[opensuse] Trying to activate an HE IPv6 tunnel.
Hi, Well, as suggested, I got an account on Hurricane Electric and I got the tunnel data. The next step is how to configure it on my router. I was reading some Spanish instructions from <https://www.redeszone.net/2019/05/05/tutorial-tunnelbroker-router-asus-ipv6/>, which are for an ASUS router. I don't find instructions for my specific router, a Comtrend VG-8050. Basically the instructions are: +++................... * Server IPv4 Address: we must indicate the IP address that appears in Tunnelbroker as "Server IPv4 Address". * Client IPv6 Address: we must indicate the IP address that appears in Tunnelbroker as "Client IPv6 Address", but without the /64 at the end. * IPv6 Prefix Length: we must indicate the /64 that we have in the final part of the IP address. Simply indicate the "64" without the bar. * Server IPv6 Address: we must indicate the IP address that appears in Tunnelbroker as "Server IPv6 Address", but without the /64 at the end, only the IP address without the prefix. * Tunnel MTU: we select the default value of the tunnel which is 1480. * Tunnel TTL: select 255 which is the default value. In the section of "IPv6 LAN Seetings" we must indicate: * LAN Prefix Length: normally in the tunnels that we create is /64, therefore, we should simply indicate "64". In case you ask for a /48, you must use this prefix. * LAN IPv6 Prefix: we must indicate the address that appears in Tunnelbroker as "Routed /64", but without the /64 at the end, and ended with "::" as you can see. (Translated with www.DeepL.com/Translator) ...................++- I don't have any of that :-( What I have is <https://susepaste.org/3886098>: +++................... IP Tunneling -- 6in4 Tunnel Configuration Name WAN WAN Dynamic IPv4 Mask Length 6rd Prefix Border Relay Address Remove [ADD] [Remove] ...................++- I click the ADD button, and I see <https://susepaste.org/9619892>: +++................... IP Tunneling -- 6in4 Tunnel Configuration Currently, only 6rd configuration is supported. Tunnel Name [....................] Mechanism: 6RD (no other choice is available) Associated WAN Interface: 6/ppp0.1 (other choices are: 3/eth0.2, 2/eth0.3, that do not seem appropriate) Associated LAN Interface: LAN/br0 (no other choices) (*) Manual (*) Automatic (does not seem to change anything) IPv4 Mask Length: [....................] 6rd Prefix with Prefix Length: [....................] Border Relay IPv4 Address: [....................] ...................++- I don't know what to do at this point. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-14 05:54 PM, Carlos E. R. wrote:
The next step is how to configure it on my router. I was reading some Spanish instructions from <https://www.redeszone.net/2019/05/05/tutorial-tunnelbroker-router-asus-ipv6/>, which are for an ASUS router. I don't find instructions for my specific router, a Comtrend VG-8050.
Have you looked at this, starting at page 68? I believe he.net uses 6in4 to create the tunnel. https://www.movistar.es/rpmm/estaticos/residencial/fijo/banda-ancha-adsl/man... Since you have DHCP for IPv4, you may also want to read this. https://dns.he.net/docs.html -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 05.31, James Knott wrote:
On 2019-08-14 05:54 PM, Carlos E. R. wrote:
The next step is how to configure it on my router. I was reading some Spanish instructions from <https://www.redeszone.net/2019/05/05/tutorial-tunnelbroker-router-asus-ipv6/>, which are for an ASUS router. I don't find instructions for my specific router, a Comtrend VG-8050.
Have you looked at this, starting at page 68? I believe he.net uses 6in4 to create the tunnel. https://www.movistar.es/rpmm/estaticos/residencial/fijo/banda-ancha-adsl/man...
Yeah, I have it. Doesn't say anything I don't know. The instructions can be summarized as follows: fill field "label" with "label" data. The important part, which is in my post yesterday, is "the mechanism that is using the tunnel. Now, only 6RD is supported.", and HE uses a different one, name unknown to me.
Since you have DHCP for IPv4, you may also want to read this. https://dns.he.net/docs.html
maybe. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
Hi,
Well, as suggested, I got an account on Hurricane Electric and I got the tunnel data.
The next step is how to configure it on my router. [snip]
I don't know what to do at this point.
Ignore the router, afair, this will work from any box behind your router. Instead set up a 6in4 tunnel on any other machine (which will afterwards need to run radvd or dhcpv6). http://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch10s01.html It's been too long since I played with this, I don't remember the exact details, but I think you'll end up with a device 'tunl0', and maybe something like 'he0' for the actual tunnel. Google will no doubt help with the rest. -- Per Jessen, Zürich (17.8°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 08.55, Per Jessen wrote:
Carlos E. R. wrote:
Hi,
Well, as suggested, I got an account on Hurricane Electric and I got the tunnel data.
The next step is how to configure it on my router. [snip]
I don't know what to do at this point.
Ignore the router, afair, this will work from any box behind your router. Instead set up a 6in4 tunnel on any other machine (which will afterwards need to run radvd or dhcpv6).
That's IPv4-in-IPv6 :-) It would be <http://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch09.html>
It's been too long since I played with this, I don't remember the exact details, but I think you'll end up with a device 'tunl0', and maybe something like 'he0' for the actual tunnel. Google will no doubt help with the rest.
If it can be set on any machine, then yes, there is a way. HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose. modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 216.A.B.C local 88.Z.X.Y ttl 255 ip link set he-ipv6 up ip addr add 2001:M:N:O::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr But there is a lot of info missing. How to make that machine a router, for instance, what to do on the firewalls, what to do on the LAN machines, etc. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 15/08/2019 08.55, Per Jessen wrote:
Carlos E. R. wrote:
Hi,
Well, as suggested, I got an account on Hurricane Electric and I got the tunnel data.
The next step is how to configure it on my router. [snip]
I don't know what to do at this point.
Ignore the router, afair, this will work from any box behind your router. Instead set up a 6in4 tunnel on any other machine (which will afterwards need to run radvd or dhcpv6).
That's IPv4-in-IPv6 :-)
It would be <http://tldp.org/HOWTO/Linux+IPv6-HOWTO/ch09.html>
Sorry, cut&pasted too fast ....
It's been too long since I played with this, I don't remember the exact details, but I think you'll end up with a device 'tunl0', and maybe something like 'he0' for the actual tunnel. Google will no doubt help with the rest.
If it can be set on any machine, then yes, there is a way.
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 216.A.B.C local 88.Z.X.Y ttl 255 ip link set he-ipv6 up ip addr add 2001:M:N:O::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr
Apart from the last command, that looks about right. That'll give you a device called 'he-ipv6' with your ipv6 prefix and a default ipv6 route via that.
