Ask
Reply
Solution
01-04-2023 02:42 PM
Hi all,
I was just wondering if anyone has managed to get an IPV6 tunnel through he.net working on a FTTH connection via Cityfibre using the standard Vodafone router?
I'm using a Raspberry Pi as the tunnel endpoint and am pretty sure I've got the config right. The tunnel says it's up, and I can see IPV6 addresses with the right prefix being assigned to all devices in my LAN, and can successfully IPV6 ping sites like ipv6.google.com from all devices as well.
The problem is that web browsing etc doesn't work to IPV6 sites, and all the IPV6 checkers tell me IPV6 is not working.
I *think* it's because the Vodafone router uses a broadcom chipset and I'm coming across the 'flow cache' issue as mentioned at https://ttlexpired.co.uk/2016/02/12/ipv6-tunnel-and-failing-tcp-sessions/
If that's the case then the only option would seem to be to replace the Vodafone router with something else, but as I'm on Digital Voice as well and ipv6 is a 'nice to have' but not critical, then it's probably not worth the hassle.
Am I right, or is there another way I can get it working?
Thanks
Ross
Solved! Go to best answer.
13-04-2023 09:51 PM
Thank you very much!
I had left the MTU at defaults, but have set it to 1452 at both ends and reconnected the tunnel, and all the tests are now working perfectly!
I'll do some more tests, but looks like the MTU was the issue!
Thanks again!
01-04-2023 07:27 PM
In this instance, the "flow cache" issue shouldn't come into play because the tunnel is from the raspberry pi to your endpoint and the router shouldn't be interfering!
The problem is more likely to be that you need to set the Raspberry Pi as the gateway for devices you want to connect over IPv6. In this configuration, though the Raspberry Pi itself still needs to connect to the router's IPv4 gateway, and you'll need to set the IPv6 address, and gateway manually on each device from your Hurricane electric pool (being pedantic there are other methods that automate more, but the initial config gets ever more complex).
*Be aware that some services that detect Hurricane Electric's IPv6 connections as VPN connections may reject your connections - even Instagram can be problematic!
**You'll also either need one of: Static IPv4 address from Vodafone; Set up the RPi to use HE's own DDNS, or use a routine on the RPi to update your WAN address to HE if/when the WAN address changes.
Good luck see how you get along with that and keep us updated!
13-04-2023 08:46 PM
Ok, strange,
I've posted a reply twice including configs etc and saying that configuring addresses and other information manually or via radvd stil doesn't work, but the reply has disappeared both times!
What am I doing wrong?
Thanks
Ross
13-04-2023 09:17 PM - edited 13-04-2023 09:19 PM
There may be security issues with some of the information you're posting. Redact or otherwise obfuscate IPs and MAC address and try again, or make a clear statement to the moderators that no sensitive information is included. Don't lie though, they are good at spotting things you may miss.
13-04-2023 09:22 PM
Thanks - I didn't think of my posts being moderated, especially as I've not been sent any sort of message to say that's what's happened.
I'll try again, but make it clear that all sensitive information is redacted.
Thanks
13-04-2023 09:31 PM
Hi,
Thanks for replying, and sorry I'm a bit late in responding - took a bit of time to try things but also seems like my replies were possibly being moderated.
I've tried both manually configuring addresses etc and also using radvd, and although all machines on the lan get an address in the he.net prefix and can ping google using ipv6, browsing still doesn't work.
The various configs are below - I've blanked out part of the IP addresses for security, but left part in as I think they are needed to show I'm using the right prefixes - hope this is ok.
