Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Running own IPv6 over IPv4 tunnel - connecting it to the internet?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Running own IPv6 over IPv4 tunnel - connecting it to the internet?

Hi,

Server A: I have an IPv6 enabled server with a /48 and an IPv4 address.
Server B: I have an IPv4 only server with a single static IPv4.

I've setup a linux 6in4 to tunnel a /64 from within my /48 from server A to server B.

Server A has been assigned ::1 and server B has been assigned ::2, and everything is good and they can ping each other. They cannot ping addresses outside their /64.

Now for some strange reason I would like to be able to use the internet on Server B. This involves connecting to the default gateway in the /48! How would I do this?

Comments

  • Server A:

    tun-6in4  Link encap:IPv6-in-IPv4
              inet6 addr: 2a04:4444:7:efef::1/64 Scope:Global
              inet6 addr: fe80::b979:1803/128 Scope:Link
              UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
              RX packets:232 errors:0 dropped:0 overruns:0 frame:0
              TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:24128 (23.5 KiB)  TX bytes:24728 (24.1 KiB)

    Server A's IPv6 Address:

    2a04:4444:7::4/48

    Server B:

    tun-6in4  Link encap:IPv6-in-IPv4
              inet6 addr: 2a04:4444:7:efef::2/64 Scope:Global
              inet6 addr: fe80::b973:7d02/128 Scope:Link
              UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
              RX packets:229 errors:0 dropped:0 overruns:0 frame:0
              TX packets:232 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:0
              RX bytes:24104 (23.5 KiB)  TX bytes:24128 (23.5 KiB)

    Looking good:

    [root@ServerA ~]# ping6 2a04:4444:7:efef::2
    PING 2a04:4444:7:efef::2(2a04:4444:7:efef::2) 56 data bytes
    64 bytes from 2a04:4444:7:efef::2: icmp_seq=1 ttl=64 time=16.4 ms
    64 bytes from 2a04:4444:7:efef::2: icmp_seq=2 ttl=64 time=16.6 ms
    64 bytes from 2a04:4444:7:efef::2: icmp_seq=3 ttl=64 time=16.5 ms
    [root@serverB ~]# ping6 2a04:4444:7:efef::1
    PING 2a04:4444:7:efef::1(2a04:4444:7:efef::1) 56 data bytes
    64 bytes from 2a04:4444:7:efef::1: icmp_seq=1 ttl=64 time=16.5 ms
    64 bytes from 2a04:4444:7:efef::1: icmp_seq=2 ttl=64 time=16.5 ms
    64 bytes from 2a04:4444:7:efef::1: icmp_seq=3 ttl=64 time=16.6 ms

    Not good when trying to ping ISP default gateway over tunnel.

    [root@ServerB ~]# ping6 2a04:4444:7::4
    connect: Network is unreachable
  • rm_rm_ IPv6 Advocate, Veteran
    edited April 2016

    linuxthefish said: ping ISP default gateway over tunnel

    That's not how it works. The default gateway for ServerB will be ServerA, and then ServerA will route packets back and forth between the ISP network and the tunnel. ServerA will need to have forwarding enabled in the OS, and allowed in ip6tables.

    Thanked by 1linuxthefish
  • ClouviderClouvider Member, Patron Provider

    Your default gw for server B will be 2a04:4444:7:efef::1. If you need any help setting it up please do let me know :-).

    Thanked by 1linuxthefish
  • linuxthefishlinuxthefish Member
    edited April 2016

    Thanks guys, I've tried setting the default gateway for the IPv6 tunnel on server B to 2a04:4444:7:efef::1 using the command

    ip -f inet6 route add default via 2a04:4444:7:efef::1

    but still no luck.

    Output of "ip -6 route":

    2a04:4444:7:efef::/64 via :: dev tun-6in4  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 4294967295
    2a04:4444:7:efef::/64 via 2a04:92c7:7:efef::1 dev tun-6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295
    default via 2a04:4444:7:efef::1 dev tun-6in4  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295

    and the route to Google shows as:

    [root@ServerB ~]# ip -f inet6 route get 2a00:1450:400c:c04::66
    2a00:1450:400c:c04::66 via 2a04:4444:7:efef::1 dev tun-6in4  src 2a04:4444:7:efef::2  metric 1024  mtu 1480 advmss 1420 hoplimit 4294967295
    Thanked by 1gestiondbi
  • exception0x876exception0x876 Member, Host Rep, LIR

    Do you have the IPv6 forwarding enabled on server A as @rm_ said? Can you see the packets with tcpdump on server A while you ping google on server B?

