Hi
I have problem with my tunnel. I try configure it on my router
based on FreeBSD (FreeBSD router.lan 7.2-RELEASE FreeBSD 7.2-RELEASE
#0).
I can't ping any ipv6 hosts, even my PoPv6 gateway.
If I try ping my gw there is no answer
ping6 2001:470:1f0a:a08::1 (my pop6 endpoint)
tcpdump -ni vr0 host 216.66.80.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
19:08:06.570521 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 0, length 16
19:08:07.571406 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 1, length 16
19:08:08.570709 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 2, length 16
19:08:09.571052 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 3, length 16
19:08:10.570393 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 4, length 16
19:08:11.570734 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 5, length 16
19:08:11.571641 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
19:08:12.571085 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 6, length 16
19:08:12.571937 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
19:08:13.572342 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
tcpdump -ni gif0
tcpdump: WARNING: gif0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes
19:08:06.570414 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 0, length 16
19:08:07.571357 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 1, length 16
19:08:08.570666 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 2, length 16
19:08:09.571008 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 3, length 16
19:08:10.570349 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 4, length 16
19:08:11.570692 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 5, length 16
19:08:11.571612 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
19:08:12.571039 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 6, length 16
19:08:12.571916 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
19:08:13.572298 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
19:08:35.871088 IP6 fe80::20d:b9ff:fe19:233c > ff02::1: ICMP6, router advertisement, length 48
ping6 ipv6.google.com
tcpdump -ni vr0 host 216.66.80.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
19:09:34.103962 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 2, length 16
19:09:35.104305 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 3, length 16
19:09:36.103645 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 4, length 16
19:09:37.104945 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
19:09:38.105239 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
19:09:39.105582 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
tcpdump -ni gif0
tcpdump: WARNING: gif0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
19:09:34.103921 IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 2, length 16
19:09:35.104263 IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 3, length 16
19:09:36.103604 IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 4, length 16
19:09:37.104900 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
19:09:38.105200 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
19:09:39.105542 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
I try ping my ipv6 address from
http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php
and tcpdump show
tcpdump -ni vr0 host 216.66.80.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
18:58:39.676697 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 0, length 40
18:58:39.676872 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 0, length 40
18:58:40.673743 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 1, length 40
18:58:40.673933 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 1, length 40
18:58:41.672109 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 2, length 40
18:58:41.672299 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 2, length 40
18:58:42.674293 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 3, length 40
18:58:42.674483 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 3, length 40
18:58:44.675464 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
18:58:45.675298 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
18:58:46.675150 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation[|icmp6]
tcpdump -ni gif0
tcpdump: WARNING: gif0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes
18:58:39.676732 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 0, length 40
18:58:39.676842 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 0, length 40
18:58:40.673785 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 1, length 40
18:58:40.673895 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 1, length 40
18:58:41.672151 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 2, length 40
18:58:41.672262 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 2, length 40
18:58:42.674334 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 3, length 40
18:58:42.674446 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 3, length 40
18:58:44.675421 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
18:58:45.675260 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
18:58:46.675106 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, neighbor solicitation, who has 2001:470:1f0a:a08::1, length 24
but the ping tool show:
IPv6 Ping Output:
PING 2001:470:1f0a:a08::2(2001:470:1f0a:a08::2) 32 data bytes
--- 2001:470:1f0a:a08::2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms
Does anyone know what is going on ? :)
I disable any filter rules on pf, vr0 is my external interface with external IP.