The various configs etc are :
On the Raspberry PI :
he-ipv6 in /etc/network/interfaces.d
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:xxx:1f1c:yyy::2
netmask 64
endpoint aaa.bbb.ccc.ddd
local aaa.bbb.ccc.ddd
ttl 255
gateway 2001:xxx:1f1c:yyy::1
up ip addr add 2001:xxx:1f1d:yyy::1/64 dev wlan0
ifconfig wlan0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet aaa.bbb.ccc.ddd netmask 255.255.255.0 broadcast aaa.bbb.ccc.255
inet6 fe80::7b20:a60f:cd65:73cc prefixlen 64 scopeid 0x20<link>
inet6 2001:xxx:1f1d:yyy::1 prefixlen 64 scopeid 0x0<global>
ether aa:bb:cc:dd:ee:ff txqueuelen 1000 (Ethernet)
radvd.conf
interface wlan0
{
IgnoreIfMissing on;
AdvManagedFlag off;
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvOtherConfigFlag on;
AdvLinkMTU 1480;
prefix 2001:xxx:1f1d:yyy::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
route -6
localhost/128 [::] U 256 2 0 lo
tunnel588721.tunnel.tserv1.lon2.ipv6.he.net/128 [::] U 1024 1 0 he-ipv6
2001:xxx:1f1c:yyy::/64 [::] Un 256 2 0 he-ipv6
2001:xxx:1f1d:yyy::/64 [::] U 256 1 0 wlan0
fe80::/64 [::] Un 256 1 0 he-ipv6
fe80::/64 [::] U 256 1 0 wlan0
[::]/0 tunnel588721.tunnel.tserv1.lon2.ipv6.he.net UGH 1024 4 0 he-ipv6
localhost/128 [::] Un 0 5 0 lo
2001:xxx:1f1c:yyy::/128 [::] Un 0 3 0 he-ipv6
tunnel588721-pt.tunnel.tserv1.lon2.ipv6.he.net/128 [::] Un 0 5 0 he-ipv6
2001:xxx:1f1d:yyy::/128 [::] Un 0 3 0 wlan0
2001:xxx:1f1d:yyy::1/128 [::] Un 0 3 0 wlan0
fe80::/128 [::] Un 0 3 0 he-ipv6
fe80::/128 [::] Un 0 3 0 wlan0
fe80::c0a8:424d/128 [::] Un 0 5 0 he-ipv6
fe80::7b20:a60f:cd65:73cc/128 [::] Un 0 4 0 wlan0
ff00::/8 [::] U 256 1 0 he-ipv6
ff00::/8 [::] U 256 5 0 wlan0
[::]/0 [::] !n -1 1 0 lo
Windows 11 client:
ipconfig
Wireless LAN adapter WiFi:
Connection-specific DNS Suffix . : broadband
IPv6 Address. . . . . . . . . . . : 2001:xxx:1f1d:yyy:e4de:254f:6be3:6bbc
Temporary IPv6 Address. . . . . . : 2001:xxx:1f1d:yyy:c063:996f:d09b:1ca8
Link-local IPv6 Address . . . . . : fe80::xxxx:yyyy:907:2ce9%2
IPv4 Address. . . . . . . . . . . : aaa.bbb.ccc.ddd
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80:xxxx:yyyy:cd65:73cc%2
aaa.bbb.ccc.250
route -6 print
If Metric Network Destination Gateway
2 291 ::/0 fe80::xxxx:yyyy:cd65:73cc
1 331 ::1/128 On-link
2 291 2001:xxx:1f1d:yyy::/64 On-link
2 291 2001:xxx:1f1d:yyy:c063:996f:d09b:1ca8/128
On-link
2 291 2001:xxx:1f1d:yyy:e4de:254f:6be3:6bbc/128
On-link
2 291 fe80::/64 On-link
2 291 fe80::xxxx:yyyy:907:2ce9/128
On-link
1 331 ff00::/8 On-link
2 291 ff00::/8 On-link
13-04-2023 09:35 PM - edited 13-04-2023 09:36 PM
I'll look deeper later, but just a hunch for now. What MTU are you using for the tunnel? For PPPoE it needs to be 1452 on both ends because of overheads.
13-04-2023 09:51 PM
Thank you very much!
I had left the MTU at defaults, but have set it to 1452 at both ends and reconnected the tunnel, and all the tests are now working perfectly!
I'll do some more tests, but looks like the MTU was the issue!
Thanks again!
06-05-2023 10:40 PM
Forgot to come back and confirm this was the answer
Sorry!