Project V5: SIT Tunnel over OpenVPN using Vyatta (10 pts.)

What You Need

Purpose

Once the Vyatta OpenVPN Server is working, with a public IP address, it can be connected to a Hurricane Electric IPv6 tunnel, and deliver public IPv6 addresses to clients through the OpenVPN connection.

We will do that by using a SIT tunnel to move IPv6 traffic through the OpenVPN connection.

Testing your Vyatta OpenVPN Server's IPv6 Connection

On your Vyatta OpenVPN Server, execute this command:
ping6 google.com
You should see replies, as shown below:

Press Ctrl+C to stop the pings.

Troubleshooting

When I first tried this, I got no replies. I used the
show interfaces
command, and saw that the he-ipv6 interface was not visible.

I fixed it with this command:

sudo ifup he-ipv6

Testing the OpenVPN Tunnel

On your Vyatta OpenVPN Server, execute this command:
show interfaces
Find the IPv4 address of your vtun2 interface.

When I did it, the address was 10.8.0.1, as shown below:

On your Vyatta OpenVPN Client, execute this command:

show interfaces
Find the IPv4 address of your vtun2 interface.

When I did it, the address was 10.8.0.2, as shown below:

On your Vyatta OpenVPN Server, execute this command, using the IP address of your Vyatta OpenVPN Client:

ping 10.8.0.2
You should see replies, as shown below:

Press Ctrl+C to stop the pings.

Finding your Routed /64

Log in to http://tunnelbroker.net

At the bottom of the page, click on your tunnel.

In the "Tunnel Details", find your "Routed /64". Mine is 2001:470:1f05:7a9::/64, as shown below:

Configuring the SIT Tunnel at the Vyatta OpenVPN Server

On your Vyatta OpenVPN Server, execute the commands below, using these addresses:
configure

set interfaces tunnel tun0 encapsulation sit

set interfaces tunnel tun0 local-ip 10.8.0.1

set interfaces tunnel tun0 remote-ip 10.8.0.2

set interfaces tunnel tun0 address 2001:470:1f05:7a9::1/64

commit

save 

exit

show interfaces
The tun0 interface should now have the first IPv6 address in your routed /64, as shown below:

Configuring the SIT Tunnel at the Vyatta OpenVPN Client

On your Vyatta OpenVPN Client, execute the commands below, using these addresses:
configure

set interfaces tunnel tun0 encapsulation sit

set interfaces tunnel tun0 local-ip 10.8.0.2

set interfaces tunnel tun0 remote-ip 10.8.0.1

set interfaces tunnel tun0 address 2001:470:1f05:7a9::2/64

commit

save 

exit

show interfaces
The tun0 interface should now have the first IPv6 address in your routed /64, as shown below:

Pinging the Server via IPv6

On your Vyatta OpenVPN Client, execute this command, using the IPv6 address of your Vyatta OpenVPN Server:
ping6 2001:470:1f05:7a9::1
You should see replies, as shown below:

Press Ctrl+C to stop the pings.

Configuring an IPv6 Default Gateway on the Vyatta OpenVPN Client

Although the Vyatta OpenVPN Client can reach the Vyatta OpenVPN Server via IPv6 now, it can't find the IPv6 Internet because it doesn't know which interface to send IPv6 traffic through.

To fix that we must configure the IPv6 default gateway.

On your Vyatta OpenVPN Client, execute these commands:

configure

set protocols static interface-route6 ::/0 next-hop-interface tun0 

commit

save

exit

ping6 google.com
You should see replies, as shown below:

Press Ctrl+C to stop the pings.

On your Vyatta OpenVPN Client, execute this command:

traceroute6 google.com
The first hop should be at Hurricane Electric, starting with 2001:470, as shown below.

The hops after that may vary.

Saving the Screen Image

Make sure the first hop has an address starting with 2001:470

Save a screen shot of this image with the filename

Proj V5 from Your Name

Turning In your Project

Email the image to cnit.60@gmail.com with a subject line of
Proj V5 from Your Name

Last modified 6:30 pm 10-22-12