gogoNET

IPv6 & Networking the Internet of Things

Hi. I have the following setup using a HE tunnel:

*Physical server is Hyper-V host and 6in4 tunnel endpoint

*Physical server has RRAS installed and configured for IPv6, and can access IPv6 internet fine.

*Physical server runs Windows Server 2008 R2 VM, using an External virtual network mode.

*Everything's behind IPv4 NAT.

However, my problem is that neither can be pinged from a remote host using the /48 HE allocated to me, even though I've added the following routes to my routing table on the physical host, on both the physical interface and my tunnel interface:

(my /48)::/64 -> (remote tunnel endpoint address)

(my /48)::/48->  (remote tunnel endpoint address)

netsh ras ipv6 show config

gives me:

RAS IPv6 config

Negotiation mode : allow
Access mode : all
Router Advertise mode : enabled
Assignment method : pool
Prefix : (/48, with no CIDR # at the end; CIDR # not permitted by Windows)

On the VM I have configured the host machine as the default gateway, having it use an address from the first /64 of my /48, but pings can only work between the two, and not from a remote location (using IPv6). The physical tunnel endpoint can be pinged remotely but nothing in my /48 prefix can be.

I have no DHCPv6 enabled. I have router discovery turned on on all computers, and ICMPv6 also enabled.

Traceroutes using a GogoSERVER tunnel:

To physical computer:

  1 - 6:My own computer, less than 1 ms
  6    98 ms    97 ms    97 ms  if-ae11.2.tcore1.NYY-NewYork.ipv6.as6453.net [20
01:5a0:400:700::2]
  7     *       98 ms   186 ms  if-2-0-0.1577.core3.NTO-NewYork.ipv6.as6453.net
[2001:5a0:a00::31]
  8   105 ms   101 ms    98 ms  gigabitethernet3-17.core1.nyc4.he.net [2001:470:
0:1a3::1]
  9   162 ms   166 ms   226 ms  10gigabitethernet5-3.core1.lax1.he.net [2001:470
:0:10e::1]
 10   205 ms   168 ms   167 ms  10gigabitethernet7-4.core1.fmt2.he.net [2001:470
:0:18d::1]
 11   170 ms   170 ms   171 ms  gige-gbge0.tserv3.fmt2.ipv6.he.net [2001:470:0:4
5::2]
 12     *        *        *     Request timed out.
 13     *        * (time-outs from then on)

To VM:


  1    91 ms    91 ms    91 ms  2001:5c0:1000:b::9eea
  2     *       90 ms    89 ms  ix-5-0-1.6bb1.MTT-Montreal.ipv6.as6453.net [2001
:5a0:300::5]
  3    89 ms    91 ms    90 ms  if-4-0-9.mcore3.MTT-Montreal.ipv6.as6453.net [20
01:5a0:300:100::d]
  4    96 ms   101 ms    97 ms  if-xe-4-0-0.0.tcore2.NYY-NewYork.ipv6.as6453.net
 [2001:5a0:400:700::5]
  5    96 ms    97 ms    97 ms  if-ae11.2.tcore1.NYY-NewYork.ipv6.as6453.net [20
01:5a0:400:700::2]
  6    98 ms     *       99 ms  if-2-0-0.1577.core3.NTO-NewYork.ipv6.as6453.net
[2001:5a0:a00::31]
  7   187 ms   138 ms   224 ms  gigabitethernet3-17.core1.nyc4.he.net [2001:470:
0:1a3::1]
  8   165 ms   162 ms   163 ms  10gigabitethernet5-3.core1.lax1.he.net [2001:470
:0:10e::1]
  9   187 ms   168 ms   173 ms  10gigabitethernet7-4.core1.fmt2.he.net [2001:470
:0:18d::1]
 10   169 ms   224 ms   209 ms  gige-gbge0.tserv3.fmt2.ipv6.he.net [2001:470:0:4
5::2]
 11   183 ms     *      181 ms  <(my HE username)>-2-pt.tunnel.tserv3.fmt2.ipv6.he.net
[(Tunnel endpoint /64)::2]
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.

It seems to be a problem with the Windows routing advertisements not going out into the world, because internal routing occurs OK.