Best Regards
Greg
PS. config gif0 interface
ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 2001:470:1f0a:a08::2 --> 2001:470:1f0a:a08::1 prefixlen 128
inet6 fe80::20d:b9ff:fe19:233c%gif0 prefixlen 64 scopeid 0x8
inet6 2001:6a0:200:13d:20d:b9ff:fe19:233c prefixlen 64 autoconf
Can you post your routing table ("netstat -nr") and the output of "ifconfig -a" ?
of corse :)
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 83.143.43.1 UGS 0 4404 vr0
83.143.43.0/24 link#1 UC 0 0 vr0
83.143.43.1 00:1e:68:a9:d3:3f UHLW 2 0 vr0 1199
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.1.0/24 link#2 UC 0 0 vr1
192.168.1.5 00:08:5d:11:36:45 UHLW 1 137 vr1 1027
192.168.2.0/24 link#3 UC 0 0 vr2
192.168.2.57 00:1e:ec:31:db:78 UHLW 1 6262 vr2 474
192.168.3.0/24 link#4 UC 0 0 ath0
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default 2001:470:1f0a:a08::1 UGS gif0
::1 ::1 UHL lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:470:1f0a:a08::1 link#8 UHL gif0
2001:470:1f0a:a08::2 link#8 UHL lo0
2001:6a0:200:13d::/64 link#8 UC gif0
2001:6a0:200:13d:20d:b9ff:fe19:233c link#8 UHL lo0
fe80::/10 ::1 UGRS lo0
fe80::%vr0/64 link#1 UC vr0
fe80::20d:b9ff:fe19:233c%vr0 00:0d:b9:19:23:3c UHL lo0
fe80::%vr1/64 link#2 UC vr1
fe80::20d:b9ff:fe19:233d%vr1 00:0d:b9:19:23:3d UHL lo0
fe80::%vr2/64 link#3 UC vr2
fe80::20d:b9ff:fe19:233e%vr2 00:0d:b9:19:23:3e UHL lo0
fe80::%ath0/64 link#4 UC ath0
fe80::221:27ff:fecc:604f%ath0 00:21:27:cc:60:4f UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#6 UHL lo0
fe80::%gif0/64 link#8 UC gif0
fe80::20d:b9ff:fe19:233c%gif0 link#8 UHL lo0
ff01:1::/32 link#1 UC vr0
ff01:2::/32 link#2 UC vr1
ff01:3::/32 link#3 UC vr2
ff01:4::/32 link#4 UC ath0
ff01:6::/32 ::1 UC lo0
ff01:8::/32 link#8 UC gif0
ff02::/16 ::1 UGRS lo0
ff02::%vr0/32 link#1 UC vr0
ff02::%vr1/32 link#2 UC vr1
ff02::%vr2/32 link#3 UC vr2
ff02::%ath0/32 link#4 UC ath0
ff02::%lo0/32 ::1 UC lo0
ff02::%gif0/32 link#8 UC gif0
vr0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:0d:b9:19:23:3c
inet6 fe80::20d:b9ff:fe19:233c%vr0 prefixlen 64 scopeid 0x1
inet 83.143.43.59 netmask 0xffffff00 broadcast 83.143.43.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 2001:470:1f0a:a08::2 --> 2001:470:1f0a:a08::1 prefixlen 128
inet6 fe80::20d:b9ff:fe19:233c%gif0 prefixlen 64 scopeid 0x8
inet6 2001:6a0:200:13d:20d:b9ff:fe19:233c prefixlen 64 autoconf
What commands did you use to set up your tunnel? (Those should be in /etc/inetd.conf)
Your tunnel interface seems to have a public IPv6 address assigned to it
Quote
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 2001:470:1f0a:a08::2 --> 2001:470:1f0a:a08::1 prefixlen 128
inet6 fe80::20d:b9ff:fe19:233c%gif0 prefixlen 64 scopeid 0x8
inet6 2001:6a0:200:13d:20d:b9ff:fe19:233c prefixlen 64 autoconf
Did you assign that?
Are you using VR0 for your network access? I don't see an IPv6 address on there.
Quote from: cholzhauer on October 26, 2009, 11:34:04 AM
Did you assign that?
Yes, I use this command
/sbin/ifconfig gif0 create
/sbin/ifconfig gif0 tunnel 83.143.43.59 216.66.80.30
/sbin/ifconfig gif0 inet6 2001:470:1f0a:a08::2 2001:470:1f0a:a08::1 prefixlen 128
/sbin/route -n add -inet6 default 2001:470:1f0a:a08::1
/sbin/ifconfig gif0 up
Quote from: cholzhauer on October 26, 2009, 11:34:04 AM
Are you using VR0 for your network access? I don't see an IPv6 address on there.
