[Wolves] It's the end of the internet as we know it

Ron Wellsted ron at wellsted.org.uk
Sat Feb 5 16:31:42 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/02/11 21:31, Adam Sweet wrote:

> Yes it is, I finally got around to setting up my tunnel last weekend but
> hit a problem, possibly due to firewall rules and protocol 41:
> 
> https://www.sixxs.net/faq/connectivity/?faq=firewalled
> 
> The tunnel comes up but I can't ping6 anything and I'm not sure how to
> address my local subnet. So yes please :)
> 
What tunnel type do you have?  If you are having problems with protocol
41, it sounds like you are using a 6in4 static or heartbeat.  The AYIYA
tunnels are the easiest to get setup (certainly with ADSL/NAT).

Do you have a sixxs interface listed with ifconfig? it should have a
Global address starting with 2a01: and probably ending with a :2.  Try
ping6 that address (it sould respond within 50-70 microseconds.  If that
worked OK, try changing the last :2 to :1 (the other end of the tunnel),
mine responds in about 30 milliseconds.

Once you have had the tunnel active for 1 week, you should have
sufficient credit with sixxs to be able to request a subnet.  Once the
subnet has been approved, you need to configure the network interface on
the system that is the endpoint to be a router and to give it a fixed
IPv6 address  (N.B. I have used the IPv6 Documentation prefix of
2001:DB8::/32 in the examples below,  Using them in real life will
result in fail).

eg add to /etc/network/interfaces (on Ubuntu/Debian):
iface eth0 inet6 static
	address 2001:0DB8::1
	netmask 64


The next step is to configure radvd on the network.  Install radvd and
edit /etc/radvd.conf to advertise the subnet address and route out to
the network (like DHCP):

interface eth0
{
	AdvSendAdvert on;
	MinRtrAdvInterval 3;
	MaxRtrAdvInterval 10;
	prefix 2001:0DB8::/64
	{
		AdvOnLink on;
		AdvAutonomous on;
		AdvRouterAddr on;
	};
	RDNSS 2001:0DB8::1
	{
		AdvRDNSSPreference 8;
		AdvRDNSSOpen off;
		AdvRDNSSLifetime 30;
	};
};

Don't forget to configure the system to forward IPv6

In /etc/sysctl.conf:
net.ipv6.conf.all.forwarding=1

and to enable without a reboot,
echo 1> /proc/sys/net/ipv6/conf/all/forwarding

As a check:
cat /proc/sys/net/ipv6/conf/all/forwarding
1

Once this is done, everything else that can use IPv6 should do so (N.B.
daemons such as apache, postfix, postgresql etc, will need to be
restarted and additional configuration maybe required).


- -- 
Ron Wellsted
ron at wellsted.org.uk http://www.wellsted.org.uk
N 52.567623, W 2.136111 Linux Counter No. 202120
Ekiga: 645022
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNTXp/AAoJEEtP/KMNOfRbrQUIALikkeAQWkfF3qdNzRjt7gEX
Ds3CciMBsQI6aNBgnfs84bAhCgTxLfpmNxQe86K8/8SmgQuR6JDo4AH4tzeLHILA
cItzvfpGtT0hr/Jp1ICl8HFIQcJYbCHE4jfRheYk9blQBJY/l4zHFkzu5BKdiyxA
aDpKSd6m9liXbzNBFIJvF06Lqmcl+FaTnnaHRPvTIv1iV+80IotM0nj/RInI5aPq
f2XQZXpAX2aFgmW5gsqJhwsO3UjJLSxlk+8LvlFx4qR1fTC3uoSu2n8JJZlJUYdu
LN1QelSj81VlgfToCGbIdlZf0nlZNjALU8cwLmnixoIF7BUJZsH/3mBxdgtSRfs=
=Cgiw
-----END PGP SIGNATURE-----

More information about the Wolves mailing list