Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Tutorial for IPv6 Tunneling through HE via OpenVZ and more!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Tutorial for IPv6 Tunneling through HE via OpenVZ and more!

Okay, so I have made this tutorial on how to tunnel through Hurricane Electric's Tunnel Broker service, through both KVM, and OpenVZ. Take a look.

http://eddynetweb.co/tutorials/how-to-tunnel-through-hurricane-electric.html

I'm also working on some other ones, so those should be out soon.

http://eddynetweb.co/tutorials

Tell me what you think!

Comments

  • Anything? Come on, don't leave me hanging guys! :o

  • Very sexy, does HE allow reverse DNS to be set?

  • @linuxthefish said:
    Very sexy, does HE allow reverse DNS to be set?

    Thanks for the feedback.

    And yes they do, through there free DNS service, (dns.he.net) and I will be working on a tutorial for allocating more IP's on a subnet.

  • linuxthefishlinuxthefish Member
    edited May 2014

    EDIT: KVM and OpenVZ work good for me!

  • @linuxthefish said:
    EDIT: KVM and OpenVZ work good for me!

    That's swell, glad to see that it worked for others. :-)

  • edited May 2014

    Awesome! Now i can access ipv6 internet with ColoCrossing :)

    Thanked by 1eddynetweb
  • NyrNyr Community Contributor, Veteran

    Nice copy & paste, on the OVZ part at least:
    http://www.cybermilitia.net/2013/07/22/ipv6-tunnel-on-openvz/

  • edited May 2014

    @eddynetweb What os's does it work on?

  • eddynetwebeddynetweb Member
    edited May 2014

    @Nyr said:
    Nice copy & paste, on the OVZ part at least:
    http://www.cybermilitia.net/2013/07/22/ipv6-tunnel-on-openvz/

    I got the information of this article, really just making it easier to intemperate. I didn't notice that. o-o

    https://gist.github.com/Liamraystanley/9458454

    i'll add it to the sources list.

  • eddynetwebeddynetweb Member
    edited May 2014

    @XxNisseGamerxX said:
    eddynetweb What os's does it work on?

    Ubuntu, Debian, it should work on CentOS (not tested)... um... pretty much any Unix-based operating system that supports messing around with the network settings and TUN/TAP.

  • Don't configure a routed subnet (layer 3) on your interface (layer 2). so this line is wrong:

      ifconfig tb inet6 add [Routed /64]::1/64 #This is where you add individual IP addresses from your allocation pools
    

    I like to use ifup / ifdown for my tunnel in OpenVZ instead of service so I use in /etc/rc.local:

    EXTIP=$(/sbin/ifconfig venet0:0 |sed -rn 's/.*inet addr:(.*)  P-t-P.*/\1/p')
    cat >> /etc/network/interfaces <<EOF
    iface sixxs0 inet6 v4tunnel
        address 2001:4dd0:xxxx:yyyy::2
        netmask 64
        endpoint 78.35.24.124
        local $EXTIP
        gateway 2001:4dd0:xxxx:yyyy::1
        ttl 64
        up /sbin/route -A inet6 del default dev venet0
        down /sbin/route -A inet6 add default dev venet0
    
    iface sixxs1 inet6 static
        address 2001:4dd0:xxxx:yyyy::2
        netmask 64
        gateway 2001:4dd0:xxxx:yyyy::1
        ttl 64
        mtu 1480
        pre-up start-stop-daemon -b -m -p /var/run/tbtun-\$IFACE.pid \\
          -S -a /usr/local/sbin/tbtun -- \$IFACE 78.35.24.124 \\
          $EXTIP sit
        pre-up sleep 1
        up /sbin/route -A inet6 del default dev venet0
        down /sbin/route -A inet6 add default dev venet0
        post-down start-stop-daemon -p /var/run/tbtun-\$IFACE.pid -K
        post-down rm /var/run/tbtun-\$IFACE.pid
    
    EOF
    ifup sixxs1
    

    sixxs0 and sixxs1 are the same tunnels. Preferred way is to enable sit device in openvz container (should be done by support. check with ip tu). In this example sixxs1 is started at bootup.

  • NyrNyr Community Contributor, Veteran
    edited May 2014

    Also no need to compile anyting on OVZ, tb-tun comes already with a binary.

  • @Nyr said:
    Also no need to compile anyting on OVZ, tb-tun comes already with a binary.

    yes, but not 64 bit ;-)

    Thanked by 1eddynetweb
  • @agentsmith said:
    Don't configure a routed subnet (layer 3) on your interface (layer 2). so this line is wrong:

      ifconfig tb inet6 add [Routed /64]::1/64 #This is where you add individual IP addresses from your allocation pools
    

    I like to use ifup / ifdown for my tunnel in OpenVZ instead of service so I use in /etc/rc.local:

    EXTIP=$(/sbin/ifconfig venet0:0 |sed -rn 's/.*inet addr:(.*)  P-t-P.*/\1/p')
    cat >> /etc/network/interfaces <<EOF
    iface sixxs0 inet6 v4tunnel
        address 2001:4dd0:xxxx:yyyy::2
        netmask 64
        endpoint 78.35.24.124
        local $EXTIP
        gateway 2001:4dd0:xxxx:yyyy::1
        ttl 64
        up /sbin/route -A inet6 del default dev venet0
        down /sbin/route -A inet6 add default dev venet0
    
    iface sixxs1 inet6 static
        address 2001:4dd0:xxxx:yyyy::2
        netmask 64
        gateway 2001:4dd0:xxxx:yyyy::1
        ttl 64
        mtu 1480
        pre-up start-stop-daemon -b -m -p /var/run/tbtun-\$IFACE.pid \\
          -S -a /usr/local/sbin/tbtun -- \$IFACE 78.35.24.124 \\
          $EXTIP sit
        pre-up sleep 1
        up /sbin/route -A inet6 del default dev venet0
        down /sbin/route -A inet6 add default dev venet0
        post-down start-stop-daemon -p /var/run/tbtun-\$IFACE.pid -K
        post-down rm /var/run/tbtun-\$IFACE.pid
    
    EOF
    ifup sixxs1
    

    sixxs0 and sixxs1 are the same tunnels. Preferred way is to enable sit device in openvz container (should be done by support. check with ip tu). In this example sixxs1 is started at bootup.