Yes
Quotetcpdump: WARNING: gif0: no IPv4 address assigned
It's already telling you what's wrong. Some setups need to assign the IPv4 endpoint address to the 6to4 interface (with a /32 or 255.255.255.255 mask).
Try putting these commands in /etc/rc.conf and rebooting.
ipv6_network_interfaces="rv0 gif1 lo0"
ipv6_gateway_enable="YES
ipv6_prefix_rv0="2001:470:1f0a:a08::3"
gif_interfaces="gif1"
gifconfig_gif1="83.143.43.59 216.66.80.30"
ipv6_ifconfig_gif1="2001:470:1f0a:a08::2/64"
ipv6_defaultrouter="-interface gif1"
If you have a /48, pick a /64 to use for the "ipv6_prefix_rv0=..."
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:0d:b9:19:23:3c
inet6 fe80::20d:b9ff:fe19:233c%vr0 prefixlen 64 scopeid 0x1
inet 83.143.43.59 netmask 0xffffff00 broadcast 83.143.43.255
inet6 2001:470:1f0a:a08::3 prefixlen 64 anycast
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 fe80::20d:b9ff:fe19:233c%gif1 prefixlen 64 scopeid 0x8
inet6 2001:470:1f0a:a08::2 prefixlen 64
gif0: flags=8011<UP,POINTOPOINT,MULTICAST> metric 0 mtu 1280
inet6 2001:470:1f0a:a08::2 --> 2001:470:1f0a:a08::1 prefixlen 128
inet6 fe80::20d:b9ff:fe19:233c%gif0 prefixlen 64 scopeid 0x9
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default gif1 ULS gif1
::1 ::1 UHL lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:470:1f0a:a08::/64 link#1 UC vr0
2001:470:1f0a:a08::1 link#9 UHL gif0
2001:470:1f0a:a08::2 link#8 UHL lo0
2001:470:1f0a:a08::3 00:0d:b9:19:23:3c UHL lo0
fe80::/10 ::1 UGRS lo0
fe80::%vr0/64 link#1 UC vr0
fe80::20d:b9ff:fe19:233c%vr0 00:0d:b9:19:23:3c UHL lo0
fe80::%vr1/64 link#2 UC vr1
fe80::20d:b9ff:fe19:233d%vr1 00:0d:b9:19:23:3d UHL lo0
fe80::%vr2/64 link#3 UC vr2
fe80::20d:b9ff:fe19:233e%vr2 00:0d:b9:19:23:3e UHL lo0
fe80::%ath0/64 link#4 UC ath0
fe80::221:27ff:fecc:604f%ath0 00:21:27:cc:60:4f UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#6 UHL lo0
fe80::%gif1/64 link#8 UC gif1
fe80::20d:b9ff:fe19:233c%gif1 link#8 UHL lo0
fe80::%gif0/64 link#9 UC gif0
fe80::20d:b9ff:fe19:233c%gif0 link#9 UHL lo0
ff01:1::/32 link#1 UC vr0
ff01:2::/32 link#2 UC vr1
ff01:3::/32 link#3 UC vr2
ff01:4::/32 link#4 UC ath0
ff01:6::/32 ::1 UC lo0
ff01:8::/32 link#8 UC gif1
ff01:9::/32 link#8 UC gif1
ff02::/16 ::1 UGRS lo0
ff02::%vr0/32 link#1 UC vr0
ff02::%vr1/32 link#2 UC vr1
ff02::%vr2/32 link#3 UC vr2
ff02::%ath0/32 link#4 UC ath0
ff02::%lo0/32 ::1 UC lo0
ff02::%gif1/32 link#8 UC gif1
ff02::%gif0/32 link#8 UC gif1
ping6 2001:470:1f0a:a08::1
PING6(56=40+8+8 bytes) 2001:470:1f0a:a08::2 --> 2001:470:1f0a:a08::1
ping6: sendmsg: Network is down
ping6: wrote 2001:470:1f0a:a08::1 16 chars, ret=-1
ping6: sendmsg: Network is down
ping6: wrote 2001:470:1f0a:a08::1 16 chars, ret=-1
