-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2019-08-19 at 19:53 +0200, Per Jessen wrote:
Carlos E. R. wrote:
On 19/08/2019 16.15, Per Jessen wrote:
Carlos E. R. wrote:
I do not see in the FAQ instructions to remove the tunnel
I guess it is not a faq ..... :-) The answer is just deconfigure it, much like a network interface.
No idea how to do that.
I suspect something liek this:
ip link set he-ipv6 down ip tunnel del he-ipv6
Ok.
or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup.
Tear down tunnel, rebuild ?
Sure, but I don't know how to do that.
The commands to put it up are like magic incantations to me, they come without explanations or comments.
That is what man pages are for :-) HE are happy to provide you with the connectivity, but they don't need to explain everything else.
Well, that is what FAQs and HOWTOS are for. I expected to find it there, there is nothing. Man pages are for remembering or finding the details of something you already know how to do, not for finding out how to do things from the start. Their page of setup baffles me some: Tunnel ID: 547427 The TunnelID is a unique identifier for your tunnel. Creation Date: Aug 14, 2019 This is the time we have recorded for the creation of your tunnel. It is provided as an informational tool, and cause its fun :) Description: carlos This is a user-defined description for the tunnel. This is purely for display purposes, and has no effect on any configurations. _IPv6 Tunnel Endpoints_ Server IPv4 Address: 216.66.84.42 This is the IPv4 endpoint of your Tunnel Server. Server IPv6 Address: 2001:....:...2:1d3::1/64 This is the IPv6 endpoint of your Tunnel on our Tunnel Server. Client IPv4 Address: 83......... This is the IPv4 address that we are pointing your tunnel to. It should be your publicly facing and accessible address. If you are behind a firewall most likely this is the WAN or INTERNET address. For an alternate method of updating your endpoint, visit this page Client IPv6 Address: 2001:....:...2:1d3::2/64 This is the IPv6 address that identifies your side of the tunnel. It will be what is homed on your endpoint device. We utilize a /64 for this because of RFC 3627. _Routed IPv6 Prefixes_ Routed /64: 2001:....:...3:1d3::/64 <=== it is slightly different, ends in 3, not 2 We automatically assign a /64 to your account and route it to the "Client IPv6 Address" This allows your endpoint device to operate as the router for this netblock and allows you to utilize RA/SLAAC or DHCPv6 to hand out IPs from this allocation to your internal network. If you have more than one network segment you may want to consider requesting a /48 for those additional networks. Routed /48: Assign /48 A /48 is not automatically allocated. You may request one by clicking on the "Assign /48" link. Once allocated it will be routed to the "Client IPv6 Address". This allows your endpoint device to operate as the router for this netblock and allows you to utilize DHCPv6 or RADVD to hand out IP's from this allocation to multiple internal networks. DNS Resolvers Anycast IPv6 Caching Nameserver: 2001:470:20::2 These are recursive caching name servers that you can use through your tunnel either over IPv6 or IPv4. They will also allow you to access Google's websites along with other organizations who have white-listed the servers as part of their IPv6 participation programs. Anycast IPv4 Caching Nameserver: 74.82.42.42 rDNS DelegationsEdit rDNS Delegated NS1: These are the Name Servers we will delegate authority for the "Routed /64" and "Routed /48" above. We DO NOT delegate RDNS for the "Server IPv6 Address" or "Client IPv6 Address" above. rDNS Delegated NS2: rDNS Delegated NS3: rDNS Delegated NS4: rDNS Delegated NS5: And these were the instructions they told me for activating the tunnel on my side: [empty] They have disapeared. Luckly I saved them: modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 216.66.84.42 local 88......... ttl 255 ip link set he-ipv6 up ip addr add 2001:...:...2:1d3::2/64 dev he-ipv6 <=== so this is the "Client IPv6 Addres" ip route add ::/0 dev he-ipv6 ip -f inet6 addr
It does not work.
Show us your route table, please. I did not see you set up a default route for ipv6.
If they did not tell me to do it, then I did not. But in fact I did:
ip route add ::/0 dev he-ipv6
Ah, sorry, I overlooked that.