But there is a lot of info missing. How to make that machine a router,
a) enable IPv6 forwarding - you can do that in YaST or with sysctl. b) start radvd with the prefix given by HE. Add to /etc/radvd.conf, to give every client a default ipv6 route. route ::/0 { };
for instance, what to do on the firewalls, what to do on the LAN machines, etc.
Well, there has to be something for you to do too :-) In short - on the tunnel box, optionally configure ipv6 firewall. On the IPv4 firewall, I guess you might need to permit protocol 41. On the LAN machines - nothing. They will auto-configure. -- Per Jessen, Zürich (19.1°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 12.59, Per Jessen wrote:
Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 216.A.B.C local 88.Z.X.Y ttl 255 ip link set he-ipv6 up ip addr add 2001:M:N:O::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr
Apart from the last command, that looks about right. That'll give you a device called 'he-ipv6' with your ipv6 prefix and a default ipv6 route via that.
What's the issue with the last command?
But there is a lot of info missing. How to make that machine a router,
a) enable IPv6 forwarding - you can do that in YaST or with sysctl.
IPv4 forwarding at least was done on the SuSEfirewal2 setup.
b) start radvd with the prefix given by HE.
Add to /etc/radvd.conf, to give every client a default ipv6 route.
route ::/0 { };
for instance, what to do on the firewalls, what to do on the LAN machines, etc.
Well, there has to be something for you to do too :-)
I suppose... but all that is new to me.
In short - on the tunnel box, optionally configure ipv6 firewall. On the IPv4 firewall, I guess you might need to permit protocol 41.
On the LAN machines - nothing. They will auto-configure.
No, they will not. They are on manual IPv4. You can not set auto IPv6 and manual IPv4. in YaST. One machine (the home server precisely) has a non-used WiFi card which I set on auto. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 15/08/2019 12.59, Per Jessen wrote:
Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 216.A.B.C local 88.Z.X.Y ttl 255 ip link set he-ipv6 up ip addr add 2001:M:N:O::2/64 dev he-ipv6 ip route add ::/0 dev he-ipv6 ip -f inet6 addr
Apart from the last command, that looks about right. That'll give you a device called 'he-ipv6' with your ipv6 prefix and a default ipv6 route via that.
What's the issue with the last command?
I think it's superfluous, I've never used it.
But there is a lot of info missing. How to make that machine a router,
a) enable IPv6 forwarding - you can do that in YaST or with sysctl.
IPv4 forwarding at least was done on the SuSEfirewal2 setup.
YaST has the tickboxes.
In short - on the tunnel box, optionally configure ipv6 firewall. On the IPv4 firewall, I guess you might need to permit protocol 41.
On the LAN machines - nothing. They will auto-configure.
No, they will not. They are on manual IPv4. You can not set auto IPv6 and manual IPv4. in YaST.
That is something else and really unrelated. I said the network devices will auto-configure (SLAAC). You can test it with your radvd setup, just add one of your openSUSE clients to the "clients {};" clause and see it receive an address from your fc00:: range. -- Per Jessen, Zürich (20.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-15 06:00 AM, Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
Yes, it can be inside and it will work automagically. One other advantage of doing it on a computer is that you can use multiple /64s. I don't know if your router will do that. He.net provides either a single /64 or a /48, which is 65536 /64s. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 16.02, James Knott wrote:
On 2019-08-15 06:00 AM, Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
Yes, it can be inside and it will work automagically. One other advantage of doing it on a computer is that you can use multiple /64s. I don't know if your router will do that. He.net provides either a single /64 or a /48, which is 65536 /64s.
I was reading their FAQ, and they filter and block ports: <https://ipv6.he.net/certification/faq.php> +++................. Why can I not connect to IRC? Due to a high and persistent amount of abuse, we've had to filter IRC access by default. If you need IRC access, complete the Sage level of the free IPv6 certification and then please send an email to ipv6@he.net explaining your situation. Approvals will be handled on a case-by-case basis and will usually require completion of the Sage level of the IPv6 certification. I can't send email via IPv6. What's wrong? Due to a high and persistent amount of abuse, we had to filter SMTP (tcp/25) connections by default. If you're not providing email service yourself, you should be able to use port 587 instead to your provider's email server. If you are providing email services over your tunnel and need port 25 opened, please send an email to ipv6@he.net explaining your situation. We will normally require completion of the Sage level of the IPv6 certification prior to removing this filter. NOTE: this filtering does not affect the SMTP-related tests on the IPv6 certification program. .................++- Remember that my provider does not provide port 587, so that means that I will not be able to use IPv6 for mail or IRC. Two services out. I do not see in the FAQ instructions to remove the tunnel or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup. I run their sequence of commands on a machine here: Isengard:~ # ip tunnel add he-ipv6 mode sit remote 216.66.84.42 local 83.a.b.c ttl 255 Isengard:~ # ip link set he-ipv6 up Isengard:~ # ip addr add 2001:x:y:z::2/64 dev he-ipv6 Isengard:~ # ip route add ::/0 dev he-ipv6 Isengard:~ # ip -f inet6 addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000 inet6 fc00::16/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4ecc:6aff:fe61:50a1/64 scope link valid_lft forever preferred_lft forever 5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000 inet6 2001:x:y:z::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::5335:3863/64 scope link valid_lft forever preferred_lft forever Isengard:~ # No errors that I can see. Isengard:~ # ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 4c:cc:6a:61:50:a1 brd ff:ff:ff:ff:ff:ff inet 192.168.1.16/24 brd 192.168.1.255 scope global eth0 valid_lft forever preferred_lft forever inet6 fc00::16/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4ecc:6aff:fe61:50a1/64 scope link valid_lft forever preferred_lft forever 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000 link/ether a0:d3:7a:82:b3:4c brd ff:ff:ff:ff:ff:ff 4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000 link/sit 0.0.0.0 brd 0.0.0.0 5: he-ipv6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000 link/sit 83.a.b.c peer 216.66.84.42 inet6 2001:x:y:z::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::5335:3863/64 scope link valid_lft forever preferred_lft forever Isengard:~ # Then I test it: cer@Isengard:~> host google.es google.es has address 172.217.168.163 google.es has IPv6 address 2a00:1450:4003:80a::2003 google.es mail is handled by 50 alt4.aspmx.l.google.com. google.es mail is handled by 10 aspmx.l.google.com. google.es mail is handled by 30 alt2.aspmx.l.google.com. google.es mail is handled by 20 alt1.aspmx.l.google.com. google.es mail is handled by 40 alt3.aspmx.l.google.com. cer@Isengard:~> ping -6 -c 2 google.es PING google.es(mad07s10-in-x03.1e100.net (2a00:1450:4003:80a::2003)) 56 data bytes From tunnelMyTunelID-pt.tunnel.tserv10.par1.ipv6.he.net (2001:x:y:z::2) icmp_seq=1 Destination unreachable: Address unreachable From tunnelMyTunelID-pt.tunnel.tserv10.par1.ipv6.he.net (2001:x:y:z::2) icmp_seq=2 Destination unreachable: Address unreachable --- google.es ping statistics --- 2 packets transmitted, 0 received, +2 errors, 100% packet loss, time 1016ms cer@Isengard:~> It does not work. cer@Isengard:~> ping -6 -c 2 suse.com ping: suse.com: No address associated with hostname cer@Isengard:~> ping -6 -c 2 suse.de ping: suse.de: No address associated with hostname cer@Isengard:~> And suse does not have IPv6 addresses... weird, it did in the past. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-19 09:56 AM, Carlos E. R. wrote:
Remember that my provider does not provide port 587, so that means that I will not be able to use IPv6 for mail or IRC. Two services out.
