6to4 tunnel on tg582n

30FTTC06 · ‎18-02-2013

Hi all,
What considerations do I need to make to get a 6to4 tunnel to work through my tg582n, the tutorial said that icmp pings need to be enabled, done that.
I've set the tunnel up against my ip per the instructions on https://tunnelbroker.net/ and used this tutorial http://www.raspberrypi.org/forums/viewtopic.php?f=36&t=88054 my mac seems to gain an ip address from the raspberry but no sign of a live connection on the raspberry or my macbook.
Any pointers greatly appreciated

adamwalker · ‎27-04-2007

Hi there,
Might not be much specific we can advise you re what you're trying to do here but I've asked our products team in case there is and will let you know if we're able to advise anything.

If this post resolved your issue please click the 'This fixed my problem' button

Adam Walker
Plusnet Help Team

MrToast · ‎31-07-2007

I don't know if you would be interested in a different approach to run the tunnel to the TG582n. Have you seen this http://community.plus.net/forum/index.php/topic,106578.0.html

adamwalker · ‎27-04-2007

Cheers MrToast,
@11110_110 That page should be all the info we'd be able to give you re this. Hope you get that sorted.

If this post resolved your issue please click the 'This fixed my problem' button

Adam Walker
Plusnet Help Team

30FTTC06 · ‎18-02-2013

Thanks for your comments guys. @Mrtoast, yes i've looked at that thread but i'm running 8cm0 which is heavily config'd and running very stable. I think the question I should be asking is, will/should the tg582n allow an ipv6 tunnel to work with 8cm0 or not. So if i create a tunnel then pump the address into my mac will/should the tunnel work ?

MrToast · ‎31-07-2007

Quote from: 11110_110
should the tg582n allow an ipv6 tunnel to work with 8cm0 or not. So if i create a tunnel then pump the address into my mac will/should the tunnel work ?

I have the TG582n with the current standard Plusnet issue v8.4.4.j.
Just for fun I've created a tunnel at tunnelbroker.net and applied their config to a Win7 machine. Works a treat.

30FTTC06 · ‎18-02-2013

I'm afraid i've still not got either my mac or the raspberry pi project above to work as of yet with my setup, thanks for taking the time to look at this problem MrToast. I'll give it another shot tomorrow from a fresh install of raspbian and maybe a windows machine this time.

30FTTC06 · ‎18-02-2013

Still not working after resetting everything.
Plusnet, Does your supplied TG582n Router with "8CM0" pass protocol 41, Very simple question.

RPMozley · ‎04-11-2011

To be a bit pedantic, a HE tunnel is 6in4 rather than the 6to4 you've referred to in the topic title. (Different technologies)
Traffic should pass through as long as the connection was established from you, unsolicited packets might be dropped though. You might need to poke a hole through the firewall to get things working fully. (CLI commands required)

That's RPM to you!!

30FTTC06 · ‎18-02-2013

Yes i'm learning as I go re the topic, I've used a dmz which doesn't work. Plenty of people out there with thoughts much the same as yours, but just lacking the goods! Please feel free to share your thoughts if you wish to help by all means. If it worked i wouldn't be asking.
FYI no packets pass through the router what so ever. It is a simple question, does the router pass proto 41 or not ?
Regards Gary

RPMozley · ‎04-11-2011

Well, I can't answer your question on proto 41 (that would need to be asked indirectly to technicolor for the older firmware) but seeing as it won't work even in DMZ, that kind of suggests the set up config isn't quite right.
First thing to try is take the Pi out of the equation and set up the tunnel directly on the Mac (the tunnel broker example setup should suffice for the time being). If you can get that functioning ok then you'll have to look more closely at the Pi configuration.

That's RPM to you!!

MrToast · ‎31-07-2007

Quote from: 11110_110
i'm running 8cm0 which is heavily config'd and running very stable.

I don't know what config you have that you want to retain.... but an option would be to upgrade to the later firmware [8.4.4.j] which from my experiment does seem to pass protocol 41
So far as answering your direct question re protocol 41 on your current firmware you could raise a ticket to PN who supplied the router asking that very question. It doesn't look like anyone here knows the answer.

30FTTC06 · ‎18-02-2013

You know sometimes you tend to have those days when trying something new for the first and you cant see the wood for the trees!
well i guess it was one of those times, and seeing as I'm man enough to own up to it, my problem was a very simple one.

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:470:247:eee::2
        netmask 64
        endpoint 216.66.80.26
        local 146.82.47.62
        ttl 255
        gateway 2001:470:247:eee::1

Seeing as I'm on a Lan, I'll let you decide what i might of missed. Proto 41 seems all good to me MrToast, thanks again for your input

Now i just need to look at the firewall on the other box as it seems to be blocking ipv6-dns for some reason or other.
http://ipv6-test.com/speedtest/

RPMozley · ‎04-11-2011

Ah, the local / global address mix up. Easily done with a long list of commands and a bit of a learning curve to get over.
Glad you got it working.