ping6: sendmsg: Network is down
ping6: wrote 2001:470:1f0a:a08::1 16 chars, ret=-1
^C
--- 2001:470:1f0a:a08::1 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
You'll need to remove gif0
gif1: flags=8151<UP,POINTOPOINT,RUNNING,PROMISC,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 fe80::20d:b9ff:fe19:233c%gif1 prefixlen 64 scopeid 0x8
inet6 2001:470:1f0a:a08::2 prefixlen 64
unfortunately, still the same :( as the first post
Can you repost the routing table
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 83.143.43.1 UGS 0 194 vr0
83.143.43.0/24 link#1 UC 0 0 vr0
83.143.43.1 00:1e:68:a9:d3:3f UHLW 2 0 vr0 1198
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.1.0/24 link#2 UC 0 0 vr1
192.168.2.0/24 link#3 UC 0 0 vr2
192.168.2.57 00:1e:ec:31:db:78 UHLW 1 277 vr2 1160
192.168.3.0/24 link#4 UC 0 0 ath0
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default gif1 ULS gif1
::1 ::1 UHL lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:470:1f0a:a08::/64 link#1 UC vr0
2001:470:1f0a:a08::2 link#8 UHL lo0
2001:470:1f0a:a08::3 00:0d:b9:19:23:3c UHL lo0
fe80::/10 ::1 UGRS lo0
fe80::%vr0/64 link#1 UC vr0
fe80::20d:b9ff:fe19:233c%vr0 00:0d:b9:19:23:3c UHL lo0
fe80::%vr1/64 link#2 UC vr1
fe80::20d:b9ff:fe19:233d%vr1 00:0d:b9:19:23:3d UHL lo0
fe80::%vr2/64 link#3 UC vr2
fe80::20d:b9ff:fe19:233e%vr2 00:0d:b9:19:23:3e UHL lo0
fe80::%ath0/64 link#4 UC ath0
fe80::221:27ff:fecc:604f%ath0 00:21:27:cc:60:4f UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#6 UHL lo0
fe80::%gif1/64 link#8 UC gif1
fe80::20d:b9ff:fe19:233c%gif1 link#8 UHL lo0
ff01:1::/32 link#1 UC vr0
ff01:2::/32 link#2 UC vr1
ff01:3::/32 link#3 UC vr2
ff01:4::/32 link#4 UC ath0
ff01:6::/32 ::1 UC lo0
ff01:8::/32 link#8 UC gif1
ff02::/16 ::1 UGRS lo0
ff02::%vr0/32 link#1 UC vr0
ff02::%vr1/32 link#2 UC vr1
ff02::%vr2/32 link#3 UC vr2
ff02::%ath0/32 link#4 UC ath0
ff02::%lo0/32 ::1 UC lo0
ff02::%gif1/32 link#8 UC gif1
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:0d:b9:19:23:3c
inet6 fe80::20d:b9ff:fe19:233c%vr0 prefixlen 64 scopeid 0x1
inet 83.143.43.59 netmask 0xffffff00 broadcast 83.143.43.255
inet6 2001:470:1f0a:a08::3 prefixlen 64 anycast
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 fe80::20d:b9ff:fe19:233c%gif1 prefixlen 64 scopeid 0x8
inet6 2001:470:1f0a:a08::2 prefixlen 64
You're routing traffic destined for the tunnel out your local interface instead of the tunnel
Quote2001:470:1f0a:a08::/64 link#1 UC vr0
It should be routed out gif1
but the routing was not manually set by me, I try to change
routing changed but unfortunately still not works, it is very strange :)