Many ISPs block 25. Can you not use port 465? I don't know much about IRC, as I've never used it. However, having IPv6 available doesn't mean you can't use IPv4 for some things.
what to do when my dynamic address changes (it changed yesterday).
Well, I see a couple of things at this link. https://forums.he.net/index.php?topic=1994.0 Also, they have a user forum. Have you tried that? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 19/08/2019 16.10, James Knott wrote:
On 2019-08-19 09:56 AM, Carlos E. R. wrote:
Remember that my provider does not provide port 587, so that means that I will not be able to use IPv6 for mail or IRC. Two services out.
Many ISPs block 25. Can you not use port 465?
I can not use any of the submission ports. Not supported by Telefonica. It is port 25 we use.
I don't know much about IRC, as I've never used it. However, having IPv6 available doesn't mean you can't use IPv4 for some things.
But one of the things I wanted to try was mail.
what to do when my dynamic address changes (it changed yesterday).
Well, I see a couple of things at this link. https://forums.he.net/index.php?topic=1994.0
Also, they have a user forum. Have you tried that?
It is on my to-do list. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-19 10:16 AM, Carlos E. R. wrote:
I can not use any of the submission ports. Not supported by Telefonica. It is port 25 we use.
The more I hear about them, the more I think they're incompetent. Other ISPs have blocked port 25 due to security issues. Not supporting TLS is unbelievable However, if you absolutely must use port 25, then use the hosts file or local DNS to point to their IPv4 address. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 19/08/2019 16.33, James Knott wrote:
On 2019-08-19 10:16 AM, Carlos E. R. wrote:
I can not use any of the submission ports. Not supported by Telefonica. It is port 25 we use.
The more I hear about them, the more I think they're incompetent. Other ISPs have blocked port 25 due to security issues. Not supporting TLS is unbelievable However, if you absolutely must use port 25, then use the hosts file or local DNS to point to their IPv4 address.
TLS is not related to this. It is supported. See my log: <2.6> 2019-08-19 16:29:46 Telcontar postfix 5421 - - 97C39320B46: removed <2.6> 2019-08-19 16:29:47 Telcontar postfix 5158 - - Anonymous TLS connection established to smtp.telefonica.net[86.109.99.70]:25: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits) If HE does not allow me to use port 25 to connect to my ISP, I will not connect my main computer to IPv6. Telefónica is not incompetent, they simply have a different view on this than others. Their policy, AFAIK, is not to block or interfere with their clients usage of the net. So, no blocking of ports whatsoever. And they don't suffer any security issue for this decision. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 19/08/2019 16.33, James Knott wrote:
On 2019-08-19 10:16 AM, Carlos E. R. wrote:
I can not use any of the submission ports. Not supported by Telefonica. It is port 25 we use.
The more I hear about them, the more I think they're incompetent. Other ISPs have blocked port 25 due to security issues. Not supporting TLS is unbelievable However, if you absolutely must use port 25, then use the hosts file or local DNS to point to their IPv4 address.
TLS is not related to this. It is supported. See my log:
<2.6> 2019-08-19 16:29:46 Telcontar postfix 5421 - - 97C39320B46: removed <2.6> 2019-08-19 16:29:47 Telcontar postfix 5158 - - Anonymous TLS connection established to smtp.telefonica.net[86.109.99.70]:25: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)
If HE does not allow me to use port 25 to connect to my ISP, I will not connect my main computer to IPv6.
Carlos, it's an experiment, for fun, but you keep putting up stumbling blocks for yourself. What does it matter if you can't use it send emails over? Btw, your ISP does not seem to use IPv6 - # host smtp.telefonica.net smtp.telefonica.net has address 86.109.99.70 -- Per Jessen, Zürich (20.9°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-19 11:38 AM, Per Jessen wrote:
but you keep putting up stumbling blocks for yourself.
I was thinking the same. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2019-08-19 at 17:38 +0200, Per Jessen wrote:
Carlos E. R. wrote:
On 19/08/2019 16.33, James Knott wrote:
On 2019-08-19 10:16 AM, Carlos E. R. wrote:
I can not use any of the submission ports. Not supported by Telefonica. It is port 25 we use.
The more I hear about them, the more I think they're incompetent. Other ISPs have blocked port 25 due to security issues. Not supporting TLS is unbelievable However, if you absolutely must use port 25, then use the hosts file or local DNS to point to their IPv4 address.
TLS is not related to this. It is supported. See my log:
<2.6> 2019-08-19 16:29:46 Telcontar postfix 5421 - - 97C39320B46: removed <2.6> 2019-08-19 16:29:47 Telcontar postfix 5158 - - Anonymous TLS connection established to smtp.telefonica.net[86.109.99.70]:25: TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)
If HE does not allow me to use port 25 to connect to my ISP, I will not connect my main computer to IPv6.
Carlos, it's an experiment, for fun, but you keep putting up stumbling blocks for yourself. What does it matter if you can't use it send emails over?
It breaks mail in the sole machine which has the tunnel, which is the one that mails to me on my phone to tell me that my home IP has changed. If the machine happens to see IPv6 and prefers it, then mail breaks. On the other hand, mail was one of the things I wanted IPv6 for. For testing how it goes with it. Well, it doesn't, at all.
Btw, your ISP does not seem to use IPv6 -
# host smtp.telefonica.net smtp.telefonica.net has address 86.109.99.70
Oh, that's fortunate. Really, not kidding. :-) One problem solved. - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXVww6xwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfV76AAmwSBO6P72Ufnou96NMQX ePvosD7SAJ9eMbXVA2kEVvC/uLKVb/D+jyhioQ== =3NHP -----END PGP SIGNATURE-----
On 2019-08-20 01:42 PM, Carlos E. R. wrote:
It breaks mail in the sole machine which has the tunnel, which is the one that mails to me on my phone to tell me that my home IP has changed. If the machine happens to see IPv6 and prefers it, then mail breaks.