Views: 1127

Reply to This

Replies to This Discussion

It seems like it would make more sense to post this in the HE forums ;)

Just to make sure we're on the same page:  

You should have the ::1 address of your tunnel /64 on the outside interface of your router/host computer

You should have an address from a /64 in your routed /48 applied to the insider interface of your router /host computer

You should have an address from that same /64 as the line above applied to the LAN adapter on your VM.  (I assume you're doing bridged networking).  

The default gateway on the inside interface of your router/host computer is the ::1 of the tunnel /64.  

The default gateway on your VM should be the IP address of the inside interface of your router/host computer

Correct. But the VM cannot ping anything outside, and anything outside cannot ping the VM. Ironically, I've followed the same directions as GogoNET's tunnel setup script. Using bridged networking.

what does a traceroute show?

can you ping anything over ipv6 from your tunnel computer/router?

my traceroute is in the comment above; I can ping Gogonet's and Google's IPv6 fine, so that's not an issue.

Update: I can ping [my /48]::1 (on the physical server), but still cannot ping [my /48]::2 on the VM.

Sounds to me like you need to go back to the basics.

1. The HE tunnel has only one endpoint (one V4 and one v6).  HE specifies this when you sign up for the tunnel. 

2. The HE tunnel required that you have a router.  The /64 and /48 are only accessible through this router.  One router interface will have a network address from the tunnel endpoint and the other interface will have one from your /64 and /48.

3. Your /48 should be divided into /64s, which can have a second or third tunnels, but they must be pointed to your router that has the HE assigned tunnel end point as well.  Any questions, see point 1.

The HE forums can be reached here: http://www.tunnelbroker.net/forums/

That's what I have. I'm using the physical computer as a router.

I take it you ran these commands on the router, which should allow you to create three tunnels:

netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel IP6Tunnel <my IPv4> <HE tunnel IPv4>
netsh interface ipv6 add address IP6Tunnel <my IPv6>
netsh interface ipv6 add route ::/0 IP6Tunnel <HE tunnel IPv6>

netsh interface ipv6 add v6v4tunnel IP6Tunnel2 <my internal IPv4> <my VM's IPv4>
netsh interface ipv6 add address IP6Tunnel2 <my /64 picked from the /48 IPv6>

netsh interface ipv6 add v6v4tunnel IP6Tunnel3 <my internal IPv4> <my VM's IPv4>
netsh interface ipv6 add address IP6Tunnel3 <my /64 picked from the /48 IPv6>

Have you used windows to host three tunnels before? The last I read, it only supported one. And, I think you need BGP to use all three concurrently.

You can add as many tunnels if you like, but you only need BGP if you want to use more than one of them as an uplink to the internet.  Since the other tunnels are feeding smaller networks, only those route will appear in the routing table of the router.  They appear as normal interfaces on the operating, such as the same as the freenet6 client.  On the remote machines, the route ::/0 need to point to this end of the tunnel.

C:\Users>netsh int ipv6 show interfaces

Idx  Met   MTU   State        Name
---  ---  -----  -----------  -------------------
  1   50 4294967295  connected    Loopback Pseudo-Interface 1
 15   30   1500  connected    Wireless Network Connection
 34   40   1280  connected    IPv6tunnel1
 12   50   1280  disconnected  Local Area Connection* 7
  8   20   1500  connected    Local Area Connection
 24   50   1280  disconnected  Local Area Connection* 13
 28   50   1280  disconnected  Local Area Connection* 14
 14   50   1280  disconnected  Local Area Connection* 16
 13   50   1280  disconnected  Local Area Connection* 17
 23   30   1280  connected    Local Area Connection* 15
 11   20   1500  connected    VirtualBox Host-Only Network
 25   50   1280  disconnected  Local Area Connection* 22
 18   20   1280  disconnected  Local Area Connection 2
 35   25   1280  connected    IPv6tunnel2
 37   25   1280  connected    IPv6tunnel3

Tunnel adapter IPv6tunnel1:

   IPv6 Address. . . . . . . . . . . : 2001:470:8747:1718::2
   Link-local IPv6 Address . . . . . : fe80::dd18:c0a1:5ad6:38e%34
   Default Gateway . . . . . . . . . :

Tunnel adapter IPv6tunnel2:

   IPv6 Address. . . . . . . . . . . : 2001:470:8747:1719::2
   Link-local IPv6 Address . . . . . : fe80::d8ad:fdd7:3205:ac59%35
   Default Gateway . . . . . . . . . :

