|
OpenBSD IPv6 Tunnel to route subnet with XP machines?
![[nl]](/s/countries/nl.gif) Shadow Hawkins on Monday, 07 April 2003 13:18:03
I'm trying to get some WinXP machines to work with IPv6, with OpenBSD being the router. My tunnel (to the OpenBSD box) works perfectly, but I can't figure out how to configure the XP boxen. In OpenBSD, I have created an rtadvd.conf file (in /etc) according to the FAQ. I started (or sort of, it doesn't show in ps -auxw) rtadvd with the flags '-d rl0' (rl0 being configured in rtadvd.conf).
Now, the FAQ said that, to route WinXP hosts on my subnet, I should follow the WinXP tunnel setup. Of course this sounds like total crap (for instance, why configure the IPv4 of the OpenBSD box for a tunnel? OpenBSD has the tunnel, not XP!), but I followed the steps. This results in a chaos IPv6 stack, which - of course - doesn't work.
Now may I ask, how do I set up an IPv6 network (all using IPv6's from my subnet, hardcoded btw, no DHCP) of WinXP boxen to route their outgoing IPv6 traffic (out of my subnet) to the OpenBSD box? I am not very into IPv6, but I am learning along. Any help would be greatly appreciated :).
-edit:
Or, am I thinking the wrong way here, and should I be building a bridge between the giftunnel and the ethernet LAN adapter, which will route IPv6 packets destined for the outside world over the giftunnel? If so, how do I set up the WinXP IPv6 stack to be using the OpenBSD box as gateway (the netsh interface ipv6 commandset is nothing like configuring IPv4, it's a shame!)? And will that fix the problem of the source IP of outgoing packets from the subnet being my IPv6 tunnel endpoint?
To give a global view of what I am trying to build:
The rest of the IPv6-connected Internet
|
| (the IPv6 over IPv4 tunnel)
|
My OpenBSD box (being a router, and showing up in a traceroute)
|
| (my IPv6 LAN, connected to each other and the router via a switch)
|
------------------------- etc. etc.
| |
A WinXP box |
Another WinXP box
Hope that clarifies a bit?
grtz,
Thomas E. Spanjaard (TES1-6BONE)
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Now, the FAQ said that, to route WinXP hosts on my subnet, I should follow the WinXP tunnel setup. Of course this sounds like total crap (for instance, why configure the IPv4 of the OpenBSD box for a tunnel? OpenBSD has the tunnel, not XP!), but I followed the steps. This results in a chaos IPv6 stack, which - of course - doesn't work.
You should ofcourse only INSTALL the stack, that's what the faq entry says :)
If your rtadvd doesn't run on the correct interface, the one where the rest of the hosts is attached to, then ofcourse they won't get a prefix either ;)
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Saturday, 12 April 2003 01:52:44
Hmm, I configged it to run on rl0, which is the LAN/WAN (it's also its Internet uplink) interface. But after I start rtadvd, it exits (allright, could be detaching), but it doesn't show up in ps (-auxw). Prolly some errors in my .conf then, I'll look in to it later...
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Saturday, 12 April 2003 05:55:48
rtadvd -d -D -f rl0 gives me this:
rtadvd[9100]: <getconfig> rl0 isn't defined in the configuration file or the configuration file doesn't exist. Treat it as default
rtadvd[9100]: <getconfig> need addr as a prefix for interface rl0
rtadvd.conf:
rl0:addrs#1:addr="2001:960:60f::":prefixlen=#48:tc=ether:
It's in /etc, and running rtadvd with the flag -c /etc/rtadvd.conf doesn't help either. Am I missing something here?
*EDIT*
btw, is rtadvd needed if hosts are to be configured with static IP's?
OpenBSD IPv6 Tunnel to route subnet with XP machines?
rl0:addrs#1:addr="2001:960:60f::":prefixlen#48:tc=ether:
Thus without the equal sign (=) in front of the hash (#)
From 'man rtadvd':
ef0:\
:addrs#1:addr="3ffe:501:ffff:1000::":prefixlen#64:tc=default:
No rtadvd is for dynamically assigning a prefix to a network.
A host _could_ choose to assign eg <prefix>::1 to itself, though
standardized tools are not available afaik...