Given your mail server is IPv4 only, how would that happen? It will only prefer IPv6 if the destination has an IPv6 address. Even if it had an IPv6 address, you could always force IPv4 by adding your mail server IPv4 address to /etc/hosts. Then, an IPv6 address will never be seen, as your computer won't go to an external DNS server for that host name. You could do similar, if you have a local DNS server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/08/2019 19.49, James Knott wrote:
On 2019-08-20 01:42 PM, Carlos E. R. wrote:
It breaks mail in the sole machine which has the tunnel, which is the one that mails to me on my phone to tell me that my home IP has changed. If the machine happens to see IPv6 and prefers it, then mail breaks.
Given your mail server is IPv4 only, how would that happen?
I did not know that till some minutes ago when I read your mail... I assumed that of course they'd have it on IPv6, without looking. But I did look suse, and suse.com doesn't have IPv6 address, which I found curious.
It will only prefer IPv6 if the destination has an IPv6 address. Even if it had an IPv6 address, you could always force IPv4 by adding your mail server IPv4 address to /etc/hosts. Then, an IPv6 address will never be seen, as your computer won't go to an external DNS server for that host name. You could do similar, if you have a local DNS server.
-- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-20 02:43 PM, Carlos E. R. wrote:
But I did look suse, and suse.com doesn't have IPv6 address, which I found curious.
Try opensuse.org. I supect someone didn't update the old DNS record.
host suse.org suse.org has address 130.57.66.19
host opensuse.org opensuse.org has address 130.57.66.19 opensuse.org has IPv6 address 2620:113:80c0:8::19 opensuse.org mail is handled by 42 mx2.suse.de. opensuse.org mail is handled by 42 mx1.suse.de.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 20/08/2019 19.49, James Knott wrote:
On 2019-08-20 01:42 PM, Carlos E. R. wrote:
It breaks mail in the sole machine which has the tunnel, which is the one that mails to me on my phone to tell me that my home IP has changed. If the machine happens to see IPv6 and prefers it, then mail breaks.
Given your mail server is IPv4 only, how would that happen?
I did not know that till some minutes ago when I read your mail... I assumed that of course they'd have it on IPv6, without looking.
But I did look suse, and suse.com doesn't have IPv6 address, which I found curious.
Mailservers are probably some of the last to go IPv6. It's much easier with e.g. webservers. Less risk of screwing something up. -- Per Jessen, Zürich (14.1°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On Monday, 2019-08-19 at 17:38 +0200, Per Jessen wrote:
Carlos E. R. wrote:
Carlos, it's an experiment, for fun, but you keep putting up stumbling blocks for yourself. What does it matter if you can't use it send emails over?
It breaks mail in the sole machine which has the tunnel, which is the one that mails to me on my phone to tell me that my home IP has changed. If the machine happens to see IPv6 and prefers it, then mail breaks.
No, I don't see why it would. If one MX cannot be contacted, the next one will be tried.
On the other hand, mail was one of the things I wanted IPv6 for. For testing how it goes with it. Well, it doesn't, at all.
For the moment your tunnel isn't working, that's all. -- Per Jessen, Zürich (14.5°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-19 10:52 AM, Carlos E. R. wrote:
If HE does not allow me to use port 25 to connect to my ISP, I will not connect my main computer to IPv6.
I just checked smtp.telefonica.net and see they don't even have an IPv6 address. This means the he.net tunnel will have no effect on accessing the smtp server. That connection will be made via IPv4, as always.
host smtp.telefonica.net smtp.telefonica.net has address 86.109.99.70
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-19 11:39 AM, James Knott wrote:
If HE does not allow me to use port 25 to connect to my ISP, I will not connect my main computer to IPv6. I just checked smtp.telefonica.net and see they don't even have an IPv6 address. This means the he.net tunnel will have no effect on accessing
On 2019-08-19 10:52 AM, Carlos E. R. wrote: the smtp server. That connection will be made via IPv4, as always.
host smtp.telefonica.net smtp.telefonica.net has address 86.109.99.70
I also checked 10 different IRC servers. Only 2 supported IPv6. Does the one you use support IPv6? If not, then the he.net filter will not affect you. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2019-08-19 at 11:50 -0400, James Knott wrote:
On 2019-08-19 11:39 AM, James Knott wrote:
If HE does not allow me to use port 25 to connect to my ISP, I will not connect my main computer to IPv6. I just checked smtp.telefonica.net and see they don't even have an IPv6 address. This means the he.net tunnel will have no effect on accessing
On 2019-08-19 10:52 AM, Carlos E. R. wrote: the smtp server. That connection will be made via IPv4, as always.
host smtp.telefonica.net smtp.telefonica.net has address 86.109.99.70
I also checked 10 different IRC servers. Only 2 supported IPv6. Does the one you use support IPv6? If not, then the he.net filter will not affect you.
Oh, I was not thinking of IRC when attempting to try IPv6. It is just that they said they blocked it, which I found curious. - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXVwxZhwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVrJQAnj+fQnzZJAJ5lQ4u6hRN 9wMsNFuaAJ4vYw062cs9l6Yh4uZ7kOsFCVkngg== =ILir -----END PGP SIGNATURE-----
Carlos E. R. wrote:
On 15/08/2019 16.02, James Knott wrote:
On 2019-08-15 06:00 AM, Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
Yes, it can be inside and it will work automagically. One other advantage of doing it on a computer is that you can use multiple /64s. I don't know if your router will do that. He.net provides either a single /64 or a /48, which is 65536 /64s.
I was reading their FAQ, and they filter and block ports:
<https://ipv6.he.net/certification/faq.php>
+++................. Why can I not connect to IRC?
Due to a high and persistent amount of abuse, we've had to filter IRC access by default. If you need IRC access, complete the Sage level of the free IPv6 certification and then please send an email to ipv6@he.net explaining your situation. Approvals will be handled on a case-by-case basis and will usually require completion of the Sage level of the IPv6 certification.
I can't send email via IPv6. What's wrong?
Due to a high and persistent amount of abuse, we had to filter SMTP (tcp/25) connections by default. If you're not providing email service yourself, you should be able to use port 587 instead to your provider's email server. If you are providing email services over your tunnel and need port 25 opened, please send an email to ipv6@he.net explaining your situation. We will normally require completion of the Sage level of the IPv6 certification prior to removing this filter. NOTE: this filtering does not affect the SMTP-related tests on the IPv6 certification program. .................++-
Remember that my provider does not provide port 587, so that means that I will not be able to use IPv6 for mail or IRC. Two services out.
... two thousand remains. It also sounds like you can ask to have those ports enabled, when you have good reason.
I do not see in the FAQ instructions to remove the tunnel
I guess it is not a faq ..... :-) The answer is just deconfigure it, much like a network interface.
or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup.
Tear down tunnel, rebuild ?
