Hi,
I have a tunnel registered in 2019, to route our own PI IPv6 space with our ASN. This was never critical, so each time I have spent some time setting it up, failing, and then forgetting about it. But this time, I will stick with it :-)
Firstly, the SIT is up, and I see a few packets flowing.
[sanjeev@270s] > /interface 6to4 print detail
Flags: X - disabled, R - running
0 R ;;; Hurricane Electric IPv6 Tunnel Broker
name="sit1" mtu=1480 actual-mtu=1480 local-address=103.224.166.65
remote-address=216.218.221.2 keepalive=10s,10 dscp=0 clamp-tcp-mss=yes
dont-fragment=no
My IPv6 addresses from HE are:
Mine:
2001:470:17:11a::2/64
HE:
2001:470:17:11a::1/64
But I cannot even ping the other side, 2001:470:17:11a::1 . Is this normal? I
do have a route:
[sanjeev@270s] > /ipv6 route print where dst-address=2001:470:17:11a::2/64
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
# DST-ADDRESS GATEWAY DISTANCE
0 ADC 2001:470:17:11a::/64 sit1 0
Thank you,
--
Sanjeev
The first question to answer is if you can ping remote end IPv4 address: 216.218.221.2 (I can).
If it works - check your firewall settings, especially if you allow protocol 41 (IPv6 encapsulation) in your INPUT chain/table.
Quote from: tomkep on March 12, 2021, 06:21:59 AM
The first question to answer is if you can ping remote end IPv4 address: 216.218.221.2 (I can).
Yes, please.
Quote from: tomkep on March 12, 2021, 06:21:59 AM
If it works - check your firewall settings, especially if you allow protocol 41 (IPv6 encapsulation) in your INPUT chain/table.
This is a pure router, no protocol (udp, tcp,41) is blocked, and no ports, either. I can see 120MB/247MB of traffic to 216.218.221.2 since last reboot, protocol 41.
Thank you for helping me debug this.
--
Sanjeev
Hi, this is solved.
The Tunnel endpoint on my side was the interface. I changed it to the Router's IP address, and all works, including BGP.
Thank you