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default gif1 ULS gif1
::1 ::1 UHL lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:470:1f0a:a08::/64 gif1 ULS gif1
2001:470:1f0a:a08::2 link#8 UHL lo0
2001:470:1f0a:a08::3 00:0d:b9:19:23:3c UHL lo0
fe80::/10 ::1 UGRS lo0
fe80::%vr0/64 link#1 UC vr0
fe80::20d:b9ff:fe19:233c%vr0 00:0d:b9:19:23:3c UHL lo0
fe80::%vr1/64 link#2 UC vr1
fe80::20d:b9ff:fe19:233d%vr1 00:0d:b9:19:23:3d UHL lo0
fe80::%vr2/64 link#3 UC vr2
fe80::20d:b9ff:fe19:233e%vr2 00:0d:b9:19:23:3e UHL lo0
fe80::%ath0/64 link#4 UC ath0
fe80::221:27ff:fecc:604f%ath0 00:21:27:cc:60:4f UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#6 UHL lo0
fe80::%gif1/64 link#8 UC gif1
fe80::20d:b9ff:fe19:233c%gif1 link#8 UHL lo0
ff01:1::/32 link#1 UC vr0
ff01:2::/32 link#2 UC vr1
ff01:3::/32 link#3 UC vr2
ff01:4::/32 link#4 UC ath0
ff01:6::/32 ::1 UC lo0
ff01:8::/32 link#8 UC gif1
ff02::/16 ::1 UGRS lo0
ff02::%vr0/32 link#1 UC vr0
ff02::%vr1/32 link#2 UC vr1
ff02::%vr2/32 link#3 UC vr2
ff02::%ath0/32 link#4 UC ath0
ff02::%lo0/32 ::1 UC lo0
ff02::%gif1/32 link#8 UC gif1
I think your initial problem might have been the fact that you were using the wrong prefix length for your IPv6 tunnel interface, /128 when it should have been /64.
Go over your HE address assignments. They will give you an IPv6 IP for your tunnel interface, and a different one for your routed /64. They are both /64s. Make sure you're putting the right addresses on the right interfaces. Your tunnel interface should get the tunnel address, and the routed /64 can go on your "inside" interface.
I tried already different configurations, and nothing worked. These are allocated addresses from HE could You help me configure it ?
Server IPv4 address: 216.66.80.30
Server IPv6 address: 2001:470:1f0a:a08::1/64
Client IPv4 address: 83.143.43.59
Client IPv6 address: 2001:470:1f0a:a08::2/64
Anycasted IPv6 Caching Nameserver: 2001:470:20::2
Anycasted IPv4 Caching Nameserver: 74.82.42.42
Routed /48: 2001:470:a013::/48
Routed /64: 2001:470:1f0b:a08::/64
All I can say is to make sure that the address 2001:470:1f0a:a08::2/64 is only on your tunnel interface. In your netstat I see another 2001:470:1f0a:a08::3 of that IPv6 associated with the loopback interface. That shouldn't be. The client tunnel subnet should only be on the tunnel.
Other than that, the only thing I can think of is a firewall or other security feature on your box is blocking the traffic, or your ISP or something else is blocking the 6in4 traffic.
QuoteIn your netstat I see another 2001:470:1f0a:a08::3 of that IPv6 associated with the loopback interface. That shouldn't be.
Yep, that was my fault. Not sure what I was thinking.