It does not work.
Show us your route table, please. I did not see you set up a default route for ipv6.
And suse does not have IPv6 addresses... weird, it did in the past.
# host download.opensuse.org download.opensuse.org has address 195.135.221.134 download.opensuse.org has IPv6 address 2620:113:80c0:8::13 -- Per Jessen, Zürich (22.8°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 19/08/2019 16.15, Per Jessen wrote:
Carlos E. R. wrote:
On 15/08/2019 16.02, James Knott wrote:
On 2019-08-15 06:00 AM, Carlos E. R. wrote:
HE posts also an example configuration, but not knowing what it does I thought it had to be done on the router. If it can be done inside, then I can do it, I suppose.
Yes, it can be inside and it will work automagically. One other advantage of doing it on a computer is that you can use multiple /64s. I don't know if your router will do that. He.net provides either a single /64 or a /48, which is 65536 /64s.
I was reading their FAQ, and they filter and block ports:
<https://ipv6.he.net/certification/faq.php>
+++................. Why can I not connect to IRC?
Due to a high and persistent amount of abuse, we've had to filter IRC access by default. If you need IRC access, complete the Sage level of the free IPv6 certification and then please send an email to ipv6@he.net explaining your situation. Approvals will be handled on a case-by-case basis and will usually require completion of the Sage level of the IPv6 certification.
I can't send email via IPv6. What's wrong?
Due to a high and persistent amount of abuse, we had to filter SMTP (tcp/25) connections by default. If you're not providing email service yourself, you should be able to use port 587 instead to your provider's email server. If you are providing email services over your tunnel and need port 25 opened, please send an email to ipv6@he.net explaining your situation. We will normally require completion of the Sage level of the IPv6 certification prior to removing this filter. NOTE: this filtering does not affect the SMTP-related tests on the IPv6 certification program. .................++-
Remember that my provider does not provide port 587, so that means that I will not be able to use IPv6 for mail or IRC. Two services out.
... two thousand remains. It also sounds like you can ask to have those ports enabled, when you have good reason.
After passing an exam.
I do not see in the FAQ instructions to remove the tunnel
I guess it is not a faq ..... :-) The answer is just deconfigure it, much like a network interface.
No idea how to do that.
or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup.
Tear down tunnel, rebuild ?
Sure, but I don't know how to do that. The commands to put it up are like magic incantations to me, they come without explanations or comments.
It does not work.
Show us your route table, please. I did not see you set up a default route for ipv6.
If they did not tell me to do it, then I did not. But in fact I did: ip route add ::/0 dev he-ipv6 It is in my previous post. No errors. Isengard:~ # route If 'route' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf route Isengard:~ # WTF? The command was there in the past. Isengard:~ # ip route default via 192.168.1.1 dev eth0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.16 Isengard:~ #
And suse does not have IPv6 addresses... weird, it did in the past.
# host download.opensuse.org download.opensuse.org has address 195.135.221.134 download.opensuse.org has IPv6 address 2620:113:80c0:8::13
-- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
Carlos E. R. wrote:
On 19/08/2019 16.15, Per Jessen wrote:
Carlos E. R. wrote:
I do not see in the FAQ instructions to remove the tunnel
I guess it is not a faq ..... :-) The answer is just deconfigure it, much like a network interface.
No idea how to do that.
I suspect something liek this: ip link set he-ipv6 down ip tunnel del he-ipv6
or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup.
Tear down tunnel, rebuild ?
Sure, but I don't know how to do that.
The commands to put it up are like magic incantations to me, they come without explanations or comments.
That is what man pages are for :-) HE are happy to provide you with the connectivity, but they don't need to explain everything else.
It does not work.
Show us your route table, please. I did not see you set up a default route for ipv6.
If they did not tell me to do it, then I did not. But in fact I did:
ip route add ::/0 dev he-ipv6
Ah, sorry, I overlooked that.
Isengard:~ # route If 'route' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf route Isengard:~ #
WTF? The command was there in the past.
It has long been deprecated, like netstat and ifconfig et al. Maybe install "net-tools-deprecated" if you want it.
Isengard:~ # ip route default via 192.168.1.1 dev eth0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.16
It would be more useful with the output from these two: ip -6 route show ip route get 2a00:1450:4003:80a::2003 Your setup looks like it ought to work, but we don't know if the tunnel is actually working. -- Per Jessen, Zürich (19.2°C) http://www.cloudsuisse.com/ - your owncloud, hosted in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2019-08-19 at 19:53 +0200, Per Jessen wrote:
Carlos E. R. wrote:
On 19/08/2019 16.15, Per Jessen wrote:
Carlos E. R. wrote:
I do not see in the FAQ instructions to remove the tunnel
I guess it is not a faq ..... :-) The answer is just deconfigure it, much like a network interface.
No idea how to do that.
I suspect something liek this:
ip link set he-ipv6 down ip tunnel del he-ipv6
Ok.
or what to do when my dynamic address changes (it changed yesterday). They say how to tell them, but not what commands to issue locally on my tunnel setup.
Tear down tunnel, rebuild ?
Sure, but I don't know how to do that.
The commands to put it up are like magic incantations to me, they come without explanations or comments.
That is what man pages are for :-) HE are happy to provide you with the connectivity, but they don't need to explain everything else.
