Subj : Basic Steps / Checks to look at IPv6 To : Paul Hayton From : Michiel van der Vlist Date : Sat Sep 19 2015 14:36:53 Hello Paul, On Saturday September 19 2015 13:29, you wrote to me: Mv>> This is how I set up my first tunnel. It is relatively easy. The Mv>> endpoint will be behind a NAT, so your tunnel type must be Mv>> AYIYA. You need to set up AICCU and the TAP driver on the target Mv>> machine. The PH> Sounds like the less painful approach, sadly I did not set that up PH> with SixXS so at the moment I am down the harder but perhaps more PH> rewarding path of trying to figure out Case 2 You could change the tunnel type to AYIYA. That will cost uo 15 ISK, but for an AYIYA tunnel there is no penalty for no having it up. Ik you do not have enough ISKs you can beg them for a loan with the explanation that being a beginner you made a mistake. I am not a fan of SixXs's point system, but they are the only ones offering a tunnel type that works from behind a NAT. I think ATM that is the best startegy for you. Because... Mv>> Case 2. Have the tunnel end at the router. Mv>> LAN. The disadvantage is that the router must support it and that Mv>> you do not just need a tunnel, you need a subnet as well, PH> So the internet settings on my router seems to allow me to specify PH> IPv6 addressing type. Currently set to SLAAC and on my status screen PH> it just says 'connecting..' all the time. I know my ISP is not PH> offering native IPv6 so that makes sence. The other options for IPv6 PH> addressing type are DHCP and Static. I doubt if ending the tunnel in the router is going to work with your router. PH> Static opens up options to load an IPv6 address, default gateway and PH> primary and secondary DNS server. Do you think I could somehow use PH> those settings with the SixXS POP? PH> There is also a section in the router for VPN and a sub section in PH> that area called Tunnel. I don't think that is the right place. VPN of course tunnels as well, but that is a different type of tunnel. If there is no menu in the IPv6 section for selecting and configuring 6in4, 6RD or 6to4, I am afraid there is at least no easy way with this router. There may be a way via the router's command line interface, if it has one, but one need to find someone who knows the ins and outs of the router in question. You may find how to do it on a forum decicated to your router. I would not advise that route if this router is you main router and you do not have a spare to fall back on. PH> I have also bee using some web based tools to test if I can ping my PH> static IP and found both IPv4 and IPv6 were not responding. I could PH> not find any easy setting in the router to enable IMCP response. You can use one of the many so called looking glass servers to have your system pinged or tracerouted to from outside. Here is one: http://leasewebnoc.com/nl/lookingglass You can probably find one nearer to you. PH> But I did find some success when I found a section in the router PH> entitled DMZ. PH> When I added the BBS box as the DMZ machine I could get IPv4 ping PH> replies to ICMP requests coming in from the WAN. What happens is that the oing request is forwarded to the machine that is configured as the DMZ. That machine ansers the ping. PH> But I'm also aware the machine was likely exposed to every other PH> possible port query from the WAN side also. Exacyly, Might as well directly connectit to the internet without the router. Not recommended. Plus that... it does not do what you want. It does not give you Iv6 access. PH> Not so good. The IPv6 ping tests did not work. Of course not. For that you need the tunnel endpoint to be up and running. At the SixXs side it is ready. The SixXs side of the tunnel pings: Router: evo-sr1 Command: ping ipv6 2001:4428:200:16C::1 Sending 5, 100-byte ICMP Echos to 2001:4428:200:16C::1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 280/282/284 ms PH> I did find an ACL setting in the router that allowed me to enable ICMP PH> as a service type and set WAN as the access direction. IPv4 external PH> pings now work C:\Dokumente und Einstellungen\Michiel>ping -4 agency.bbs.geek.nz Ping agency.bbs.geek.nz [219.89.83.33] mit 32 Bytes Daten: Antwort von 219.89.83.33: Bytes=32 Zeit=336ms TTL=47 Antwort von 219.89.83.33: Bytes=32 Zeit=336ms TTL=47 Antwort von 219.89.83.33: Bytes=32 Zeit=334ms TTL=47 Antwort von 219.89.83.33: Bytes=32 Zeit=334ms TTL=47 Ping-Statistik fr 219.89.83.33: Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0 (0% Verlust), Ca. Zeitangaben in Millisek.: Minimum = 334ms, Maximum = 336ms, Mittelwert = 335ms C:\Dokumente und Einstellungen\Michiel> Yes, that works. PH> but again IPv6 do not. You have no IPv6 connection to the InterNet yet... PH> I'm hopeful that I set my AAAA record for agency.bbs.geek.nz PH> correctly. I have it pointed to my IPv6 address according to SixXS PH> which is 2001:4428:200:16c::2 Yes, that works, but it will do no good without the tunnel up and running. PH> When I do a TraceRoute IPv6 using a web based service I see the PH> following now PH> TraceRoute IPv6 Output: PH> traceroute to agency.bbs.geek.nz (2001:4428:200:16c::2), 30 hops max, PH> 40 byte packets 1 2a02:348:82::1 (2a02:348:82::1) 0.312 ms 0.353 ms [..] PH> 274.626 ms 14 gw-365.wlg-01.nz.sixxs.net (2001:4428:200:16c::1) PH> 274.548 ms 273.527 ms 273.473 ms 15 * * * 16 * * * 17 * * * 18 * PH> * * PH> So it seems I get as far as the NZ based POP but no further. Humm.. Yep, and there the buck stops... Cheers, Michiel --- GoldED+/W32-MSVC 1.1.5-b20130111 * Origin: 2001:470:1f15:1117::1 (2:280/5555) .