Isengard:~ # route If 'route' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf route Isengard:~ #
WTF? The command was there in the past.
It has long been deprecated, like netstat and ifconfig et al. Maybe install "net-tools-deprecated" if you want it.
Sigh... I have installed that package several times. It disappears. :-o Isengard:~ # route -6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If localhost/128 [::] U 256 1 0 lo 2001:...:...2:1d3::/64 [::] Un 256 1 0 he-ipv6 fc00::/64 [::] U 256 1 0 eth0 fe80::/64 [::] U 256 1 0 eth0 fe80::/64 [::] Un 256 1 0 he-ipv6 [::]/0 [::] U 1024 5 357 he-ipv6 [::]/0 [::] !n -1 1 2098 lo localhost/128 [::] Un 0 6 253 lo tunnel......-pt.tunnel.tserv10.par1.ipv6.he.net/128 [::] Un 0 6 903 lo fc00::16/128 [::] Un 0 2 0 lo fe80::5335:3863/128 [::] Un 0 2 0 lo fe80::4ecc:6aff:fe61:50a1/128 [::] Un 0 2 0 lo ipv6-mcastprefix/8 [::] U 256 5 67699 eth0 ipv6-mcastprefix/8 [::] U 256 1 0 he-ipv6 [::]/0 [::] !n -1 1 2098 lo Isengard:~ #
Isengard:~ # ip route default via 192.168.1.1 dev eth0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.16
It would be more useful with the output from these two:
ip -6 route show ip route get 2a00:1450:4003:80a::2003
Isengard:~ # ip -6 route show 2001:....:...2:1d3::/64 dev he-ipv6 proto kernel metric 256 pref medium fc00::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium default dev he-ipv6 metric 1024 pref medium Isengard:~ # Isengard:~ # ip route get 2a00:1450:4003:80a::2003 2a00:1450:4003:80a::2003 from :: dev he-ipv6 src 2001:...:...2:1d3::2 metric 1024 pref medium Isengard:~ # That one should say what the route to google would be? New command to me.
Your setup looks like it ought to work, but we don't know if the tunnel is actually working.
I guess not. Isengard:~ # traceroute google.es traceroute to google.es (216.58.211.35), 30 hops max, 60 byte packets 1 router.valinor (192.168.1.1) 0.477 ms 0.570 ms 0.640 ms 2 * * * 3 * * * 4 134.red-81-46-33.customer.static.ccgg.telefonica.net (81.46.33.134) 13.288 ms * 142.red-81-46-33.customer.static.ccgg.telefonica.net (81.46.33.142) 13.448 ms 5 * 97.red-80-58-106.staticip.rima-tde.net (80.58.106.97) 18.265 ms * 6 * * 176.52.253.97 (176.52.253.97) 15.766 ms 7 72.14.211.154 (72.14.211.154) 15.833 ms 14.953 ms 176.52.253.102 (176.52.253.102) 12.725 ms 8 108.170.253.225 (108.170.253.225) 14.085 ms 108.170.253.241 (108.170.253.241) 12.852 ms 108.170.253.225 (108.170.253.225) 13.978 ms 9 74.125.253.200 (74.125.253.200) 14.618 ms 12.819 ms 74.125.253.198 (74.125.253.198) 19.743 ms 10 muc03s14-in-f3.1e100.net (216.58.211.35) 13.413 ms 108.170.234.231 (108.170.234.231) 15.709 ms mad08s05-in-f3.1e100.net (216.58.211.35) 12.851 ms Isengard:~ # traceroute -6 google.es traceroute to google.es (2a00:1450:4003:802::2003), 30 hops max, 80 byte packets 1 tunnel......-pt.tunnel.tserv10.par1.ipv6.he.net (2001:....:...2:1d3::2) 0.059 ms !H 0.022 ms !H 0.020 ms !H Isengard:~ # - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXVw9ihwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVawAAn0dnbXglE82fD5w6Guqb 0/QNtyE/AJ9lxkt0HdXLUu5/Mk+IEJ0ssSfDQw== =y4vb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org