunnel")
depend_() {          
        need net.eth0                                                
}                                                                    
                                                                        
# when i set up this alternate way of setting up ip6 addresses HE.net in fremont weren't providing this service on multicast addr
# but now they are - so there are two ways to get your ip6 addresses nice and quick.
iptunnel_pub6tun0=("mode sit remote any local 74.207.244.17 ttl 255")   
config_pub6tun0=( "2002:4acf:f411::ef1b/48" )                           
routes_pub6tun0=( "2000::/3 via ::192.88.99.1 dev pub6tun0 metric 200" )
                                                                     
modules_pub6tun1=("iptunnel")                                        
depend_pub6tun1() {                                                     
        need net.eth0                                                   
}                                                                       
iptunnel_pub6tun1=("mode sit remote any local 74.207.244.169 ttl 64")   
config_pub6tun1=("2002:4acf:f4a9::c00/48")                              
routes_pub6tun1=( "2000::/3 via ::192.88.99.1 dev pub6tun1 metric 300" )
                                                   
# doesn't work like the howto's say. It's broken :P
#depend_6to4() {        
#        need net.eth0  
#}                      
#link_6to4="eth0"       
#RC_NEED_6to4="net.eth0"
#config_6to4=("ip6to4")


Yes Sabayon 5.2 works on linode.

You can install it by unzipping a squashfs image and cleaning out some install cruft. What is better is using it as gentoo and using entropy (equo) to push out your gentoo binaries to other hosts. I recommend gentoo-ers upgrade by using layman -a sabayon, emerge entropy equo entropy-server and seeing it's much better than using Gentoo's binary packages. I have a i7 intel core optomized version of Sabayon for anyone who is interested (perfect for linode hardware).
Author:  smiffy [ Sun May 30, 2010 2:18 am ]
Post subject: 
Not sure whether I should start a new thread on this, but since it's relevant to the discussion, here goes:

I have followed the /etc/network/interfaces example from http://www.linode.com/wiki/index.php/IPv6 - which works all well and good.

However, the tunnel keeps vanishing which is *not* what I want. As I can't have a native address, that tunnel needs to stay up for ever.

The problem would appear to be some sort of timeout, as far as I can see. If I don't make an inbound IPv6 connection for a short time, I can't ping6/otherwise connect IN. However, if I ping6 OUT (generally to ipv6.he.net,) I can then ping6 IN again.

Didn't know if the TTL line in the example interfaces file had any bearing on it, so I removed it. No difference.

Ideas, anyone?

UPDATE: I have run ifconfig on the interface both whilst it is and is not accepting inbound connections. Entries are identical, barring the data conuters.
Author:  OverlordQ [ Sun May 30, 2010 2:41 am ]
Post subject: 
here's what I have.

Code:
auto 6in4
iface 6in4 inet6 v4tunnel
        endpoint <he ipv4>
        local <my ip>
        ttl 255
        address <my tunnel end>
        netmask 64
        mtu 1480
        up ip -6 route add ::/0 dev 6in4 metric 1
        post-up sysctl -w net.ipv6.conf.all.forwarding=1
        up ip -6 addr add <my 64>::/64 dev eth0


The forwarding line is likely not needed for what you want it for.
Author:  devjonfos [ Mon May 31, 2010 12:44 pm ]
Post subject: 
smiffy wrote:
Not sure whether I should start a new thread on this, but since it's relevant to the discussion, here goes:

...


I saw your post over at tunnelbroker.net and did forwarding protocol 41 solve the problem?
Author:  smiffy [ Mon May 31, 2010 6:23 pm ]
Post subject: 
I set up the firewall rule about an hour ago and disabled the keep-alive cron job - it appears to work.

The resolution is:

iptables -A INPUT -s XXXXXXXX/32 -p ipv6 -j ACCEPT

...where XXXXXXXX is listed as "Server IPv4 address" under "IPv6 Tunnel Endpoints."

Note that this is the SAME rule quoted on the TunnelBroker forum - this is just how iptables-save dumps it out.

Kudos to @jimb for this solution.
Author:  devjonfos [ Mon May 31, 2010 8:18 pm ]
Post subject: 
smiffy wrote:
I set up the firewall rule about an hour ago and disabled the keep-alive cron job - it appears to work.

The resolution is:

iptables -A INPUT -s XXXXXXXX/32 -p ipv6 -j ACCEPT

...where XXXXXXXX is listed as "Server IPv4 address" under "IPv6 Tunnel Endpoints."

Note that this is the SAME rule quoted on the TunnelBroker forum - this is just how iptables-save dumps it out.

Kudos to @jimb for this solution.


Good to know! I had something similar to that because I also had to forward protocol 41 in my home router. Now I see the source bit (-s XXXXXXXX), but if you know the exact address of the IPv4 server would you need the slash 32?
Author:  smiffy [ Mon May 31, 2010 8:26 pm ]
Post subject: 
The /32 is added automatically by iptables. At least, that's what appears when I set the rule and then did an iptables-save to verify.

Important: setting this rule means that inbound IPv6 is now bypassing your IPv4 firewall. You will need to duplicate your iptables settings with ip6tables, so you will have an IPv6 firewall too.
Author:  devjonfos [ Mon May 31, 2010 10:40 pm ]
Post subject: 
smiffy wrote:
... You will need to duplicate your iptables settings with ip6tables, so you will have an IPv6 firewall too.


Yeah, did it! :D
Author:  devjonfos [ Wed Jun 23, 2010 12:46 pm ]
Post subject: 
Just a follow up...since rebooting to get the RAM increase the following configuration in /etc/network/interfaces worked on my Ubuntu 10.04 LTS (Lucid Lynx) IPv4/IPv6 node:

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
 address 173.230.xxx.xxx
 netmask 255.255.255.0
 gateway 173.230.xxx.1

iface eth0 inet6 static
 address 2001:470:1f05:ffff::aaaa
 netmask 64

auto eth0:1
iface eth0:1 inet static
 address 192.168.xxx.xxx
 netmask 255.255.128.0

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    endpoint 72.52.xxx.xxx
    local 173.230.xxx.xxx
    address 2001:470:1f04:ffff::2
    gateway 2001:470:1f04:ffff::1
    ttl 255
    netmask 64
    mtu 1480


Thanks to all previous posters for helping me put this configuration together!
Page 1 of 1 All times are UTC-04:00
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/