    Thank you, this is what I was looking for, mistakes. Much appreciated. :-)

  • KeithKeith Member

    Using this without the routed subnet also.
    Using a modified /etc/init.d/ipv6tb which can also create ipv6 6to4 addresses.

  • I'd love a tutorial on openvz + tun + HE.net + STRONGSWAN.. :D

  • agentsmithagentsmith Member
    edited May 2014

    @gattytto said:
    I'd love a tutorial on openvz + tun + HE.net + STRONGSWAN.. :D

    Does IPsec work? https://openvz.org/IPsec

  • gattyttogattytto Member
    edited May 2014

    @agentsmith I got so far as to login to the VPN with a .p12 imported thingie, but then dunno how to figure out the routes since I have two tun interfaces, one for the tb_tun and the other one created by strongswan thanks to the added modules I compiled with the strongswan sources

  • @gattytto said:
    agentsmith I got so far as to login to the VPN with a .p12 imported thingie, but then dunno how to figure out the routes since I have two tun interfaces, one for the tb_tun and the other one created by strongswan thanks to the added modules I compiled with the strongswan sources

    I've never seen strongswan creating tun devices or routes. Instead it uses xfrm policies ip x p s. You can check packets with tcpdump or iptables LOG / TRACE target

  • gattyttogattytto Member
    edited May 2014

    maybe you can give this one way a try so could catch up with me and help me finally solve it?
    wheezy (strongswan 5.1.3-2~bpo70+1 is compiled from wheezy backports with the added two modules)..

    @agentsmith check this out:

    00[DMN] Starting IKE charon daemon (strongSwan 5.1.3, Linux 2.6.32-042stab085.17, x86_64)

    00[LIB] plugin 'test-vectors': loaded successfully

    00[LIB] plugin 'curl': loaded successfully

    00[LIB] plugin 'ldap': loaded successfully

    00[LIB] plugin 'pkcs11': loaded successfully

    00[LIB] plugin 'aes': loaded successfully

    00[LIB] plugin 'rc2': loaded successfully

    00[LIB] plugin 'sha1': loaded successfully

    00[LIB] plugin 'sha2': loaded successfully

    00[LIB] plugin 'md5': loaded successfully

    00[LIB] plugin 'random': loaded successfully

    00[LIB] plugin 'nonce': loaded successfully

    00[LIB] plugin 'x509': loaded successfully

    00[LIB] plugin 'revocation': loaded successfully

    00[LIB] plugin 'constraints': loaded successfully

    00[LIB] plugin 'pubkey': loaded successfully

    00[LIB] plugin 'pkcs1': loaded successfully

    00[LIB] plugin 'pkcs7': loaded successfully

    00[LIB] plugin 'pkcs8': loaded successfully

    00[LIB] plugin 'pkcs12': loaded successfully

    00[LIB] plugin 'pgp': loaded successfully

    00[LIB] plugin 'dnskey': loaded successfully

    00[LIB] plugin 'sshkey': loaded successfully

    00[LIB] plugin 'pem': loaded successfully

    00[LIB] plugin 'gcrypt': loaded successfully

    00[LIB] plugin 'fips-prf': loaded successfully

    00[LIB] plugin 'gmp': loaded successfully

    00[LIB] plugin 'xcbc': loaded successfully

    00[LIB] plugin 'cmac': loaded successfully

    00[LIB] plugin 'hmac': loaded successfully

    00[LIB] plugin 'ctr': loaded successfully

    00[LIB] plugin 'ccm': loaded successfully

    00[LIB] plugin 'attr': loaded successfully

    00[LIB] created TUN device: ipsec0 <---

    00[LIB] plugin 'kernel-libipsec': loaded successfully <--

    00[LIB] plugin 'kernel-netlink': loaded successfully <--

    00[LIB] plugin 'resolve': loaded successfully

    00[LIB] plugin 'socket-default': loaded successfully

    00[LIB] plugin 'stroke': loaded successfully

    00[KNL] detected Linux 2.6.32, no support for RTA_PREFSRC for IPv6 routes

  • @gattytto
    So at least the ipv4 stuft should work now. What is happening when you connect with a client?

  • well that's the thing @agentsmith , I assign ipv6 address to the ipv4 connected client and then I can just see in windows 7 client when double click the connection, I get the ip but nothin can be done from there, I don't see the packets whatever I log with iptables/ip6tables ..

  • @gattytto so if you ping from win7 to strongswan packets don't leave win7 or don't arrive at strongswan?

  • they arrive strongswan but then no route is effective

  • Doesn't work on my kvm server. When i make as it says my ipv4 network stops working..

  • @XxNisseGamerxX said:
    Doesn't work on my kvm server. When i make as it says my ipv4 network stops working..

    It does? Unless you edited the other settings in /etc/network/interfaces, then you shouldn't be getting that error... Try rebooting the server then preforming ifup he-ipv6.

Sign In or Register to comment.