OpenBSD IPv6 Tunnel to route subnet with XP machines?
![[si]](/s/countries/si.gif) Shadow Hawkins on Sunday, 04 May 2003 14:27:10
i don't want to open another such topic, so i will ask this here :P so, i have a linux router where the tunnel is configured and it works fine. i also have a /48 subnet, so i set up radvd and allocated a /64 prefix for my LAN. after that, i installed ipv6 stack on the xp machine using "ipv6 install" and if i do "ipv6 if" i see, that the interface has obtained the correct ip from the router. but the machine can't establish a connection (ping6 to any host does not work). and in my logs (on the router), i am getting icmpv6_send: no reply to icmp error.
and btw: /proc/sys/net/ipv6/conf/all/forward is set to 1.
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Show the config, show the config :)
ipv6 if + ipv6 rt on the XP box could be quite of help, as it could quite well be that you have some additional routing built in already thus you are not going over your router and thus using the correct path.
Also when testing, check:
- interface configs
- routing tables
- traceroute6 to router
- traceroute6 to www.sixxs.net (or other well known host)
As your router says 'no reply to icmp error' you might as well examine your
router config for typo's and the like.
Also you might want to check up on EUI-64 autoconfig.
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Sunday, 04 May 2003 15:21:42/etc/radvd.conf:
interface eth1
{
AdvSendAdvert on;
prefix 2001:768:191e:1234::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
tracert6/ping6 (from XP box) to any address does not work.
ipv6 if:
Interface 4: Ethernet: Local Area Connection
uses Neighbor Discovery
uses Router Discovery
link-layer address: 00-c1-28-00-c0-fe
preferred global 2001:768:191e:1234:f90c:13a5:f6e4:1060, life 6d21h36m23s/21h34m1s (anonymous)
preferred global 2001:768:191e:1234:2c1:28ff:fe00:c0fe, life 29d23h54m35s/6d23h54m35s (public)
preferred link-local fe80::2c1:28ff:fe00:c0fe, life infinite
multicast interface-local ff01::1, 1 refs, not reportable
multicast link-local ff02::1, 1 refs, not reportable
multicast link-local ff02::1:ff00:c0fe, 2 refs, last reporter
multicast link-local ff02::1:ffe4:1060, 1 refs, last reporter
link MTU 1500 (true link MTU 1500)
current hop limit 64
reachable time 42500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 1
Interface 3: 6to4 Tunneling Pseudo-Interface
does not use Neighbor Discovery
does not use Router Discovery
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 37500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
Interface 2: Automatic Tunneling Pseudo-Interface
does not use Neighbor Discovery
does not use Router Discovery
router link-layer address: 0.0.0.0
EUI-64 embedded IPv4 address: 0.0.0.0
preferred link-local fe80::5efe:192.168.0.10, life infinite
link MTU 1280 (true link MTU 65515)
current hop limit 128
reachable time 15500ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
Interface 1: Loopback Pseudo-Interface
does not use Neighbor Discovery
does not use Router Discovery
link-layer address:
preferred link-local ::1, life infinite
preferred link-local fe80::1, life infinite
link MTU 1500 (true link MTU 4294967295)
current hop limit 128
reachable time 26000ms (base 30000ms)
retransmission interval 1000ms
DAD transmits 0
ipv6 rt:
2001:768:191e:1234::/64 -> 4 pref 8 life 29d23h53m38s/6d23h53m38s (autoconf)
::/0 -> 4/fe80::202:44ff:fe2d:a043 pref 256 life 23m38s (autoconf)
ifconfig sixxs:
sixxs Link encap:IPv6-in-IPv4
inet6 addr: 2001:768:1900:45::2/64 Scope:Global
inet6 addr: fe80::c14d:9f15/10 Scope:Link
inet6 addr: fe80::ac10:f001/10 Scope:Link
inet6 addr: fe80::ac10:f301/10 Scope:Link
inet6 addr: fe80::c0a8:1/10 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:25862 errors:0 dropped:0 overruns:0 frame:0
TX packets:26098 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:6566514 (6.2 MiB) TX bytes:4118400 (3.9 MiB)
and there is something strange, from router i can not traceroute6 (but can ping6) any host :?