Tunnel adapter IPv6tunnel3:

   IPv6 Address. . . . . . . . . . . : 2001:470:8747:1720::155
   Link-local IPv6 Address . . . . . : fe80::a484:cc10:cf73:9b97%37
   Default Gateway . . . . . . . . . :

C:\Users>netstat -rn

IPv6 Route Table
===========================================================================
Active Routes:

 34    296 2001:470:8747:1718::/64  On-link
 34    296 2001:470:8747:1718::2/128
                                    On-link
 35    281 2001:470:8747:1719::/64  On-link
 35    281 2001:470:8747:1719::2/128
                                    On-link
 37    281 2001:470:8747:1720::/64  On-link
 37    281 2001:470:8747:1720::155/128
                                    On-link

From the sound of things, everything is connected on the same private LAN.  Why not use native IPv6 internally by putting a /64 on each internal interface and enable the broadcast router option?  It will be dual-stack and you only need one tunnel to worry about and keep updating.

That's what I tried, and failed. I didn't know you could make more than one tunnel interface with one tunnel.

What I listed on the other take off was three different tunnels, each with its own tunnel interface.  It sounded like this is what you were originally trying to do.  Native IP is much much easier than tunneling.  (Tunneling should be avoided when ever possible as the extra IPv4 header will cause the IPv6 packet to shrink a bit.)  If your Winders server is already running as a router, everything will be easy.  If not, stuff might be a little bit more difficult.

(You can find more about this topic here: http://www.tunnelbroker.net/forums/index.php?topic=2089.0)

1. For starters, you say you can ping your tunnel endpoint.  Can you ping IPv6.google.com and browse to http://whatismyip.com/?  If not, then you may need to fix your default route and or tunnel settings.

2. Once you verify that the tunnel is working properly and the route is working, then you can configure IPv6 addresses on your internal NICs.  Please be extra careful to leave the gateway blank on these internal NICs.

3. Enable windows advertisements and forwarding.  From the commands I get from the gogo6 client windows.cmd script (Where "%TSP_HOME_INTERFACE%" is the name of your interface, I.E. "Local Area Connection", and "%TSP_TUNNEL_INTERFACE%" is the name of your tunnel interface.)

:ROUTER_CONFIG_PROCEDURE
REM Sets the local computer to send router advertisements on a local
REM interface.

ECHO Configuring local computer to act as a router.
ECHO Routing advertisements will be published on interface "%TSP_HOME_INTERFACE%".

REM Adding first address of prefix to the publishing interface.
ECHO Adding first address of prefix to the publishing interface ...
netsh int ipv6 set addr "%TSP_HOME_INTERFACE%" %TSP_PREFIX%::1 %NETSH_PERS% > NUL
IF ERRORLEVEL 1 (
  SET ERRNO=50
  GOTO :EOF
)

REM Enable forwarding on tunnel interface.
ECHO Enabling forwarding on tunnel interface ...
netsh int ipv6 set int "%TSP_TUNNEL_INTERFACE%" forwarding=enabled > NUL
IF ERRORLEVEL 1 (
  SET ERRNO=51
  GOTO :EOF
)

REM Enable forwarding and router advertisements on the publishing interface.
ECHO Enabling forwarding and router advertisement on the publishing interface ...
netsh int ipv6 set int "%TSP_HOME_INTERFACE%" forwarding=enabled advertise=enabled > NUL
IF ERRORLEVEL 1 (
  SET ERRNO=52
  GOTO :EOF
)

REM Route the first /64 of the prefix on the tunnel interface.
ECHO Routing first /64 of the prefix on the publishing interface ...
netsh int ipv6 add route %TSP_PREFIX%::/64 "%TSP_HOME_INTERFACE%" siteprefixlength=64 publish=yes %NETSH_PERS% > NUL
IF %WIN_VER% NEQ 7 IF ERRORLEVEL 1 (
  SET ERRNO=53
  GOTO :EOF
)

REM Finished router configuration.
ECHO Router configuration successful.
GOTO :EOF:

RSS

Training

IoT & IPv6 Networking Conference

Product Information

Fill out my online form.

© 2014   Created by gogo6.

Badges  |  Report an Issue  |  Terms of Service