IPv6, HE Tunnel, and /etc/network/interfaces

Okay, I've done the Hurricane Electric tunnel for IPv6 on my Linode, ping'd a few IPv6 places, got my certification up to "Enthusiast". Now how do I get my changes to come back after a reboot? I know I need to edit /etc/network/interfaces on my Ubuntu 10.04 Lucid node, but I have no clue what to put into there for IPv6. Currently, it contains:````

The loopback interface

auto lo
iface lo inet loopback

Configuration for eth0 and aliases

This line ensures that the interface will be brought up during boot.

auto eth0 eth0:0

eth0 - This is the main IP address that will be used for most outbound connections.

The address, netmask and gateway are all necessary.

iface eth0 inet static
address 173.230.xxx.xxx
netmask 255.255.255.0
gateway 173.230.xxx.1

eth0:0 - Private IPs have no gateway (they are not publicly routable) so all you need to

specify is the address and netmask.

iface eth0:0 inet static
address 192.168.xxx.xxx
netmask 255.255.128.0

````

13 Replies

Here's mine:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 97.107.134.213
        netmask 255.255.255.0
        gateway 97.107.134.1

# This is for an IP in the routed /64.
iface eth0 inet6 static
        address 2001:470:1f07:f41::dead:beef
        netmask 64

auto eth0:1
iface eth0:1 inet static
        address 192.168.137.246
        netmask 255.255.128.0

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:470:1f06:f41::2
    netmask 64
    endpoint 209.51.161.14
    local 97.107.134.213
    gateway 2001:470:1f06:f41::1
    ttl 64

Note the IP in eth0… this is an address in the routed /64, used for outgoing connections, such that the reverse IP can be set away from the default one for the point-to-point /64.

@hoopycat:

Here's mine:
Interesting. I do a lot more with mine, mainly because Ubuntu (in my experience) eventually begins complaining about no buffer space being available after enough networking restarts. I tracked it down to a crappy error message coming out of the stack in the kernel, and then couldn't be bothered to go much further.

Here's my router at home:

auto he0
iface he0 inet6 v4tunnel
    endpoint 209.51.161.14
    local 98.225.x.x
    ttl 255
    address 2001:470:1f06:86a::2
    netmask 64
    mtu 1480
    up ip6tables-restore /etc/firewall6.conf

    # Kill
    down ip -6 tunnel del he0

I'm probably doing it wrong, but it works and I don't feel like screwing with it. There's a bridge and all kinds of other goodness in there.

Does your configuration set up routing correctly? I could never get mine to do so without an up/down route add/del.

Short answer: I don't know how well it survives on networking restarts, as I don't have too much of a need to adjust the network configuration outside the context of a reboot. Makes life easier in some respects :-)

I used to have an up/down for adding routes, but commented it out awhile back with no deleterious effects:

    # commented out 2010/04/10 by rtucker, from advice on #linode:
    # danieldg the reason for 2000::/3 from #ipv6 topic: manual defaultroute broken in 2.6.20.[5..13], 2.6.21.[0..4], RHEL/CentOS 5.[012], use 2000::/3 or update
    #up     ip -6 route add 2000::/3 dev he-ipv6
    #down   ip -6 route flush dev he-ipv6

But yeah, the routing goes in OK out of the box.

Here is my setup!

modules=( "iproute2" ) 
config_eth0=( "74.207.244.17/24" "74.207.244.169/24" "192.168.141.153/17" )
# linoder's I got lucky because both my ip addresses are on the same subnet ;) you may need another entry
# like "default via 74.x.x.1 metric 2" but not outgoing traffic will go out the interface with the lower metric
routes_eth0=( "default via 74.207.244.1" )                            
fallback_eth0=( "dhcp" )                                              
# loopback is set up for you by gentoo scripts. configuration optional                                           
#config_lo=( "127.0.0.1/8" "::1")                                                                                
#coo hiddern network - stop leakage to wan. Private                                                              
config_dummy0=( "172.16.31.254/20" "2001:470:1f05:430:ef1b::ffff/64" "2001:470:83de:c00:ffff:ffff:ffff:ffff/48" )

modules_hetunnel=("iptunnel")
depend_hetunnel() {  
        need net.eth0                                                         
}                                                                             

iptunnel_hetunnel=("mode sit remote 72.52.104.74 local 74.207.244.17 ttl 255")  
config_hetunnel=("2001:470:1f04:430::2/64")                                     
routes_hetunnel=( "2000::/3 dev hetunnel metric 0" "::/0 dev hetunnel metric 1")

modules_pub6tun0=("iptunnel")
depend_() {          
        need net.eth0                                                
}                                                                    

# when i set up this alternate way of setting up ip6 addresses HE.net in fremont weren't providing this service on multicast addr
# but now they are - so there are two ways to get your ip6 addresses nice and quick.
iptunnel_pub6tun0=("mode sit remote any local 74.207.244.17 ttl 255")   