Well, that is what FAQs and HOWTOS are for. I expected to find it there, there is nothing. Man pages are for remembering or finding the details of something you already know how to do, not for finding out how to do things from the start. Their page of setup baffles me some: Tunnel ID: 547427 The TunnelID is a unique identifier for your tunnel. Creation Date: Aug 14, 2019 This is the time we have recorded for the creation of your tunnel. It is provided as an informational tool, and cause its fun :) Description: carlos This is a user-defined description for the tunnel. This is purely for display purposes, and has no effect on any configurations. _IPv6 Tunnel Endpoints_ Server IPv4 Address: 216.66.84.42 This is the IPv4 endpoint of your Tunnel Server. Server IPv6 Address: 2001:....:...2:1d3::1/64 This is the IPv6 endpoint of your Tunnel on our Tunnel Server. Client IPv4 Address: 83......... This is the IPv4 address that we are pointing your tunnel to. It should be your publicly facing and accessible address. If you are behind a firewall most likely this is the WAN or INTERNET address. For an alternate method of updating your endpoint, visit this page Client IPv6 Address: 2001:....:...2:1d3::2/64 This is the IPv6 address that identifies your side of the tunnel. It will be what is homed on your endpoint device. We utilize a /64 for this because of RFC 3627. _Routed IPv6 Prefixes_ Routed /64: 2001:....:...3:1d3::/64 <=== it is slightly different, ends in 3, not 2 We automatically assign a /64 to your account and route it to the "Client IPv6 Address" This allows your endpoint device to operate as the router for this netblock and allows you to utilize RA/SLAAC or DHCPv6 to hand out IPs from this allocation to your internal network. If you have more than one network segment you may want to consider requesting a /48 for those additional networks. Routed /48: Assign /48 A /48 is not automatically allocated. You may request one by clicking on the "Assign /48" link. Once allocated it will be routed to the "Client IPv6 Address". This allows your endpoint device to operate as the router for this netblock and allows you to utilize DHCPv6 or RADVD to hand out IP's from this allocation to multiple internal networks. DNS Resolvers Anycast IPv6 Caching Nameserver: 2001:470:20::2 These are recursive caching name servers that you can use through your tunnel either over IPv6 or IPv4. They will also allow you to access Google's websites along with other organizations who have white-listed the servers as part of their IPv6 participation programs. Anycast IPv4 Caching Nameserver: 74.82.42.42 rDNS DelegationsEdit rDNS Delegated NS1: These are the Name Servers we will delegate authority for the "Routed /64" and "Routed /48" above. We DO NOT delegate RDNS for the "Server IPv6 Address" or "Client IPv6 Address" above. rDNS Delegated NS2: rDNS Delegated NS3: rDNS Delegated NS4: rDNS Delegated NS5: And these were the instructions they told me for activating the tunnel on my side: [empty] They have disapeared. Luckly I saved them: modprobe ipv6 ip tunnel add he-ipv6 mode sit remote 216.66.84.42 local 88......... ttl 255 ip link set he-ipv6 up ip addr add 2001:...:...2:1d3::2/64 dev he-ipv6 <=== so this is the "Client IPv6 Addres" ip route add ::/0 dev he-ipv6 ip -f inet6 addr
It does not work.
Show us your route table, please. I did not see you set up a default route for ipv6.
If they did not tell me to do it, then I did not. But in fact I did:
ip route add ::/0 dev he-ipv6
Ah, sorry, I overlooked that.
Isengard:~ # route If 'route' is not a typo you can use command-not-found to lookup the package that contains it, like this: cnf route Isengard:~ #
WTF? The command was there in the past.
It has long been deprecated, like netstat and ifconfig et al. Maybe install "net-tools-deprecated" if you want it.
Sigh... I have installed that package several times. It disappears. :-o Isengard:~ # route -6 Kernel IPv6 routing table Destination Next Hop Flag Met Ref Use If localhost/128 [::] U 256 1 0 lo 2001:...:...2:1d3::/64 [::] Un 256 1 0 he-ipv6 fc00::/64 [::] U 256 1 0 eth0 fe80::/64 [::] U 256 1 0 eth0 fe80::/64 [::] Un 256 1 0 he-ipv6 [::]/0 [::] U 1024 5 357 he-ipv6 [::]/0 [::] !n -1 1 2098 lo localhost/128 [::] Un 0 6 253 lo tunnel......-pt.tunnel.tserv10.par1.ipv6.he.net/128 [::] Un 0 6 903 lo fc00::16/128 [::] Un 0 2 0 lo fe80::5335:3863/128 [::] Un 0 2 0 lo fe80::4ecc:6aff:fe61:50a1/128 [::] Un 0 2 0 lo ipv6-mcastprefix/8 [::] U 256 5 67699 eth0 ipv6-mcastprefix/8 [::] U 256 1 0 he-ipv6 [::]/0 [::] !n -1 1 2098 lo Isengard:~ #
Isengard:~ # ip route default via 192.168.1.1 dev eth0 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.16
It would be more useful with the output from these two:
ip -6 route show ip route get 2a00:1450:4003:80a::2003
Isengard:~ # ip -6 route show 2001:....:...2:1d3::/64 dev he-ipv6 proto kernel metric 256 pref medium fc00::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium default dev he-ipv6 metric 1024 pref medium Isengard:~ # Isengard:~ # ip route get 2a00:1450:4003:80a::2003 2a00:1450:4003:80a::2003 from :: dev he-ipv6 src 2001:...:...2:1d3::2 metric 1024 pref medium Isengard:~ # That one should say what the route to google would be? New command to me.
Your setup looks like it ought to work, but we don't know if the tunnel is actually working.
I guess not. Isengard:~ # traceroute google.es traceroute to google.es (216.58.211.35), 30 hops max, 60 byte packets 1 router.valinor (192.168.1.1) 0.477 ms 0.570 ms 0.640 ms 2 * * * 3 * * * 4 134.red-81-46-33.customer.static.ccgg.telefonica.net (81.46.33.134) 13.288 ms * 142.red-81-46-33.customer.static.ccgg.telefonica.net (81.46.33.142) 13.448 ms 5 * 97.red-80-58-106.staticip.rima-tde.net (80.58.106.97) 18.265 ms * 6 * * 176.52.253.97 (176.52.253.97) 15.766 ms 7 72.14.211.154 (72.14.211.154) 15.833 ms 14.953 ms 176.52.253.102 (176.52.253.102) 12.725 ms 8 108.170.253.225 (108.170.253.225) 14.085 ms 108.170.253.241 (108.170.253.241) 12.852 ms 108.170.253.225 (108.170.253.225) 13.978 ms 9 74.125.253.200 (74.125.253.200) 14.618 ms 12.819 ms 74.125.253.198 (74.125.253.198) 19.743 ms 10 muc03s14-in-f3.1e100.net (216.58.211.35) 13.413 ms 108.170.234.231 (108.170.234.231) 15.709 ms mad08s05-in-f3.1e100.net (216.58.211.35) 12.851 ms Isengard:~ # traceroute -6 google.es traceroute to google.es (2a00:1450:4003:802::2003), 30 hops max, 80 byte packets 1 tunnel......-pt.tunnel.tserv10.par1.ipv6.he.net (2001:....:...2:1d3::2) 0.059 ms !H 0.022 ms !H 0.020 ms !H Isengard:~ # - -- Cheers, Carlos E. R. (from openSUSE 15.0 x86_64 at Telcontar) -----BEGIN PGP SIGNATURE----- iHoEARECADoWIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXVw9ihwccm9iaW4ubGlz dGFzQHRlbGVmb25pY2EubmV0AAoJELUzGBxtjUfVawAAn0dnbXglE82fD5w6Guqb 0/QNtyE/AJ9lxkt0HdXLUu5/Mk+IEJ0ssSfDQw== =y4vb -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-20 02:35 PM, Carlos E. R. wrote:
Well, that is what FAQs and HOWTOS are for. I expected to find it there, there is nothing.
As I mentioned, there is a user forum. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 20/08/2019 20.40, James Knott wrote:
On 2019-08-20 02:35 PM, Carlos E. R. wrote:
Well, that is what FAQs and HOWTOS are for. I expected to find it there, there is nothing.
As I mentioned, there is a user forum.