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Sunday, 04 May 2003 15:30:25
argh, i have found an old route present when i do route --inet6:
3ffe:b80:1b34:1::/64 :: UA 256 0 0 eth1
this is from an old tunnel, but i can not remove the route:
icarus:/etc# route --inet6 del 3ffe:b80:1b34:1::/64
SIOCDELRT: No such process
:{
OpenBSD IPv6 Tunnel to route subnet with XP machines?
ip -6 ro del 3ffe:b80:1b34:1::/64
Should do the trick.
There is another odd thing one can once come across in this where "ip -6 ro sho" has completely different output from "netstat -rnA inet6". In this the ip command hides certain routes which the netstat command does display ;)
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Monday, 05 May 2003 08:21:23
Well, i have removed the route, but i still can't traceroute6 to any host from the router. But ipv6 connectivity works (i can connect to sites via ipv6, etc...)
:{
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Check your mtu of the tunnel, on Linux boxen one has to set it to 1280 to let traceroute6 properly work over tunnels.
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Tuesday, 06 May 2003 08:27:22
well, on interface sixxs (ipv6 tunnel) i have mtu set to 1280, but traceroute6 still doesn't work.
ifconfig sixxs:
sixxs Link encap:IPv6-in-IPv4
inet6 addr: 2001:768:1900:45::2/64 Scope:Global
inet6 addr: fe80::c14d:9f15/10 Scope:Link
inet6 addr: fe80::ac10:f001/10 Scope:Link
inet6 addr: fe80::ac10:f301/10 Scope:Link
inet6 addr: fe80::c0a8:1/10 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:4665 errors:0 dropped:0 overruns:0 frame:0
TX packets:4664 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2777641 (2.6 MiB) TX bytes:724737 (707.7 KiB)
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Then it's time for a full routing/interface/filter table dumps along with tcpdumping of your devices to see what really is going on. Have fun :)
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Tuesday, 06 May 2003 19:23:15
ok, here we go:
route --inet6:
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 1629 0 lo
2001:768:1900:45::2/128 :: U 0 5791 0 lo
2001:768:191e:1234::/64 :: U 1024 0 0 eth1
fe80::ac10:f001/128 :: U 0 0 0 lo
fe80::ac10:f301/128 :: U 0 0 0 lo
fe80::c0a8:1/128 :: U 0 0 0 lo
fe80::c14d:9f15/128 :: U 0 0 0 lo
fe80::/10 :: UA 256 420 0 eth1
fe80::/10 :: UA 256 0 0 eth0
ff02::1/128 ff02::1 UAC 0 1 1 eth1
ff00::/8 :: UA 256 0 0 eth1
ff00::/8 :: UA 256 0 0 eth0
ff00::/8 :: U 1024 0 0 sixxs
::/0 2001:768:1900:45::1 UG 1024 136 0 sixxs
tcpdump -i sixxs: (while doing traceroute6 www.sixxs.net)
tcpdump: WARNING: sixxs: no IPv4 address assigned
tcpdump: listening on sixxs
19:20:37.823379 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16 [hlim 1]
19:20:42.817813 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16 [hlim 1]
19:20:47.817811 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16 [hlim 1]
19:20:52.817874 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16
19:20:57.817854 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16
19:21:02.817822 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16
19:21:07.817846 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16
19:21:12.818130 cl-70.mun-01.de.sixxs.net.49489 > noc.sixxs.net.33434: udp 16
8 packets received by filter
0 packets dropped by kernel
anything else ? :P
iptables filter has nothing to do with it, since i tried to clear the filter tables and it was the same.
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Do tcpdumps (with -xns 1500) on both the underlying IPv4 interface and the IPv6 tunnel while:
- ping6 to the endpoint.
- traceroute6 to some known host.
The IPv4 interface dump might show some extra information (eg ICMP packet to big etc) which is not visible on the IPv6 tunnel interface.
OpenBSD IPv6 Tunnel to route subnet with XP machines?
