Hurricane Electric's IPv6 Tunnel Broker Forums

I've had my tunnel up for a good while, but sometime in the last few months, I don't know when it started happening, but after my firewall as been up for a week, give or take 3 days, it's random, it will just stop passing traffic.

Interface is up, routes are up, I can ping the remote IPv4 and the local IPv6, but 100% packet loss over the IPv6.  No changes to the firewall rules ( iptables ) or any config, it just starts dropping all packets.  As if I'm blocking a keepalive protocol I can't find docs on.  If I reboot my linux box, traffic resumes without issue.  If I down the interface and restart IPTables, no go, still dead.

Here's my config:

iface he-ipv6 inet6 v4tunnel
    # Bring up the actual tunnel
    address 2001:470:39:57c::2
    netmask 64
    endpoint 184.105.250.46
    #local `/usr/local/bin/GetExternalIP.sh`
    local 209.182.74.168
    ttl 255
    gateway 2001:470:39:57c::1
    post-up /etc/init.d/Firewall-6.sh restart
    #
    # For shutting down the interface
    down /sbin/ip route del ::/0 dev he-ipv6 2>/dev/null
    down /sbin/ifconfig he-ipv6 down 2>/dev/null
    down /sbin/ip link set he-ipv6 down 2>/dev/null
    post-down /sbin/ifconfig sit0 0.0.0.0 2>/dev/null
    post-down /sbin/ifconfig sit0 down 2>/dev/null
    post-down /sbin/ifconfig sit1 0.0.0.0 2>/dev/null
    post-down /sbin/ifconfig sit1 down 2>/dev/null
    post-down /sbin/modprobe -r sit 2>/dev/null

07:42:/home/nomad>ifconfig he-ipv6
he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 fe80::d1b5:4da8  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:39:57c::2  prefixlen 64  scopeid 0x0<global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 2504594  bytes 2856452096 (2.8 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1470748  bytes 248227701 (248.2 MB)
        TX errors 542  dropped 0 overruns 0  carrier 536  collisions 0

07:44:/home/nomad>ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2001:470:39:57c::1 dev he-ipv6 metric 1024 pref medium
2001:470:39:57c::/64 dev he-ipv6 proto kernel metric 256 pref medium
2001:470:4b:57c::/64 dev em1 proto kernel metric 256 pref medium
fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium
fe80::/64 dev enp9s4 proto kernel metric 256 pref medium
fe80::/64 dev em1 proto kernel metric 256 pref medium
fe80::/64 dev em1.5 proto kernel metric 256 pref medium
fe80::/64 dev em1.10 proto kernel metric 256 pref medium
fe80::/64 dev em1.99 proto kernel metric 256 pref medium
fe80::/64 dev em1.101 proto kernel metric 256 pref medium
default via 2001:470:39:57c::1 dev he-ipv6 metric 1024 onlink pref medium


07:42:/home/nomad>ping -c 3 184.105.250.46
PING 184.105.250.46 (184.105.250.46) 56(84) bytes of data.
64 bytes from 184.105.250.46: icmp_seq=1 ttl=59 time=8.85 ms
64 bytes from 184.105.250.46: icmp_seq=2 ttl=59 time=8.55 ms
64 bytes from 184.105.250.46: icmp_seq=3 ttl=59 time=8.60 ms

--- 184.105.250.46 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 8.553/8.668/8.854/0.132 ms

07:42:/home/nomad>ping -c 3 2001:470:39:57c::2
PING 2001:470:39:57c::2(2001:470:39:57c::2) 56 data bytes
64 bytes from 2001:470:39:57c::2: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 2001:470:39:57c::2: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 2001:470:39:57c::2: icmp_seq=3 ttl=64 time=0.059 ms

--- 2001:470:39:57c::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2035ms
rtt min/avg/max/mdev = 0.051/0.060/0.070/0.007 ms

07:42:/home/nomad>ping -c 3 2001:470:39:57c::1
PING 2001:470:39:57c::1(2001:470:39:57c::1) 56 data bytes

--- 2001:470:39:57c::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2041ms

It does sound as if keep-alive is being blocked somehow.  I haven't seen a post of this type on here in a few years, but the solution then was just to create a cron job to run ping every so often. 

I've got traffic flowing across it almost constantly though.

Updated to the latest Ubuntu packages, kernel, etc.  Everything's working great, for about 6 days ( I set up a cron to reboot Monday morning at 4AM, this morning, Sunday, I've got no ipv6 again.

Any thoughts?

Nomadadon,

interesting what you are experiencing, because of one thing. I'm using HE tunnel for ... a long time. Since the day I set it up, the router was having hundreds of days uptime, no changes of any kind, basically a perfectly working blackbox. (router itself is very old jessie base install)

day before yesterday I suddenly realised, I'm without ip6 connectivity. did ifdown/up, revived the the tunnel with no issue. So forgot about it, then yesterday, the same happened.

Normally I would not think about it again, I mean for the years not knowing about it (= no issues), the history would turn those two incidents into dust quickly, right ?
But you are suddenly experiencing with no obvious reason as well, this can not be just random stuff anymore.

So - I don't have any solution as until I red your msg, there was no reason to dig deeper, at least this I was thinking.
So for now just - "you are not alone"

mk

Could this be a reason:

triss:~> ping 209.182.74.168
PING 209.182.74.168 (209.182.74.168) 56(84) bytes of data.
From 185.48.8.110 icmp_seq=1 Destination Net Unreachable
From 185.48.8.110 icmp_seq=2 Destination Net Unreachable
From 185.48.8.110 icmp_seq=3 Destination Net Unreachable
From 185.48.8.110 icmp_seq=4 Destination Net Unreachable
From 185.48.8.110 icmp_seq=5 Destination Net Unreachable
From 185.48.8.110 icmp_seq=6 Destination Net Unreachable
^C
--- 209.182.74.168 ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 14ms

It looks like your endpoint is unreachable for whatever reason. Maybe your provider if at fault here?