On 15/08/2019 16.02, James Knott wrote:
On 2019-08-15 06:00 AM, Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
Yes, it can be inside and it will work automagically. One other advantage of doing it on a computer is that you can use multiple /64s. I don't know if your router will do that. He.net provides either a single /64 or a /48, which is 65536 /64s.
I was reading their FAQ, and they filter and block ports: <https://ipv6.he.net/certification/faq.php> +++................. Why can I not connect to IRC? Due to a high and persistent amount of abuse, we've had to filter IRC access by default. If you need IRC access, complete the Sage level of the free IPv6 certification and then please send an email to ipv6@he.net explaining your situation. Approvals will be handled on a case-by-case basis and will usually require completion of the Sage level of the IPv6 certification. I can't send email via IPv6. What's wrong? Due to a high and persistent amount of abuse, we had to filter SMTP (tcp/25) connections by default. If you're not providing email service yourself, you should be able to use port 587 instead to your provider's email server. If you are providing email services over your tunnel and need port 25 opened, please send an email to ipv6@he.net explaining your situation. We will normally require completion of the Sage level of the IPv6 certification prior to removing this filter. NOTE: this filtering does not affect the SMTP-related tests on the IPv6 certification program. .................++- Remember that my provider does not provide port 587, so that means that I will not be able to use IPv6 for mail or IRC. Two services out. I do not see in the FAQ instructions to remove the tunnel or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup. I run their sequence of commands on a machine here: Isengard:~ # ip tunnel add he-ipv6 mode sit remote 216.66.84.42 local 83.a.b.c ttl 255 Isengard:~ # ip link set he-ipv6 up Isengard:~ # ip addr add 2001:x:y:z::2/64 dev he-ipv6 Isengard:~ # ip route add ::/0 dev he-ipv6 Isengard:~ # ip -f inet6 addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000 inet6 fc00::16/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4ecc:6aff:fe61:50a1/64 scope link valid_lft forever preferred_lft forever 5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000 inet6 2001:x:y:z::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::5335:3863/64 scope link valid_lft forever preferred_lft forever Isengard:~ # No errors that I can see. Isengard:~ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 4c:cc:6a:61:50:a1 brd ff:ff:ff:ff:ff:ff inet 192.168.1.16/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fc00::16/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4ecc:6aff:fe61:50a1/64 scope link valid_lft forever preferred_lft forever 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether a0:d3:7a:82:b3:4c brd ff:ff:ff:ff:ff:ff 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000 link/sit 83.a.b.c peer 216.66.84.42 inet6 2001:x:y:z::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::5335:3863/64 scope link valid_lft forever preferred_lft forever Isengard:~ # Then I test it: cer@Isengard:~> host google.es google.es has address 172.217.168.163 google.es has IPv6 address 2a00:1450:4003:80a::2003 google.es mail is handled by 50 alt4.aspmx.l.google.com. google.es mail is handled by 10 aspmx.l.google.com. google.es mail is handled by 30 alt2.aspmx.l.google.com. google.es mail is handled by 20 alt1.aspmx.l.google.com. google.es mail is handled by 40 alt3.aspmx.l.google.com. cer@Isengard:~> ping -6 -c 2 google.es PING google.es(mad07s10-in-x03.1e100.net (2a00:1450:4003:80a::2003)) 56 data bytes From tunnelMyTunelID-pt.tunnel.tserv10.par1.ipv6.he.net (2001:x:y:z::2) icmp_seq=1 Destination unreachable: Address unreachable From tunnelMyTunelID-pt.tunnel.tserv10.par1.ipv6.he.net (2001:x:y:z::2) icmp_seq=2 Destination unreachable: Address unreachable --- google.es ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1016ms cer@Isengard:~> It does not work. cer@Isengard:~> ping -6 -c 2 suse.com ping: suse.com: No address associated with hostname cer@Isengard:~> ping -6 -c 2 suse.de ping: suse.de: No address associated with hostname cer@Isengard:~> And suse does not have IPv6 addresses... weird, it did in the past. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)