I thought that, as you recommended this site, you would have used it before and knew how to do it ;-) -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-20 02:44 PM, Carlos E. R. wrote:
As I mentioned, there is a user forum. I thought that, as you recommended this site, you would have used it before and knew how to do it ;-)
I have never used he.net, as when I was using a tunnel, it was with a different company. Regardless, that doesn't stop me from poking around the site. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
It would be more useful with the output from these two:
ip -6 route show ip route get 2a00:1450:4003:80a::2003
Isengard:~ # ip -6 route show 2001:....:...2:1d3::/64 dev he-ipv6 proto kernel metric 256 pref medium fc00::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium default dev he-ipv6 metric 1024 pref medium
Okay, that looks good.
Isengard:~ # ip route get 2a00:1450:4003:80a::2003 2a00:1450:4003:80a::2003 from :: dev he-ipv6 src 2001:...:...2:1d3::2 metric 1024 pref medium
That looks good too.
That one should say what the route to google would be? New command to me.
Yes, it's very useful in many situations. Routing can be influenced by redirects, you can have multiple tables etc.
Your setup looks like it ought to work, but we don't know if the tunnel is actually working.
I guess not.
I wonder about your tunnel setup - I wonder if maybe you should be using your private adddress instead of 83.x.x.x: ip tunnel add he-ipv6 mode sit remote 216.66.84.42 local 192.168.x.x ttl 255 You could run a tcpdump on he-ipv6 to see if there is any traffic flowing at all. If you have the option, check if your firewall permits protocol 41. Isengard:~ # traceroute -6 google.es
traceroute to google.es (2a00:1450:4003:802::2003), 30 hops max, 80 byte packets 1 tunnel......-pt.tunnel.tserv10.par1.ipv6.he.net (2001:....:...2:1d3::2) 0.059 ms !H 0.022 ms !H 0.020 ms !H
Yeah, it doesn't get very far. -- Per Jessen, Zürich (14.5°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-20 02:47 PM, Per Jessen wrote:
I wonder about your tunnel setup - I wonder if maybe you should be using your private adddress instead of 83.x.x.x:
I believe it has to be a public address. How would they know how to reach a private address? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 2019-08-20 02:47 PM, Per Jessen wrote:
I wonder about your tunnel setup - I wonder if maybe you should be using your private adddress instead of 83.x.x.x:
I believe it has to be a public address. How would they know how to reach a private address?
It will be NAT'ed, all they will see is the WAN address. -- Per Jessen, Zürich (14.2°C) http://www.dns24.ch/ - free dynamic DNS, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2019-08-14 05:54 PM, Carlos E. R. wrote:
Basically the instructions are:
+++................... * Server IPv4 Address: we must indicate the IP address that appears in Tunnelbroker as "Server IPv4 Address". * Client IPv6 Address: we must indicate the IP address that appears in Tunnelbroker as "Client IPv6 Address", but without the /64 at the end. * IPv6 Prefix Length: we must indicate the /64 that we have in the final part of the IP address. Simply indicate the "64" without the bar. * Server IPv6 Address: we must indicate the IP address that appears in Tunnelbroker as "Server IPv6 Address", but without the /64 at the end, only the IP address without the prefix. * Tunnel MTU: we select the default value of the tunnel which is 1480. * Tunnel TTL: select 255 which is the default value.
In the section of "IPv6 LAN Seetings" we must indicate:
* LAN Prefix Length: normally in the tunnels that we create is /64, therefore, we should simply indicate "64". In case you ask for a /48, you must use this prefix. * LAN IPv6 Prefix: we must indicate the address that appears in Tunnelbroker as "Routed /64", but without the /64 at the end, and ended with "::" as you can see.
(Translated with www.DeepL.com/Translator) ...................++-
I don't have any of that :-(
I've just been going through their tunnel configuration and I see the server and client IPv4 & IPv6 addresses, along with the prefixes. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 16.21, James Knott wrote:
On 2019-08-14 05:54 PM, Carlos E. R. wrote:
Basically the instructions are:
+++................... * Server IPv4 Address: we must indicate the IP address that appears in Tunnelbroker as "Server IPv4 Address". * Client IPv6 Address: we must indicate the IP address that appears in Tunnelbroker as "Client IPv6 Address", but without the /64 at the end. * IPv6 Prefix Length: we must indicate the /64 that we have in the final part of the IP address. Simply indicate the "64" without the bar. * Server IPv6 Address: we must indicate the IP address that appears in Tunnelbroker as "Server IPv6 Address", but without the /64 at the end, only the IP address without the prefix. * Tunnel MTU: we select the default value of the tunnel which is 1480. * Tunnel TTL: select 255 which is the default value.
In the section of "IPv6 LAN Seetings" we must indicate:
* LAN Prefix Length: normally in the tunnels that we create is /64, therefore, we should simply indicate "64". In case you ask for a /48, you must use this prefix. * LAN IPv6 Prefix: we must indicate the address that appears in Tunnelbroker as "Routed /64", but without the /64 at the end, and ended with "::" as you can see.
(Translated with www.DeepL.com/Translator) ...................++-
I don't have any of that :-(
I've just been going through their tunnel configuration and I see the server and client IPv4 & IPv6 addresses, along with the prefixes.
Sure. But the entries in my router 6in4 configuration are different. Can't be applied. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-15 11:27 AM, Carlos E. R. wrote:
I've just been going through their tunnel configuration and I see the server and client IPv4 & IPv6 addresses, along with the prefixes. Sure. But the entries in my router 6in4 configuration are different. Can't be applied.
Then run it on a computer on your LAN, as someone else suggested. Or you could create your own firewall with pfSense, as I use. There are many who use it with he.net tunnels. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 17.36, James Knott wrote:
On 2019-08-15 11:27 AM, Carlos E. R. wrote:
I've just been going through their tunnel configuration and I see the server and client IPv4 & IPv6 addresses, along with the prefixes. Sure. But the entries in my router 6in4 configuration are different. Can't be applied.
Then run it on a computer on your LAN, as someone else suggested. Or you could create your own firewall with pfSense, as I use. There are many who use it with he.net tunnels.
No, the router can not be replaced. I can not run pfsense. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-15 11:41 AM, Carlos E.R. wrote:
Then run it on a computer on your LAN, as someone else suggested. Or you could create your own firewall with pfSense, as I use. There are many who use it with he.net tunnels. No, the router can not be replaced. I can not run pfsense.