config_pub6tun0=( "2002:4acf:f411::ef1b/48" )                           
routes_pub6tun0=( "2000::/3 via ::192.88.99.1 dev pub6tun0 metric 200" )

modules_pub6tun1=("iptunnel")                                        
depend_pub6tun1() {                                                     
        need net.eth0                                                   
}                                                                       
iptunnel_pub6tun1=("mode sit remote any local 74.207.244.169 ttl 64")   
config_pub6tun1=("2002:4acf:f4a9::c00/48")                              
routes_pub6tun1=( "2000::/3 via ::192.88.99.1 dev pub6tun1 metric 300" )

# doesn't work like the howto's say. It's broken :P
#depend_6to4() {        
#        need net.eth0  
#}                      
#link_6to4="eth0"       
#RC_NEED_6to4="net.eth0"
#config_6to4=("ip6to4")

Yes Sabayon 5.2 works on linode.

You can install it by unzipping a squashfs image and cleaning out some install cruft. What is better is using it as gentoo and using entropy (equo) to push out your gentoo binaries to other hosts. I recommend gentoo-ers upgrade by using layman -a sabayon, emerge entropy equo entropy-server and seeing it's much better than using Gentoo's binary packages. I have a i7 intel core optomized version of Sabayon for anyone who is interested (perfect for linode hardware).

Not sure whether I should start a new thread on this, but since it's relevant to the discussion, here goes:

I have followed the /etc/network/interfaces example from http://www.linode.com/wiki/index.php/IPv6 - which works all well and good.

However, the tunnel keeps vanishing which is not what I want. As I can't have a native address, that tunnel needs to stay up for ever.

The problem would appear to be some sort of timeout, as far as I can see. If I don't make an inbound IPv6 connection for a short time, I can't ping6/otherwise connect IN. However, if I ping6 OUT (generally to ipv6.he.net,) I can then ping6 IN again.

Didn't know if the TTL line in the example interfaces file had any bearing on it, so I removed it. No difference.

Ideas, anyone?

UPDATE: I have run ifconfig on the interface both whilst it is and is not accepting inbound connections. Entries are identical, barring the data conuters.

here's what I have.

auto 6in4
iface 6in4 inet6 v4tunnel
        endpoint <he ipv4="">local <my ip="">ttl 255
        address <my tunnel="" end="">netmask 64
        mtu 1480
        up ip -6 route add ::/0 dev 6in4 metric 1
        post-up sysctl -w net.ipv6.conf.all.forwarding=1
        up ip -6 addr add <my 64="">::/64 dev eth0</my></my></my></he> 

The forwarding line is likely not needed for what you want it for.

@smiffy:

Not sure whether I should start a new thread on this, but since it's relevant to the discussion, here goes:

I saw your post over at tunnelbroker.net and did forwarding protocol 41 solve the problem?

I set up the firewall rule about an hour ago and disabled the keep-alive cron job - it appears to work.

The resolution is:

iptables -A INPUT -s XXXXXXXX/32 -p ipv6 -j ACCEPT

…where XXXXXXXX is listed as "Server IPv4 address" under "IPv6 Tunnel Endpoints."

Note that this is the SAME rule quoted on the TunnelBroker forum - this is just how iptables-save dumps it out.

Kudos to @jimb for this solution.

@smiffy:

I set up the firewall rule about an hour ago and disabled the keep-alive cron job - it appears to work.

The resolution is:

iptables -A INPUT -s XXXXXXXX/32 -p ipv6 -j ACCEPT

…where XXXXXXXX is listed as "Server IPv4 address" under "IPv6 Tunnel Endpoints."

Note that this is the SAME rule quoted on the TunnelBroker forum - this is just how iptables-save dumps it out.

Kudos to @jimb for this solution.

Good to know! I had something similar to that because I also had to forward protocol 41 in my home router. Now I see the source bit (-s XXXXXXXX), but if you know the exact address of the IPv4 server would you need the slash 32?

The /32 is added automatically by iptables. At least, that's what appears when I set the rule and then did an iptables-save to verify.

Important: setting this rule means that inbound IPv6 is now bypassing your IPv4 firewall. You will need to duplicate your iptables settings with ip6tables, so you will have an IPv6 firewall too.

@smiffy:

… You will need to duplicate your iptables settings with ip6tables, so you will have an IPv6 firewall too.

Yeah, did it! :D

Just a follow up…since rebooting to get the RAM increase the following configuration in /etc/network/interfaces worked on my Ubuntu 10.04 LTS (Lucid Lynx) IPv4/IPv6 node:

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
 address 173.230.xxx.xxx
 netmask 255.255.255.0
 gateway 173.230.xxx.1

iface eth0 inet6 static
 address 2001:470:1f05:ffff::aaaa
 netmask 64

auto eth0:1
iface eth0:1 inet static
 address 192.168.xxx.xxx
 netmask 255.255.128.0

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    endpoint 72.52.xxx.xxx
    local 173.230.xxx.xxx
    address 2001:470:1f04:ffff::2
    gateway 2001:470:1f04:ffff::1
    ttl 255
    netmask 64
    mtu 1480

Thanks to all previous posters for helping me put this configuration together!

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct