Difference between revisions of "OpenBSD HE IPv6 tunnel"
(Created page with "== Introduction == We will create an IPv6 tunnel (provided by [http://he.net Hurricane Electric] suitable for subnetting (/48).") |
|||
(11 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Category:OpenBSD]] | ||
+ | [[Category:Networking]] | ||
+ | |||
== Introduction == | == Introduction == | ||
We will create an IPv6 tunnel (provided by [http://he.net Hurricane Electric] suitable for subnetting (/48). | We will create an IPv6 tunnel (provided by [http://he.net Hurricane Electric] suitable for subnetting (/48). | ||
+ | |||
+ | == Configuration == | ||
+ | |||
+ | In /etc/hostname.gif0: | ||
+ | |||
+ | tunnel 207.246.122.61 209.51.161.14 | ||
+ | !ifconfig gif0 inet6 alias 2001:470:1f06:95f::2 2001:470:1f06:95f::1 prefixlen 128 | ||
+ | !route -n add -inet6 default 2001:470:1f06:95f::1 | ||
+ | |||
+ | Enable it (as root): | ||
+ | |||
+ | sh /etc/netstart gif0 | ||
+ | |||
+ | == Test == | ||
+ | |||
+ | Check that it works: | ||
+ | |||
+ | freedom# route show -inet6 | ||
+ | Routing tables | ||
+ | |||
+ | Internet6: | ||
+ | Destination Gateway Flags Refs Use Mtu Prio Iface | ||
+ | default tunnel521973.tunne UGS 0 44 - 8 gif0 | ||
+ | default fe80::fc00:1ff:fed UGS 0 0 - 56 vio0 | ||
+ | ::/96 localhost UGRS 0 0 32768 8 lo0 | ||
+ | localhost localhost UHhl 10 20 32768 1 lo0 | ||
+ | ::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8 lo0 | ||
+ | tunnel521973.tunne tunnel521973-pt.tu UHh 1 1 - 8 gif0 | ||
+ | tunnel521973-pt.tu tunnel521973-pt.tu UHl 0 59 - 1 gif0 | ||
+ | 2001:19f0:5:11d4:: freedom.mgk.ro UCn 0 0 - 4 vio0 | ||
+ | freedom.mgk.ro 56:00:01:d3:aa:bd UHLl 0 0 - 1 vio0 | ||
+ | 2002::/24 localhost UGRS 0 0 32768 8 lo0 | ||
+ | 2002:7f00::/24 localhost UGRS 0 0 32768 8 lo0 | ||
+ | 2002:e000::/20 localhost UGRS 0 0 32768 8 lo0 | ||
+ | 2002:ff00::/24 localhost UGRS 0 0 32768 8 lo0 | ||
+ | fe80::/10 localhost UGRS 0 3 32768 8 lo0 | ||
+ | fec0::/10 localhost UGRS 0 0 32768 8 lo0 | ||
+ | fe80::%vio0/64 fe80::5400:1ff:fed UCn 1 1 - 4 vio0 | ||
+ | fe80::5400:1ff:fed 56:00:01:d3:aa:bd UHLl 0 0 - 1 vio0 | ||
+ | fe80::fc00:1ff:fed fe:00:01:d3:aa:bd UHLch 1 5 - 3 vio0 | ||
+ | fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0 | ||
+ | fe80::%gif0/64 fe80::42bc:4cfd:63 Un 0 0 - 4 gif0 | ||
+ | fe80::42bc:4cfd:63 fe80::42bc:4cfd:63 UHl 0 0 - 1 gif0 | ||
+ | ff01::/16 localhost UGRS 0 3 32768 8 lo0 | ||