Then run it on a computer on the LAN. That computer will advertise itself as the default route. I believe someone else provided info on that. Prior to pfSense, I used to use a tunnel from another company with my firewall/router built with openSUSE. However, it's configuration was different, in that they provided the source code for their client, which I had to compile. About the only setting I had to do was select which server I wanted to connect to. It worked well and the only reason I switched was opemSUSE couldn't handle DHCPv6-PD, which was required to connect to my ISP. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 17.47, James Knott wrote:
On 2019-08-15 11:41 AM, Carlos E.R. wrote:
Then run it on a computer on your LAN, as someone else suggested. Or you could create your own firewall with pfSense, as I use. There are many who use it with he.net tunnels. No, the router can not be replaced. I can not run pfsense.
Then run it on a computer on the LAN. That computer will advertise itself as the default route. I believe someone else provided info on that.
Me and Per :-) But I still need things. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
On 2019-08-15 11:56 AM, Carlos E. R. wrote:
But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 18.01, James Knott wrote:
On 2019-08-15 11:56 AM, Carlos E. R. wrote:
But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority. Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:32]:
On 15/08/2019 18.01, James Knott wrote:
On 2019-08-15 11:56 AM, Carlos E. R. wrote:
But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority.
Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press.
zypper -v up -y -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 19.36, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:32]:
On 15/08/2019 18.01, James Knott wrote:
On 2019-08-15 11:56 AM, Carlos E. R. wrote:
But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority.
Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press.
zypper -v up -y
Nope. They were all downgrades. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:43]:
On 15/08/2019 19.36, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:32]:
On 15/08/2019 18.01, James Knott wrote:
On 2019-08-15 11:56 AM, Carlos E. R. wrote:
But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority.
Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press.
zypper -v up -y
Nope. They were all downgrades.
sorry, does not equate. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 20.03, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:43]:
On 15/08/2019 19.36, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:32]:
On 15/08/2019 18.01, James Knott wrote:
On 2019-08-15 11:56 AM, Carlos E. R. wrote:
But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority.
Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press.
zypper -v up -y
Nope. They were all downgrades.
sorry, does not equate.
zypper up doesn't do package downgrades. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 14:17]:
On 15/08/2019 20.03, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:43]:
On 15/08/2019 19.36, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:32]:
On 15/08/2019 18.01, James Knott wrote:
On 2019-08-15 11:56 AM, Carlos E. R. wrote: > But I still need things.
Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority.
Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press.
zypper -v up -y
Nope. They were all downgrades.
sorry, does not equate.
zypper up doesn't do package downgrades.
but you said you wanted to do upgrades, not downgrades. you got what you requested. if you failed to properly state your request, ???? -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 20.19, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 14:17]:
On 15/08/2019 20.03, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:43]:
On 15/08/2019 19.36, Patrick Shanahan wrote:
* Carlos E. R. <> [08-15-19 13:32]:
On 15/08/2019 18.01, James Knott wrote: > On 2019-08-15 11:56 AM, Carlos E. R. wrote: >> But I still need things. > > Such as? All the addresses, other than your IPv4, are provided by he.net.
I need to know things, to concoct my howto. How to enable, how to disable, howto route, how to dish addresses ... And it is not a priority.
Right now I have been busy clicking on yast for an hour. Seemed like an hour... there is no update unconditionally key press.
zypper -v up -y
Nope. They were all downgrades.
sorry, does not equate.
zypper up doesn't do package downgrades.
but you said you wanted to do upgrades, not downgrades. you got what you requested. if you failed to properly state your request, ????
I did not say I was doing upgrades. I was using Yast, updating. The actual name of the menu entry is "update unconditionally". And in this case, they were downgrades, in red, because I had removed a repo and was reverting what was installed from it. YaST did exactly what I wanted. If you have an issue with calling them updates, take it with YaST devs. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 15:11]:
On 15/08/2019 20.19, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 14:17]:
On 15/08/2019 20.03, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:43]:
On 15/08/2019 19.36, Patrick Shanahan wrote:
* Carlos E. R. <> [08-15-19 13:32]: > On 15/08/2019 18.01, James Knott wrote: >> On 2019-08-15 11:56 AM, Carlos E. R. wrote: >>> But I still need things. >> >> Such as? All the addresses, other than your IPv4, are provided by he.net. > > I need to know things, to concoct my howto. How to enable, how to > disable, howto route, how to dish addresses ... And it is not a priority. > > Right now I have been busy clicking on yast for an hour. Seemed like an > hour... there is no update unconditionally key press.
zypper -v up -y
Nope. They were all downgrades.
sorry, does not equate.
zypper up doesn't do package downgrades.
but you said you wanted to do upgrades, not downgrades. you got what you requested. if you failed to properly state your request, ????
I did not say I was doing upgrades. I was using Yast, updating. The actual name of the menu entry is "update unconditionally". And in this case, they were downgrades, in red, because I had removed a repo and was reverting what was installed from it.
YaST did exactly what I wanted.
then why post the question/comment ???
If you have an issue with calling them updates, take it with YaST devs.
<quote> "there is no update unconditionally key press" </quote> I do not have an issue, *you* posed the question. if you are satisfied, drop the thread. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/08/2019 23.09, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 15:11]:
On 15/08/2019 20.19, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 14:17]:
On 15/08/2019 20.03, Patrick Shanahan wrote:
* Carlos E. R. <robin.listas@telefonica.net> [08-15-19 13:43]:
On 15/08/2019 19.36, Patrick Shanahan wrote: > * Carlos E. R. <> [08-15-19 13:32]: >> On 15/08/2019 18.01, James Knott wrote: >>> On 2019-08-15 11:56 AM, Carlos E. R. wrote: >>>> But I still need things. >>> >>> Such as? All the addresses, other than your IPv4, are provided by he.net. >> >> I need to know things, to concoct my howto. How to enable, how to >> disable, howto route, how to dish addresses ... And it is not a priority. >> >> Right now I have been busy clicking on yast for an hour. Seemed like an >> hour... there is no update unconditionally key press. > > zypper -v up -y
Nope. They were all downgrades.
sorry, does not equate.
zypper up doesn't do package downgrades.
but you said you wanted to do upgrades, not downgrades. you got what you requested. if you failed to properly state your request, ????
I did not say I was doing upgrades. I was using Yast, updating. The actual name of the menu entry is "update unconditionally". And in this case, they were downgrades, in red, because I had removed a repo and was reverting what was installed from it.
YaST did exactly what I wanted.
then why post the question/comment ???
It was an aside comment, not worth what you have turned it into. I was not asking anything.
If you have an issue with calling them updates, take it with YaST devs.
<quote> "there is no update unconditionally key press" </quote>
which is correct. It is a menu entry, no hot key for it. I had to do the menu click by mouse a hundred or two times.
I do not have an issue, *you* posed the question. if you are satisfied, drop the thread.
You drop it. -- Cheers / Saludos, Carlos E. R. (from 15.0 x86_64 at Telcontar)
participants (5)
-
Carlos E. R. -
Carlos E.R. -
James Knott -
Patrick Shanahan -
Per Jessen