Default Route Override a.k.a. "Full Tunnel" in 1.1.6+

Follow

Comments

6 comments

  • Avatar
    fschulze

    I managed to set most of this up. My router with the IPv6 /64 subnet is using FreeBSD 10.3 and my laptop is OS X El Capitan with no native IPv6 connectivity. I can ping and curl ipv6.google.com and ssh into servers using IPv6. What I can't do is using Safari or Firefox to access ipv6.google.com or any other IPv6 only website, it says "Safari Can't Find the Server" or "Server not found" (Firefox). A restart didn't help.

  • Avatar
    fschulze

    It does work with Chrome! And I'm certain it's going through zerotier, because if I leave the network it stops working. Still wondering why Safari and Firefox doesn't work.

  • Avatar
    Adam Ierymenko

    @fschulze I think I know what this is.

     

    Safari and many other browsers check for an IPv6 default route (/0) and do not use IPv6 if not present. ZeroTier creates two bifurcated routes.

     

    Maybe it should create a default /0 route if IPv6 is not natively available.

  • Avatar
    fschulze

    @adam.ierymenko I tried to manually add a default route mirroring the bifurcated route, but it doesn't seem to work. With netstat -nr it looks like this:

    Internet6:

    Destination Gateway Flags Netif Expire

    ::/1 fde5:cd7a:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx UGSc zt0

    default fde5:cd7a:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx UGSc zt0

    8000::/1 fde5:cd7a:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx UGSc zt0

    ....

     

    Should I open a ticket for this?

  • Avatar
    Adam Ierymenko

    That's pretty strange. You can open one if you want.


    If you go somewhere out on the Internet with IPv6, like a VPS, and ping your external V6 address are you able to see the packets on zt0 with tcpdump? I've found that with stuff like this it often helps to debug at that level.

  • Avatar
    Matthew Sheppard

    is using Hurricane Electric tunnel broker needs to change some of the step?

    with the command line below and what you post above, my device cannot connect each other via ipv6 ( except RFC4193 IPv6 address) or access the internet.

    modprobe ipv6
    ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 116.178.44.153 ttl 255
    ip link set he-ipv6 up
    ip addr add 2001:342:d:578::2/64 dev he-ipv6
    ip route add ::/0 dev he-ipv6
    ip -f inet6 addr

Please sign in to leave a comment.