Subject: Re: Cisco IPv6 - NetBSD -- Problem found but not solved.
To: None <netbsd-users@netbsd.org>
From: Lista de NetBSD Users <list10@sepc.edu.mx>
List: netbsd-users
Date: 11/22/2001 11:23:23
The problem is in my router, not the router of my
provider of 6bone uplink.

I have the following filter in my router and I dont know
which line modify in order to get gif tunnel works.

MyRouter>show access-lists 102
Extended IP access list 102
    deny ip 0.0.0.0 0.255.255.255 any
    deny ip 10.0.0.0 0.255.255.255 any (356 matches)
    deny ip 127.0.0.0 0.255.255.255 any
    deny ip 224.0.0.0 31.255.255.255 any
    deny ip 169.254.0.0 0.0.255.255 any (2803 matches)
    deny ip 172.16.0.0 0.15.255.255 any (277 matches)
    deny ip 192.0.2.0 0.0.0.255 any
    deny ip 192.168.0.0 0.0.255.255 any (1635 matches)
    deny ip 204.152.64.0 0.0.1.255 any
    deny ip aaa.bbb.ccc.0 0.0.0.255 any
    deny ip any host aaa.bbb.ccc.0 (1575 matches)
    deny ip any host aaa.bbb.ccc.255 (1622 matches)
    permit tcp any aaa.bbb.111.0 0.0.0.255 established (6879328 matches)
    permit tcp any aaa.bbb.111.0 0.0.0.255 (7826295 matches)
    permit udp any aaa.bbb.111.0 0.0.0.255 neq syslog (601078 matches)
    permit icmp any aaa.ccc.111.0 0.0.0.255 echo-reply (110 matches)
    permit icmp any aaa.ccc.111.0 0.0.0.255 unreachable (291588 matches)
    permit icmp any aaa.ccc.111.0 0.0.0.255 source-quench (23 matches)
    permit icmp any aaa.ccc.111.0 0.0.0.255 time-exceeded (4031 matches)
    permit icmp any aaa.ccc.111.0 0.0.0.255 parameter-problem
MyRouter>

When I disable the access-group in serial0 of my cisco, I
can get a clean gif tunnel between my NetBSD box and
other NetBSD box over the internet.

rosario# ifconfig gif0 tunnel aaa.bbb.ccc.ddd www.xxx.yyy.zzz
rosario# ping6 -n ff02::1%gif0
PING6(56=40+8+8 bytes) fe80::250:daff:fe69:48d7%gif0 --> ff02::1%gif0
16 bytes from fe80::250:daff:fe69:48d7%lo0, icmp_seq=0 hlim=64 time=0.244
ms
16 bytes from fe80::250:daff:fe69:48d7%lo0, icmp_seq=1 hlim=64 time=0.197
ms
16 bytes from fe80::250:8bff:fee7:586d%gif0, icmp_seq=0 hlim=64
time=1058.13 ms(DUP!)
16 bytes from fe80::250:8bff:fee7:586d%gif0, icmp_seq=1 hlim=64
time=950.344 ms(DUP!)
16 bytes from fe80::250:daff:fe69:48d7%lo0, icmp_seq=2 hlim=64 time=0.196
ms
^C
--- ff02::1%gif0 ping6 statistics ---
3 packets transmitted, 3 packets received, +2 duplicates, 0% packet loss
round-trip min/avg/max/std-dev = 0.196/401.823/1058.133/493.050 ms
rosario#

The gif tunnel is working!!!!

I dont want delete the filter of my cisco because it contains
the most basic rules of filtering.

Does somebody can tell me which rule add/modify in order
to establish a gif/stf tunnel which can cross my router?

Thanks in advance

Atentamente

Heron Gallegos
Centro Siglo XXI - Informatica Educativa
Saltillo, Coahuila, Mexico

On Wed, 21 Nov 2001, Lista de NetBSD Users wrote:

> Date: Wed, 21 Nov 2001 11:58:31 -0600 (CST)
> From: Lista de NetBSD Users <list10@sepc.edu.mx>
> To: netbsd-users@netbsd.org
> Subject: Re: Cisco IPv6 - which kind of tunnel is this?
>
> On Wed, 21 Nov 2001, Lista de NetBSD Users wrote:
>
> > My uplink provider to 6bone have the following configuration
> > in the Cisco router:
> >
> > interface Tunnel1500
> >   descrition Tunnel to Centro Siglo XXI
> >   no ip address
> >   ipv6 enable
> >   ipv6 address 3FFE:RRRR:RRRR:R::1/64
> >   tunnel source Ethernet0
> >   tunnel destination aaa.aaa.aaa.aaa
> >   tunnel mode ipv6ip
>
> Question:
>
> My uplink provider must do changes in the
> configuration in order to connect my NetBSD box?
>
> Thanks in advance
>
> Atentamente
> Heron Gallegos
>
>