Shadow Hawkins on Wednesday, 07 May 2003 15:34:41
ok, here we go :P
tcpdump (ppp0) (while doing ping6 2001:768:1900:45::1)
15:29:08.516386 193.77.159.___ >
195.143.155.2: 2001:768:1900:45::2 >
2001:768:1900:45::1: icmp6: echo request (encap)
4500 007c 0000 4000 4029 7b64 c14d 9f15
c38f 9b02 6000 0000 0040 3a40 2001 0768
1900 0045 0000 0000 0000 0002 2001 0768
1900 0045 0000 0000 0000 0001 8000 94e1
0718 0100 240a b93e 91e0 0700 0809 0a0b
0c0d 0e0f 1011 1213 1415 1617 1819 1a1b
1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
2c2d 2e2f 3031 3233 3435 3637
15:29:08.554714 195.143.155.2 >
193.77.159.___: 2001:768:1900:45::1 >
2001:768:1900:45::2: icmp6: echo reply (encap)
4500 007c 4b3f 0000 1829 9825 c38f 9b02
c14d 9f15 6000 0000 0040 3a40 2001 0768
1900 0045 0000 0000 0000 0001 2001 0768
1900 0045 0000 0000 0000 0002 8100 93e1
0718 0100 240a b93e 91e0 0700 0809 0a0b
0c0d 0e0f 1011 1213 1415 1617 1819 1a1b
1c1d 1e1f 2021 2223 2425 2627 2829 2a2b
2c2d 2e2f 3031 3233 3435 3637
tcpdump (ppp0) (while doing traceroute6 www.sixxs.net)
15:30:05.568555 193.77.159.___ >
195.143.155.2: 2001:768:1900:45::2.49591 >
3ffe:4007:1:1:210:dcff:fe20:7c7c.33434: udp 16 [hlim 1] (encap)
4500 0054 0000 4000 0129 ba8c c14d 9f15
c38f 9b02 6000 0000 0018 1101 2001 0768
1900 0045 0000 0000 0000 0002 3ffe 4007
0001 0001 0210 dcff fe20 7c7c c1b7 829a
0018 0a47 0000 18ca 0000 0001 5d0a b93e
5fac 0800
15:30:05.584994 193.77.177.1 >
193.77.159.___: icmp: time exceeded in-transit [tos 0xc0]
45c0 0038 6a4c 0000 ff01 7e06 c14d b101
c14d 9f15 0b00 83e6 0000 0000 4500 0054
0000 4000 0129 ba8c c14d 9f15 c38f 9b02
6000 0000 0018 1101
btw: traceroute to www.kame.net works, BUT it i must wait until the traceroute reaches 7th hop...
traceroute6 www.kame.net
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 ntt-uk6x.ipv6.btexact.com (2001:7f8:2:1::9) 63.741 ms 63.977 ms 81.784 ms
8 tu-1240.r00.snjsca06.us.b6.verio.net (2001:418:0:2000::15) 880.388 ms 853.414 ms 879.84 ms
9 cisco1.sanjose.wide.s-ix.net (2001:418:201::2500:1) 517.096 ms 516.175 ms 536.133 ms
10 pc1.notemachi.wide.ad.jp (2001:200:0:1c04:290:27ff:fe3a:d8) 531.101 ms 513.74 ms 517.522 ms
11 pc3.yagami.wide.ad.jp (2001:200:0:1c04::1000:2000) 506.168 ms 497.037 ms 488.641 ms
12 2001:200:0:8002::2000:1 (2001:200:0:8002::2000:1) 672.986 ms 510.764 ms 521.522 ms
13 2001:200:0:8002:210:f3ff:fe03:4d0 (2001:200:0:8002:210:f3ff:fe03:4d0) 521.358 ms 519.85 ms 520.729 ms
i think there are some probles before hop 7, because i can traceroute6 any site and before hop 7 there is no reply, but on and after it is normal...
OpenBSD IPv6 Tunnel to route subnet with XP machines?
15:30:05.584994 193.77.177.1 > 193.77.159.___: icmp: time exceeded in-transit [tos 0xc0] 45c0 0038 6a4c 0000 ff01 7e06 c14d b101 c14d 9f15 0b00 83e6 0000 0000 4500 0054 0000 4000 0129 ba8c c14d 9f15 c38f 9b02 6000 0000 0018 1101
Don't you wonder why you are getting time exceeded messages from your own local network? You are obviously simply having a lot of packetloss.
|
![[ch]](/s/countries/ch.gif)
on Monday, 07 April 2003 16:44:39
Posting is only allowed when you are