New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Tutorial for IPv6 Tunneling through HE via OpenVZ and more!
eddynetweb
Member
in Tutorials
Okay, so I have made this tutorial on how to tunnel through Hurricane Electric's Tunnel Broker service, through both KVM, and OpenVZ. Take a look.
http://eddynetweb.co/tutorials/how-to-tunnel-through-hurricane-electric.html
I'm also working on some other ones, so those should be out soon.
http://eddynetweb.co/tutorials
Tell me what you think!
Comments
Anything? Come on, don't leave me hanging guys!
Very sexy, does HE allow reverse DNS to be set?
Thanks for the feedback.
And yes they do, through there free DNS service, (dns.he.net) and I will be working on a tutorial for allocating more IP's on a subnet.
EDIT: KVM and OpenVZ work good for me!
That's swell, glad to see that it worked for others. :-)
Awesome! Now i can access ipv6 internet with ColoCrossing
Nice copy & paste, on the OVZ part at least:
http://www.cybermilitia.net/2013/07/22/ipv6-tunnel-on-openvz/
@eddynetweb What os's does it work on?
I got the information of this article, really just making it easier to intemperate. I didn't notice that. o-o
https://gist.github.com/Liamraystanley/9458454
i'll add it to the sources list.
Ubuntu, Debian, it should work on CentOS (not tested)... um... pretty much any Unix-based operating system that supports messing around with the network settings and TUN/TAP.
Don't configure a routed subnet (layer 3) on your interface (layer 2). so this line is wrong:
I like to use
ifup
/ifdown
for my tunnel in OpenVZ instead ofservice
so I use in /etc/rc.local:sixxs0 and sixxs1 are the same tunnels. Preferred way is to enable sit device in openvz container (should be done by support. check with
ip tu
). In this example sixxs1 is started at bootup.Also no need to compile anyting on OVZ, tb-tun comes already with a binary.
yes, but not 64 bit ;-)
Thank you, this is what I was looking for, mistakes. Much appreciated. :-)
Using this without the routed subnet also.
Using a modified /etc/init.d/ipv6tb which can also create ipv6 6to4 addresses.
I'd love a tutorial on openvz + tun + HE.net + STRONGSWAN..
Does IPsec work? https://openvz.org/IPsec
@agentsmith I got so far as to login to the VPN with a .p12 imported thingie, but then dunno how to figure out the routes since I have two tun interfaces, one for the tb_tun and the other one created by strongswan thanks to the added modules I compiled with the strongswan sources
I've never seen strongswan creating tun devices or routes. Instead it uses xfrm policies
ip x p s
. You can check packets with tcpdump or iptables LOG / TRACE targetmaybe you can give this one way a try so could catch up with me and help me finally solve it?
wheezy (strongswan 5.1.3-2~bpo70+1 is compiled from wheezy backports with the added two modules)..
@agentsmith check this out:
00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-042stab085.17, x86_64)
00[LIB] plugin 'test-vectors': loaded successfully
00[LIB] plugin 'curl': loaded successfully
00[LIB] plugin 'ldap': loaded successfully
00[LIB] plugin 'pkcs11': loaded successfully
00[LIB] plugin 'aes': loaded successfully
00[LIB] plugin 'rc2': loaded successfully
00[LIB] plugin 'sha1': loaded successfully
00[LIB] plugin 'sha2': loaded successfully
00[LIB] plugin 'md5': loaded successfully
00[LIB] plugin 'random': loaded successfully
00[LIB] plugin 'nonce': loaded successfully
00[LIB] plugin 'x509': loaded successfully
00[LIB] plugin 'revocation': loaded successfully
00[LIB] plugin 'constraints': loaded successfully
00[LIB] plugin 'pubkey': loaded successfully
00[LIB] plugin 'pkcs1': loaded successfully
00[LIB] plugin 'pkcs7': loaded successfully
00[LIB] plugin 'pkcs8': loaded successfully
00[LIB] plugin 'pkcs12': loaded successfully
00[LIB] plugin 'pgp': loaded successfully
00[LIB] plugin 'dnskey': loaded successfully
00[LIB] plugin 'sshkey': loaded successfully
00[LIB] plugin 'pem': loaded successfully
00[LIB] plugin 'gcrypt': loaded successfully
00[LIB] plugin 'fips-prf': loaded successfully
00[LIB] plugin 'gmp': loaded successfully
00[LIB] plugin 'xcbc': loaded successfully
00[LIB] plugin 'cmac': loaded successfully
00[LIB] plugin 'hmac': loaded successfully
00[LIB] plugin 'ctr': loaded successfully
00[LIB] plugin 'ccm': loaded successfully
00[LIB] plugin 'attr': loaded successfully
00[LIB] created TUN device: ipsec0 <---
00[LIB] plugin 'kernel-libipsec': loaded successfully <--
00[LIB] plugin 'kernel-netlink': loaded successfully <--
00[LIB] plugin 'resolve': loaded successfully
00[LIB] plugin 'socket-default': loaded successfully
00[LIB] plugin 'stroke': loaded successfully
00[KNL] detected Linux 2.6.32, no support for RTA_PREFSRC for IPv6 routes
@gattytto
So at least the ipv4 stuft should work now. What is happening when you connect with a client?
well that's the thing @agentsmith , I assign ipv6 address to the ipv4 connected client and then I can just see in windows 7 client when double click the connection, I get the ip but nothin can be done from there, I don't see the packets whatever I log with iptables/ip6tables ..
@gattytto so if you ping from win7 to strongswan packets don't leave win7 or don't arrive at strongswan?
they arrive strongswan but then no route is effective
Doesn't work on my kvm server. When i make as it says my ipv4 network stops working..
It does? Unless you edited the other settings in /etc/network/interfaces, then you shouldn't be getting that error... Try rebooting the server then preforming ifup he-ipv6.