  • patrick7patrick7 Member, LIR

    Is this net routed to your tunnel server?

  • ClouviderClouvider Member, Patron Provider
    edited April 2016

    Double check the forwarding for v6 and see if you can ping 2a04:4444:7:efef::1 externally.

  • I've re-configured it as a ifcfg-sit2 file on CentOS server B to make adding the routes easier:

    DEVICE=sit2
    BOOTPROTO=none
    ONBOOT=yes
    IPV6INIT=yes
    IPV6TUNNELIPV4=185.121.121.2
    IPV6TUNNELIPV4LOCAL=185.121.121.3
    IPV6ADDR=2a04:4444:7:efef::2/64
    IPV6_DEFAULTGW=2a04:4444:7:efef::1

    Server B:

    [root@ServerB ~]# traceroute6 google.com
    traceroute to google.com (2a00:1450:400c:c04::8b), 30 hops max, 80 byte packets
     1  2a04:92c7:7:efef::1 (2a04:92c7:7:efef::1)  16.490 ms  16.455 ms  16.428 ms
     2  * * *
     3  * * *

    So it's definitely using 2a04:4444:7:efef::1 as the default route for all ipv6.

    exception0x876 said: Do you have the IPv6 forwarding enabled on server A as @rm_ said? Can you see the packets with tcpdump on server A while you ping google on server B?

    Yeah the packets are coming over the tunnel when i try to ping6 google.com from Server B:

    [root@serverA ~]# tcpdump -i tun-6in4
    tcpdump: WARNING: tun-6in4: no IPv4 address assigned
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on tun-6in4, link-type RAW (Raw IP), capture size 65535 bytes
    03:20:05.977293 IP6 2a04:4444:7:efef::2 > wk-in-x8b.1e100.net: ICMP6, echo request, seq 115, length 64
    03:20:06.978436 IP6 2a04:4444:7:efef::2 > wk-in-x8b.1e100.net: ICMP6, echo request, seq 116, length 64
    03:20:07.979393 IP6 2a04:4444:7:efef::2 > wk-in-x8b.1e100.net: ICMP6, echo request, seq 117, length 64
    03:20:08.980308 IP6 2a04:4444:7:efef::2 > wk-in-x8b.1e100.net: ICMP6, echo request, seq 118, length 64
    03:20:09.980389 IP6 2a04:4444:7:efef::2 > wk-in-x8b.1e100.net: ICMP6, echo request, seq 119, length 64
    03:20:10.979668 IP6 2a04:4444:7:efef::2 > wk-in-x8b.1e100.net: ICMP6, echo request, seq 120, length 64

    patrick7 said: Is this net routed to your tunnel server?

    I've not done any routing on ServerA (the side with native /48 ipv6), just configured a tunnel manually using the following:

    ip tunnel add tun-6in4 mode sit remote 185.121.121.3 local 185.121.121.2
    ip link set tun-6in4  up
    ip addr add 2a04:4444:7:efef::1/64 dev tun-6in4
  • patrick7patrick7 Member, LIR

    Your ISP needs to route the subnet to your server, otherwise it will not work.

  • ClouviderClouvider Member, Patron Provider

    It won't work.

    the /48 is likely not specifically routed to this host. Your server has ::4, meaning that ::1 is likely the router for this subnet. You'd need to have the subnet routed directly to your server to make it work.

    Thanked by 1linuxthefish
  • Won't 2a04:4444:7:efef::/64 already be inside 2a04:4444:7::/48 routed to my server?

  • rm_rm_ IPv6 Advocate, Veteran
    edited April 2016

    linuxthefish said: Won't 2a04:4444:7:efef::/64 already be inside 2a04:4444:7::/48 routed to my server?

    Yeah it might be routed to your server, but not "through" it.

    What your provider would have to do on their router, is this:

    ip route add 2a04:4444:7:efef::/64 via 2a04:4444:7::4

    That's what it means for the subnet to be routed.

    However even if they don't do it and it's not routed, you can workaround that by using ndppd. It can basically turn any subnet or part of it into a routed one.

    Thanked by 1linuxthefish
  • rm_ said: However even if they don't do it and it's not routed, you can workaround that by using ndppd. It can basically turn any subnet or part of it into a routed one.

    Holy fuck I love you rm! All working great now with ndppd, thanks everyone for your help.

Sign In or Register to comment.