Hi everyone,
I just signed up for a tunnel and have it up and running:
$ ping6 -n www.kame.net
PING www.kame.net(2001:200:0:8002:203:47ff:fea5:3085) 56 data bytes
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=1 ttl=52 time=191 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=2 ttl=52 time=191 ms
64 bytes from 2001:200:0:8002:203:47ff:fea5:3085: icmp_seq=3 ttl=52 time=191 ms
--- www.kame.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 191.008/191.276/191.712/0.592 ms
$
My tunnel endpoint is a Debian/Etch Linux box (2.6.22). However, when I try to traceroute, I don't get any responses until hop 6::
$ traceroute6 www.kame.net
traceroute to www.kame.net (2001:200:0:8002:203:47ff:fea5:3085) from 2001:470:1f06:62b::2, 30 hops max, 16 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 tky001ix10.IIJ.Net (2001:240:bb01:7::47) 190.297 ms 191.086 ms 205.125 ms
8 hitachi1.otemachi.wide.ad.jp (2001:200:0:1800::9c4:2) 190.401 ms 191.64 ms 190.587 ms
9 2001:200:0:1802:20c:dbff:fe1f:7200 (2001:200:0:1802:20c:dbff:fe1f:7200) 190.386 ms 190.083 ms 190.33 ms
10 ve42.foundry4.nezu.wide.ad.jp (2001:200:0:11::66) 190.315 ms 190.148 ms 190.601 ms
11 ve45.nec2.yagami.wide.ad.jp (2001:200:0:12::74) 192.829 ms 193.143 ms 193.155 ms
12 lo0.alaxala1.k2.wide.ad.jp (2001:200:0:4800::7800:1) 193.85 ms 193.287 ms 193.383 ms
13 orange.kame.net (2001:200:0:8002:203:47ff:fea5:3085) 191.097 ms 191.904 ms 191.366 ms
$
$ traceroute6 ipv6.google.com
traceroute to ipv6.l.google.com (2001:4860:0:2001::68) from 2001:470:1f06:62b::2, 30 hops max, 16 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 pr61.iad07.net.google.com (2001:504:0:2:0:1:5169:1) 14.611 ms !S 14.948 ms !S 14.207 ms !S
$
Do I have something borked in my configuration or is this normal behavior? Any info. would be appreciated. Thanks! -Arion
I can ping your ipv4 endpoint, but I cannot ping6 your side of the tunnel. Are you running ip6tables or have any firewall in place?
The tunnel is configured correctly on the tunnel-server.
I found the source of my problem: TTLs of IPv6 packets were getting inherited by the IPv4 tunneled packets. Found info about this at: http://people.debian.org/~csmall/ipv6/setup.html
QuoteIPv6 tunnels work by encapsulating ipv6 packets into ipv4 frames. The problem is, what TTL should the IPv4 packets use? By default they "inherit" their TTL from the IPv6 packet. Works great, stops routing loops and totally breaks traceroute6.
The magic command for me that fixed things was:
ip tunnel change he-ipv6 ttl 64
As for not being able to ping my side of the tunnel, I think I also screwed up my firewall config in that I didn't have a persistent rule to allow inbound protocol type 41. I'm guessing my initial connections were working fine because of connection/state-tracking in iptables.
Thanks for your help and the awesome broker service!
Arion