Not sure why IPv6 DNS is being blocked, it should be pretty much the same as IPv4 just an aaaa record, unless it's not accessing the IPv6 address of the DNS server?

That's RPM to you!!

30FTTC06 · ‎18-02-2013

Some address were fine like ping6 ipv6.google.com worked, ping6 ipv6.bbc.co.uk didn't not sure if that was a uk thing.
open-dns didn't seem to resolve on it's own, or not as I expected it to anyway, website tests seem hit-n-miss through the project above.
The same tests on a none firewalled box with just a normal tunnel were fine. So something isn't quite right with the project overall somewhere.
OpenDns ipv6 ip's
2620:0:ccc::2
2620:0:ccd::2

Copy of the firewall rules.


#!/bin/sh## Test your ipv6 firewall rule set using:# http://ipv6.chappell-family.com/ipv6tcptest/index.php# Thank you Tim for providing this test tool.## Ver. 2.0 (RHO and Logging, speciall ICMP Blocking)# 29.12.2012## DefinitionsIP6TABLES='/sbin/ip6tables'# change LAN and IPv6 WAN interface name according your requirementsWAN_IF='he-ipv6'LAN_IF='eth0'SUBNETPREFIX='2001:470:aa7e::/48'# First Flush and delete all:$IP6TABLES -F INPUT$IP6TABLES -F OUTPUT$IP6TABLES -F FORWARD$IP6TABLES -F$IP6TABLES -X# DROP all incomming traffic$IP6TABLES -P INPUT DROP$IP6TABLES -P OUTPUT DROP$IP6TABLES -P FORWARD DROP# Filter all packets that have RH0 headers:$IP6TABLES -A INPUT -m rt --rt-type 0 -j DROP$IP6TABLES -A FORWARD -m rt --rt-type 0 -j DROP$IP6TABLES -A OUTPUT -m rt --rt-type 0 -j DROP# Allow anything on the local link$IP6TABLES -A INPUT  -i lo -j ACCEPT$IP6TABLES -A OUTPUT -o lo -j ACCEPT# Allow anything out on the internet$IP6TABLES -A OUTPUT -o $WAN_IF -j ACCEPT# Allow established, related packets back in$IP6TABLES -A INPUT  -i $WAN_IF -m state --state ESTABLISHED,RELATED -j ACCEPT# Allow the localnet access us:$IP6TABLES -A INPUT    -i $LAN_IF  -j ACCEPT$IP6TABLES -A OUTPUT   -o $LAN_IF   -j ACCEPT# Allow Link-Local addresses$IP6TABLES -A INPUT -s fe80::/10 -j ACCEPT$IP6TABLES -A OUTPUT -s fe80::/10 -j ACCEPT# Allow multicast$IP6TABLES -A INPUT -d ff00::/8 -j ACCEPT$IP6TABLES -A OUTPUT -d ff00::/8 -j ACCEPT# Paranoia setting on ipv6 interface$IP6TABLES -I INPUT -i $WAN_IF -p tcp --syn -j DROP$IP6TABLES -I FORWARD -i $WAN_IF -p tcp --syn -j DROP$IP6TABLES -I INPUT -i $WAN_IF -p udp  -j DROP$IP6TABLES -I FORWARD -i $WAN_IF -p udp  -j DROP# Allow forwarding on ipv6 interface$IP6TABLES -A FORWARD -m state --state NEW -i $LAN_IF -o $WAN_IF -s $SUBNETPREFIX -j ACCEPT$IP6TABLES -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT# Allow dedicated  ICMPv6 packettypes, do this in an extra chain because we need it everywhere$IP6TABLES -N AllowICMPs# Destination unreachable$IP6TABLES -A AllowICMPs -p icmpv6 --icmpv6-type 1 -j ACCEPT# Packet too big$IP6TABLES -A AllowICMPs -p icmpv6 --icmpv6-type 2 -j ACCEPT# Time exceeded$IP6TABLES -A AllowICMPs -p icmpv6 --icmpv6-type 3 -j ACCEPT# Parameter problem$IP6TABLES -A AllowICMPs -p icmpv6 --icmpv6-type 4 -j ACCEPT# Echo Request (protect against flood)$IP6TABLES -A AllowICMPs -p icmpv6 --icmpv6-type 128 -m limit --limit 5/sec --limit-burst 10 -j ACCEPT# Echo Reply$IP6TABLES -A AllowICMPs -p icmpv6 --icmpv6-type 129 -j ACCEPT## Allow ICMPs$IP6TABLES -A INPUT -p icmpv6 -j AllowICMPs$IP6TABLES -A FORWARD -p icmpv6 -j AllowICMPs$IP6TABLES -A OUTPUT -p icmpv6 -j AllowICMPs

I'm quite impressed with the project out of the box, but it needs somebody to try it out and compare results really to see how it performs.

6to4 tunnel on tg582n

6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n

Re: 6to4 tunnel on tg582n