+ | ff01::%vio0/32 fe80::5400:1ff:fed Um 0 1 - 4 vio0 | ||
+ | ff01::%lo0/32 fe80::1%lo0 Um 0 1 32768 4 lo0 | ||
+ | ff01::%gif0/32 fe80::42bc:4cfd:63 Um 0 1 - 4 gif0 | ||
+ | ff02::/16 localhost UGRS 0 3 32768 8 lo0 | ||
+ | ff02::%vio0/32 fe80::5400:1ff:fed Um 0 1 - 4 vio0 | ||
+ | ff02::%lo0/32 fe80::1%lo0 Um 0 1 32768 4 lo0 | ||
+ | ff02::%gif0/32 fe80::42bc:4cfd:63 Um 0 1 - 4 gif0 | ||
+ | freedom# | ||
+ | freedom# | ||
+ | freedom# ping6 google.com | ||
+ | PING google.com (2607:f8b0:4006:810::200e): 56 data bytes | ||
+ | 64 bytes from 2607:f8b0:4006:810::200e: icmp_seq=0 hlim=57 time=2.307 ms | ||
+ | 64 bytes from 2607:f8b0:4006:810::200e: icmp_seq=1 hlim=57 time=2.892 ms | ||
+ | ^C | ||
+ | --- google.com ping statistics --- | ||
+ | 2 packets transmitted, 2 packets received, 0.0% packet loss | ||
+ | round-trip min/avg/max/std-dev = 2.307/2.599/2.892/0.292 ms | ||
+ | freedom# traceroute6 google.com | ||
+ | traceroute6 to google.com (2607:f8b0:4006:810::200e), 64 hops max, 60 byte packets | ||
+ | 1 tunnel521973.tunnel.tserv4.nyc4.ipv6.he.net (2001:470:1f06:95f::1) 9.294 ms 6.861 ms 6.119 ms | ||
+ | 2 ve422.core1.nyc4.he.net (2001:470:0:5d::1) 2.155 ms 2.158 ms 2.876 ms | ||
+ | 3 core1-0-0-8.lga.net.google.com (2001:504:f::27) 1.798 ms 1.815 ms 2.393 ms | ||
+ | 4 2001:4860:0:1126::1 (2001:4860:0:1126::1) 3.032 ms 3.619 ms 2001:4860:0:1128::1 (2001:4860:0:1128::1) 2.576 ms | ||
+ | 5 2001:4860:0:1::2105 (2001:4860:0:1::2105) 2.89 ms 2.362 ms 2001:4860:0:1::2107 (2001:4860:0:1::2107) 2.052 ms | ||
+ | 6 lga34s14-in-x0e.1e100.net (2607:f8b0:4006:810::200e) 2.167 ms 2.114 ms 2.193 ms | ||
+ | freedom# | ||
+ | |||
+ | == Routing == | ||
+ | |||
+ | Assign IPs to the interface you wish to route to: | ||
+ | |||
+ | freedom# cat /etc/hostname.enc0 | ||
+ | inet 172.24.24.1 255.255.255.0 172.24.24.255 | ||
+ | '''inet6 2001:470:8c78:''a0''::1 64''' | ||
+ | up | ||
+ | |||
+ | Reconfigure it: | ||
+ | |||
+ | sh /etc/netstart enc0 | ||
+ | |||
+ | Enable IPv6 forwarding: | ||
+ | |||
+ | freedom# cat /etc/sysctl.conf | ||
+ | hw.smt=1 | ||
+ | net.inet.ip.forwarding=1 | ||
+ | '''net.inet6.ip6.forwarding=1''' | ||
+ | |||
+ | Same thing with sysctl (as root): | ||
+ | |||
+ | sysctl net.inet6.ip6.forwarding=1 |
Latest revision as of 10:30, 22 February 2019
Contents
Introduction
We will create an IPv6 tunnel (provided by Hurricane Electric suitable for subnetting (/48).
