SIT tunnel with a source-interface rather than source-address

ginko · April 25, 2024, 3:38am

My ISP doesn’t offer IPv6 so I’m running a HE.net 6to4 tunnel and dual-stacking. My IP address is dynamic and my ISP uses PPPoE and both of these make maintaining a SIT tunnel 24/7 challenging.

Every time my IP changes it means needing to “set interfaces tunnel tun0 source-address x.x.x.x”

Initially thought of creating a python script configured via cron to check and update the tunnel IP automatically. Then wondered if perhaps it could be done through VyOS directly.

After removing the built-in checks, I was able to use the source-interface option with a pppoe device in lieu of source-address … it works up to the point of an address change → something would need to be added to re-establish the tunnel upon changing IP.

How are others solving this problem today whether in VyOS or elsewhere?

PROGRESS

No tunnel:

$ show interfaces tunnel
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------

Configure tunnel w. pppoe0 source-interface:

set interfaces tunnel tun0 address '2001:470:x:x::x/64'
set interfaces tunnel tun0 description 'HE.NET IPv6 Tunnel'
set interfaces tunnel tun0 encapsulation 'sit'
set interfaces tunnel tun0 remote '216.66.x.x'
set interfaces tunnel tun0 source-interface 'pppoe0'
set protocols static route6 '::/0' interface 'tun0'

$ show interfaces tunnel
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
tun0             2001:470:x:x::x/64             u/u  HE.NET IPv6 Tunnel

Verify connectivity:

$ ping google.com
PING google.com(yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e)) 56 data bytes
64 bytes from yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e): icmp_seq=1 ttl=120 time=16.4 ms
64 bytes from yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e): icmp_seq=2 ttl=120 time=16.6 ms

$ ip tunnel show
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 6rd-prefix 2002::/16
tun0: ipv6/ip remote 216.66.x.x local any dev pppoe0 ttl 64 tos inherit 6rd-prefix 2002::/16

** Force ip change on modem **

$ ping google.com
PING google.com(yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e)) 56 data bytes
From tunnelxxxxx.tor1.ipv6.he.net (2001:470:x:x::x) icmp_seq=1 Destination unreachable: Address unreachable

At this point, doing a delete interfaces tunnel tun0 and then setting it all back up again will restore IPv6 connectivity.

mertzf · April 25, 2024, 4:17pm

Before switching to native ipv6 with my provider, I used he.net as well for MANY years. A source address of 0.0.0.0 worked just fine.

Best of luck, keep us posted.

ginko · April 25, 2024, 4:54pm

@mertzf thank you I didn’t think of that

I tested to see if 0.0.0.0 works by forcing an IP change through resetting the modem. Initially once the modem was back online, the ping just hanged. I waited a few minutes and tried again and it worked! Happy to say your solution fixes my problem and I don’t think having a source-interface option would be needed unless there is another use case.

$ ping google.com
PING google.com(yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e)) 56 data bytes
^C
— google.com ping statistics —
53 packets transmitted, 0 received, 100% packet loss, time 53243ms

… after a couple of minutes of waiting and retrying again…

$ ping google.com
PING google.com(yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e)) 56 data bytes
64 bytes from yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e): icmp_seq=71 ttl=120 time=15.9 ms
64 bytes from yul02s05-in-x0e.1e100.net (2607:f8b0:4020:805::200e): icmp_seq=72 ttl=120 time=18.1 ms