General Questions

Hi!
I am a newbie.
I am trying to setup a Sixxs.net AICCU heartbeat account.

-I enabled IPv6 in advanced setup

-I set AICCU mode on the WAN side and entered only user id, password and tunnel id.
Other fields are grayed out. I have a dynamic IPv4 address.

-On the LAN side I set the static IPv6 address assigned to me with /64 and router advertisements.

-I allowed everything in the IPv6 firewall for testing purposes

I don’t see anywhere how to enter the Sixxs.net client IPv6 and server IPv4 addresses. I don’t see how I can tell Sixxs.net about my IPv4 address. (I was successful setting up a Hurricane Electric IPv6 account).

On Sixxs.net website it is showing Heartbeat with no IP address.

I get an IPv6 address on the m0n0wall box, but no IPv6 DNS servers. Also the networked computers are not getting an IPv6 address. I cannot connect to IPv6 websites.

Please help me solve this problem. Thanks in advance.

It looks like you're doing everything right - there's no need to enter your SixXS client IPv6/server IPv4 addresses, nor tell SixXS about your (dynamic) WAN IPv4 address: that's exactly what the AICCU client is for. It appears that the client is having trouble communicating with SixXS - could be another firewall/NAT device on your WAN port blocking it, or something wrong with the user/pass/tunnel ID (try entering the tunnel ID with and without the 'T').

Thanks, Manuel.
I got it working tonight. I had to wipe out m0n0wall and reinstall. Too much messing around with it. I was unable to ping the gateway.

For the new people.
-You need to enable in Advanced "Enable IPv6 Support".
-Under WAN, choose AICCU. Enter user id, password and Tunnel ID including "T".
-You need to make a separate request to Sixxs.net for a subnet.
-Under LAN check "static IPv6", enter the "Subnet IPv6", also called "Prefix" from Sixxs.net, /64 and check "send IPv6 router advertisements". Do not enter the "routed to" or "IPv6 Them" given to you by Sixxs.net. 
-Under IPv6 firewall rules make a rule to allow everything on the LAN.
-Reboot m0n0wall and your computer. You should be able to access IPv6 sites!
 

Hello

I'm working with a sixxs account too an so far the connection is working.

while fine-tuning the ipv6 stuff i noticed that:
a) the filter on Protocol ICMPV6 does not really work
b) i'm unable to create a firewall rule for the tun0 Interface (sixxs connectivity tests)

this is more a feature request c) there is no option to filter on source or destination ip or search the logs for a specific pattern

Is there a simple way to create a rule like:
pass ICMP6 from IPv6-Tunnel-Endpoint to IPv6-WAN-Address on tun0-Interface and not WAN?

tia
Philippe

while fine-tuning the ipv6 stuff i noticed that:
a) the filter on Protocol ICMPV6 does not really work

Hmm, I assume you're already using 1.3b15 (ICMPv6 type matching was broken in earlier versions) - what exactly were you trying to do?

b) i'm unable to create a firewall rule for the tun0 Interface (sixxs connectivity tests)

That's right, but you shouldn't have to - m0n0wall takes care of that automatically. From filter.inc:

Code:

/* when using IPv6 tunnels, allow ping to our WAN IPv6 address,
   as most tunnel brokers insist on getting replies or else will
   delete the tunnel after a while */
if ($curwanip && ($wancfg['tunnel6'] || $wancfg['ipaddr6'] == "aiccu")) {
$ipfrules .= <<<EOD

# allow ping to make tunnel broker happy
pass in quick proto ipv6-icmp from any to $curwanip icmp-type 128
pass out quick proto ipv6-icmp from $curwanip to any icmp-type 129

EOD;
}

hi manuel

wow, that's fast!

yes I use the 1.3b15 version on an alix board.