In /etc/rc.conf, replace this line ipv6_prefix_rv0="2001:470:1f0a:a08::3" with this line ipv6_prefix_rv0="2001:470:a013:0000"
Still the same problem, maybe my ISP filtering something :(
ipv6_network_interfaces="vr0 gif1 lo0"
ipv6_gateway_enable="YES"
ipv6_prefix_vr0="2001:470:a013:0000"
gif_interfaces="gif1"
gifconfig_gif1="83.143.43.59 216.66.80.30"
ipv6_ifconfig_gif1="2001:470:1f0a:a08::2/64"
ipv6_defaultrouter="-interface gif1"
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default gif1 ULS gif1
::1 ::1 UHL lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:470:1f0a:a08::/64 link#8 UC gif1
2001:470:1f0a:a08::2 link#8 UHL lo0
2001:470:a013:: 00:0d:b9:19:23:3c UHL lo0 =>
2001:470:a013::/64 link#1 UC vr0
2001:470:a013:0:20d:b9ff:fe19:233c 00:0d:b9:19:23:3c UHL lo0
fe80::/10 ::1 UGRS lo0
fe80::%vr0/64 link#1 UC vr0
fe80::20d:b9ff:fe19:233c%vr0 00:0d:b9:19:23:3c UHL lo0
fe80::%vr1/64 link#2 UC vr1
fe80::20d:b9ff:fe19:233d%vr1 00:0d:b9:19:23:3d UHL lo0
fe80::%vr2/64 link#3 UC vr2
fe80::20d:b9ff:fe19:233e%vr2 00:0d:b9:19:23:3e UHL lo0
fe80::%ath0/64 link#4 UC ath0
fe80::221:27ff:fecc:604f%ath0 00:21:27:cc:60:4f UHL lo0
fe80::%lo0/64 fe80::1%lo0 U lo0
fe80::1%lo0 link#6 UHL lo0
fe80::%gif1/64 link#8 UC gif1
fe80::20d:b9ff:fe19:233c%gif1 link#8 UHL lo0
ff01:1::/32 link#1 UC vr0
ff01:2::/32 link#2 UC vr1
ff01:3::/32 link#3 UC vr2
ff01:4::/32 link#4 UC ath0
ff01:6::/32 ::1 UC lo0
ff01:8::/32 link#8 UC gif1
ff02::/16 ::1 UGRS lo0
ff02::%vr0/32 link#1 UC vr0
ff02::%vr1/32 link#2 UC vr1
ff02::%vr2/32 link#3 UC vr2
ff02::%ath0/32 link#4 UC ath0
ff02::%lo0/32 ::1 UC lo0
ff02::%gif1/32 link#8 UC gif1
vr0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=280b<RXCSUM,TXCSUM,VLAN_MTU,WOL_UCAST,WOL_MAGIC>
ether 00:0d:b9:19:23:3c
inet6 fe80::20d:b9ff:fe19:233c%vr0 prefixlen 64 scopeid 0x1
inet 83.143.43.59 netmask 0xffffff00 broadcast 83.143.43.255
inet6 2001:470:a013:0:20d:b9ff:fe19:233c prefixlen 64
inet6 2001:470:a013:: prefixlen 64 anycast
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
inet 127.0.0.1 netmask 0xff000000
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33204
gif1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 83.143.43.59 --> 216.66.80.30
inet6 fe80::20d:b9ff:fe19:233c%gif1 prefixlen 64 scopeid 0x8
inet6 2001:470:1f0a:a08::2 prefixlen 64
Everything looks fine to me.
You're not blocking protocol 41 anywhere? What does tcpdump show?