Configuration
In /etc/hostname.gif0:
tunnel 207.246.122.61 209.51.161.14 !ifconfig gif0 inet6 alias 2001:470:1f06:95f::2 2001:470:1f06:95f::1 prefixlen 128 !route -n add -inet6 default 2001:470:1f06:95f::1
Enable it (as root):
sh /etc/netstart gif0
Test
Check that it works:
freedom# route show -inet6 Routing tables Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface default tunnel521973.tunne UGS 0 44 - 8 gif0 default fe80::fc00:1ff:fed UGS 0 0 - 56 vio0 ::/96 localhost UGRS 0 0 32768 8 lo0 localhost localhost UHhl 10 20 32768 1 lo0 ::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8 lo0 tunnel521973.tunne tunnel521973-pt.tu UHh 1 1 - 8 gif0 tunnel521973-pt.tu tunnel521973-pt.tu UHl 0 59 - 1 gif0 2001:19f0:5:11d4:: freedom.mgk.ro UCn 0 0 - 4 vio0 freedom.mgk.ro 56:00:01:d3:aa:bd UHLl 0 0 - 1 vio0 2002::/24 localhost UGRS 0 0 32768 8 lo0 2002:7f00::/24 localhost UGRS 0 0 32768 8 lo0 2002:e000::/20 localhost UGRS 0 0 32768 8 lo0 2002:ff00::/24 localhost UGRS 0 0 32768 8 lo0 fe80::/10 localhost UGRS 0 3 32768 8 lo0 fec0::/10 localhost UGRS 0 0 32768 8 lo0 fe80::%vio0/64 fe80::5400:1ff:fed UCn 1 1 - 4 vio0 fe80::5400:1ff:fed 56:00:01:d3:aa:bd UHLl 0 0 - 1 vio0 fe80::fc00:1ff:fed fe:00:01:d3:aa:bd UHLch 1 5 - 3 vio0 fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1 lo0 fe80::%gif0/64 fe80::42bc:4cfd:63 Un 0 0 - 4 gif0 fe80::42bc:4cfd:63 fe80::42bc:4cfd:63 UHl 0 0 - 1 gif0 ff01::/16 localhost UGRS 0 3 32768 8 lo0 ff01::%vio0/32 fe80::5400:1ff:fed Um 0 1 - 4 vio0 ff01::%lo0/32 fe80::1%lo0 Um 0 1 32768 4 lo0 ff01::%gif0/32 fe80::42bc:4cfd:63 Um 0 1 - 4 gif0 ff02::/16 localhost UGRS 0 3 32768 8 lo0 ff02::%vio0/32 fe80::5400:1ff:fed Um 0 1 - 4 vio0 ff02::%lo0/32 fe80::1%lo0 Um 0 1 32768 4 lo0 ff02::%gif0/32 fe80::42bc:4cfd:63 Um 0 1 - 4 gif0 freedom# freedom# freedom# ping6 google.com PING google.com (2607:f8b0:4006:810::200e): 56 data bytes 64 bytes from 2607:f8b0:4006:810::200e: icmp_seq=0 hlim=57 time=2.307 ms 64 bytes from 2607:f8b0:4006:810::200e: icmp_seq=1 hlim=57 time=2.892 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.307/2.599/2.892/0.292 ms freedom# traceroute6 google.com traceroute6 to google.com (2607:f8b0:4006:810::200e), 64 hops max, 60 byte packets 1 tunnel521973.tunnel.tserv4.nyc4.ipv6.he.net (2001:470:1f06:95f::1) 9.294 ms 6.861 ms 6.119 ms 2 ve422.core1.nyc4.he.net (2001:470:0:5d::1) 2.155 ms 2.158 ms 2.876 ms 3 core1-0-0-8.lga.net.google.com (2001:504:f::27) 1.798 ms 1.815 ms 2.393 ms 4 2001:4860:0:1126::1 (2001:4860:0:1126::1) 3.032 ms 3.619 ms 2001:4860:0:1128::1 (2001:4860:0:1128::1) 2.576 ms 5 2001:4860:0:1::2105 (2001:4860:0:1::2105) 2.89 ms 2.362 ms 2001:4860:0:1::2107 (2001:4860:0:1::2107) 2.052 ms 6 lga34s14-in-x0e.1e100.net (2607:f8b0:4006:810::200e) 2.167 ms 2.114 ms 2.193 ms freedom#
Routing
Assign IPs to the interface you wish to route to:
freedom# cat /etc/hostname.enc0 inet 172.24.24.1 255.255.255.0 172.24.24.255 inet6 2001:470:8c78:a0::1 64 up
Reconfigure it:
sh /etc/netstart enc0
Enable IPv6 forwarding:
freedom# cat /etc/sysctl.conf hw.smt=1 net.inet.ip.forwarding=1 net.inet6.ip6.forwarding=1
Same thing with sysctl (as root):
sysctl net.inet6.ip6.forwarding=1