I saw on the sixxs page, that the tunnel graphs were still not working and played around with the Diagnostics -> Logs page.

when i click on ICMPv6 to filter the logs, i still see a lot of denied IPv4 tcp packets.

b) i'm unable to create a firewall rule for the tun0 Interface (sixxs connectivity tests)

That's right, but you shouldn't have to - m0n0wall takes care of that automatically.

if I filter the log files to interface tun0 (diag_logs_filter.php?if=tun0) i see denied packets from
<ipv6-pop> to <ipv6-wan> on interface tun0. (every hour ~40 packets  )

if I filter the log files to interface tun0 (diag_logs_filter.php?if=tun0) i see denied packets from
<ipv6-pop> to <ipv6-wan> on interface tun0. (every hour ~40 packets  )

Ah, I hadn't noticed it in your first post: tun0 is actually the wrong interface, and I'm surprised that the tunnel works at all for you (browsing etc.). Is it possible that you've got your SixXS tunnel set to AYIYA mode? Because in heartbeat mode, it's supposed to create a gif0 device (which is what m0n0wall expects).

Ah, I hadn't noticed it in your first post: tun0 is actually the wrong interface, and I'm surprised that the tunnel works at all for you (browsing etc.). Is it possible that you've got your SixXS tunnel set to AYIYA mode? Because in heartbeat mode, it's supposed to create a gif0 device (which is what m0n0wall expects).

Yes it's set to AYIYA mode.

It works, if I boot with a correct configuration. When I change it, I get errors like interface already in use (or something like that).

Ah, I hadn't noticed it in your first post: tun0 is actually the wrong interface, and I'm surprised that the tunnel works at all for you (browsing etc.).

Ok the tunnel works, if the connection is made from the Lan side. If a remote machine want's to connect, i get a FW Log Entry for tun0.

so I have to wait for 1.3b16

AYIYA probably won't be supported in 1.3b16 either. Just switch your tunnel to heartbeat mode on sixxs.net (as it says on the Interfaces: WAN setup page), and things should work fine. It's much more efficient anyway as data doesn't have to be pumped through userland.

A nearby PoP provider was down with SixXs. I found it necessary and convenient to download the AICCU client and run it.
M0n0wall had the tunnel up, but I was unable to browse any IPv6 sites.
With the AICCU client running, I could browse IPv6 sites.
The good thing is that m0n0wall IPv6 firewall rules were in effect enabling the AICCU to communicate.
Under normal circumstances, running a separate AICCU client may not be necessary.

Hi, another IPv6 newbie here... I've gotten a tunnel and subnet from SixXS too. The sem unable to ping my v6 address. I can ping the other tunnel endpoint and v6 adresses on internet though. I have a fixed IPv4 address, so I use fixed 'tunnel' NOT AYIYA/AICCU. I've never been able to get such a tunnel up. Dunno why... With all that switching I've burned all my ISK 'money'. I wonder why they cannot ping my IPv6 endpoint. someone else on internet with an IPv6 address *IS* able to ping it.
How could I investigate this more?
Egbert Jan

Hi!
I upgraded to 1.3b16 and checked "Send IPv6 router advertisements" on WAN interface in addition to what I had. I have it set as well on LAN interface. I have access to my modem under IPv4 but not IPv6.
I am getting this error message under Suggested IPv6 address on the LAN interface.
Again it is a heartbeat account with SixXS and I have no trouble navigating IPv6 sites.
Is there something I am doing wrong?

Error calculating IPv6 address!
This IPv6 Address is suggested from listening to prefix advertisements recieved on the WAN interface, and using the first address available in that prefix.

When I uncheck "Send IPv6 router advertisements" on WAN interface, under Suggested IPv6 address on the LAN interface it suggests I check "Send IPv6 router advertisements" on WAN interface. In other words, m0n0wall wants me to check "Send IPv6 router advertisements" on WAN interface.
Let me know if you need additional information.
Thanks in advance.

Run a SIXXS heartbeat tunnel on m0n0wall v1.33.

On the Status Interface Page (WAN) I still got

AICCU address : On the AICCU down ? check logs. tun0 not found

From the DHCP Log:

Aug 5 17:47:49    sixxs-aiccu: AICCU running as PID 291
Aug 5 17:47:49    sixxs-aiccu: Succesfully retrieved tunnel information for XXXXXX

And it is working pretty well.

Strange, isn't it.

And there is a gif0 interface availiable.

Debugging hint:

Run in the exec.php

/usr/local/sbin/sixxs-aiccu autotest /var/etc/aiccu.conf


After disabling the AYIYA check everthing works fine. Error Message disappear.

Regards

F41THR