ping6 2001:470:1f0a:a08::1
tcpdump: WARNING: gif1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gif1, link-type NULL (BSD loopback), capture size 96 bytes
18:29:26.335024 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 0, length 16
18:29:27.335098 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 1, length 16
18:29:28.334697 IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 2, length 16
tcpdump -ni vr0 host 216.66.80.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
18:29:26.335202 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 0, length 16
18:29:27.335128 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 1, length 16
18:29:28.334729 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:470:1f0a:a08::1: ICMP6, echo request, seq 2, length 16
ping6 ipv6.google.com
tcpdump -ni gif1
tcpdump: WARNING: gif1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gif1, link-type NULL (BSD loopback), capture size 96 bytes
18:30:37.998292 IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 0, length 16
18:30:38.998415 IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 1, length 16
18:30:39.998236 IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 2, length 16
tcpdump -ni vr0 host 216.66.80.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
18:30:37.998341 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 0, length 16
18:30:38.998446 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 1, length 16
18:30:39.998266 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:4860:a005::68: ICMP6, echo request, seq 2, length 16
ping my IPv6 2001:470:1f0a:a08::2 from http://www.subnetonline.com/pages/ipv6-network-tools/online-ipv6-ping.php
PING 2001:470:1f0a:a08::2(2001:470:1f0a:a08::2) 32 data bytes
--- 2001:470:1f0a:a08::2 ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms
tcpdump -ni gif1
tcpdump: WARNING: gif1: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on gif1, link-type NULL (BSD loopback), capture size 96 bytes
18:31:52.818923 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 0, length 40
18:31:52.819028 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 0, length 40
18:31:53.819208 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 1, length 40
18:31:53.819324 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 1, length 40
18:31:54.817239 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 2, length 40
18:31:54.817344 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 2, length 40
18:31:55.819817 IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 3, length 40
18:31:55.819930 IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 3, length 40
tcpdump -ni vr0 host 216.66.80.30
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vr0, link-type EN10MB (Ethernet), capture size 96 bytes
18:31:52.818886 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 0, length 40
18:31:52.819056 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 0, length 40
18:31:53.819169 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 1, length 40
18:31:53.819356 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 1, length 40
18:31:54.817201 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 2, length 40
18:31:54.817375 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 2, length 40
18:31:55.819780 IP 216.66.80.30 > 83.143.43.59: IP6 2001:1af8:4200:b000:20c:29ff:fe6b:49d2 > 2001:470:1f0a:a08::2: ICMP6, echo request, seq 3, length 40
18:31:55.819957 IP 83.143.43.59 > 216.66.80.30: IP6 2001:470:1f0a:a08::2 > 2001:1af8:4200:b000:20c:29ff:fe6b:49d2: ICMP6, echo reply, seq 3, length 40
And this is very strange becasue there is traffic in and out but the icmp don't reach the target
My pf.rules are clear, is only nat for localnet.
Did you bother to read reply #7?
Yes, I tried
ifconfig gif1 inet 192.168.4.1 netmask 255.255.255.255
ifconfig: ioctl (SIOCAIFADDR): Destination address required
Quote from: Greg33 on October 27, 2009, 12:27:41 PM
Yes, I tried
ifconfig gif1 inet 192.168.4.1 netmask 255.255.255.255
ifconfig: ioctl (SIOCAIFADDR): Destination address required
I think he means assign the IPv4 address for your outside interface (83.143.43.59/32) to the gif0 interface also, not just as a tunnel endpoint address, but as an interface address too. Must be some sort of BSD retardation. :P
What's odd is that you can see the traffic from the pings from that web site coming to your 6in4 interface, and the associated 6in4 traffic from the tunnel server. But your outgoing pings generate no 6in4 replies from the tunnel server. It's almost is if
outgoing 6in4 traffic is being blocked further down the line.
I'd double and triple check your BSD boxes firewall and other security settings. BSD tends to be pretty "locked down" from the factory. Perhaps IPv6 uses a separate instance of pf than IPv4 (although the tcpdump show the traffic going out). Also, if there are further network firewalls on the path to your ISP, make sure they allow 6in4 (IP proto 41).
EDIT: Perhaps as an experiment, you might want to try setting up a 6in4 tunnel with local computer, perhaps on a different subnet, just to make sure it's not BSD being stupid. Then, try setting one up with a friend outside your ISP. That way you can both monitor the traffic to see if the 6in4 traffic is actually making it out for your BSD box and/or ISP.
FWIW, I didn't have to assign my public IP address to my gif interface. And yes, there are a different set of PF rules for IPv6 then are used for IPv4. Out of the box, there is no firewall installed on FreeBSD and it didn't take me a whole lot of work to get mine working (once I figured out the correct /etc/rc.conf settings)
Thank you for your help.
I wrote to HE support and got message that they didn't see traffic from my side of the tunnel, so I think the problem is with my ISP.
Greg
RE: Reply #27 - Exactly. My unix variation requires the IPv4 address on the "0" encapsulation interface so that the source IPv4 is set properly.
Yeah that sucks. There's definitely ISPs out there I've heard of that filter various perfectly legit traffic such as 6in4. I guess yours is one of 'em.