Hi,
I have just created a IPv6 tunnel over IPv4,
but it won't work.
Any suggestion is highly welcome!!
My node is Linode's Ubuntu 10.04 TLS virtual box.
=== /etc/network/interfaces ===
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
address 2001:470:1f04:f28::dead:beef
netmask 64
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
address 2001:470:1f04:f28::2
netmask 64
endpoint 72.54.104.74
local 173.230.157.78
gateway 2001:470:1f04:f28::1
ttl 255
=========================
After reboot, I got these interfaces and routes;
=========================
# ifconfig
eth0 Link encap:Ethernet HWaddr fe:fd:ad:e6:9d:4e
inet addr:173.230.157.78 Bcast:173.230.157.255 Mask:255.255.255.0
inet6 addr: 2001:470:1f04:f28::dead:beef/64 Scope:Global
inet6 addr: fe80::fcfd:adff:fee6:9d4e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5854 errors:0 dropped:0 overruns:0 frame:0
TX packets:2801 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:538608 (538.6 KB) TX bytes:369878 (369.8 KB)
Interrupt:28
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: fe80::ade6:9d4e/128 Scope:Link
inet6 addr: 2001:470:1f04:f28::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:20143 (20.1 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:90 errors:0 dropped:0 overruns:0 frame:0
TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:11187 (11.1 KB) TX bytes:11187 (11.1 KB)
=========================
# netstat -nr4
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
173.230.157.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 173.230.157.1 0.0.0.0 UG 0 0 0 eth0
# netstat -nr6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
::1/128 :: Un 0 1 11 lo
2001:470:1f04:f28::1/128 :: U 1024 0 1 he-ipv6
2001:470:1f04:f28::2/128 :: Un 0 1 12 lo
2001:470:1f04:f28::dead:beef/128 :: Un 0 1 5 lo
2001:470:1f04:f28::/64 :: Un 256 0 0 he-ipv6
2001:470:1f04:f28::/64 :: U 256 0 0 eth0
fe80::ade6:9d4e/128 :: Un 0 1 5 lo
fe80::fcfd:adff:fee6:9d4e/128 :: Un 0 1 0 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: Un 256 0 0 he-ipv6
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 he-ipv6
::/0 2001:470:1f04:f28::1 UG 1024 0 112 he-ipv6
::/0 :: !n -1 1 1 lo
=========================
Now, ping6 to the remote IPv6 address won't get answer,
both in ping6 and tcpdump output.
=========================
# ping6 -c 3 2001:470:1f04:f28::1
PING 2001:470:1f04:f28::1(2001:470:1f04:f28::1) 56 data bytes
--- 2001:470:1f04:f28::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
=========================
# tcpdump -i he-ipv6 -n
11:53:21.848084 IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 1, length 64
11:53:22.847932 IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 2, length 64
11:53:23.847966 IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 3, length 64
=========================
# tcpdump -i eth0 -n host 72.54.104.74
11:53:21.848122 IP 173.230.157.78 > 72.54.104.74: IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 1, length 64
11:53:22.847959 IP 173.230.157.78 > 72.54.104.74: IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 2, length 64
11:53:23.847992 IP 173.230.157.78 > 72.54.104.74: IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 3, length 64
=========================
I am not familiar to iptables, but it doesn't seem to drop anything.
Anyway, I didn't change iptables configuration since installation of this ubuntu.
=========================
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
=========================
Thank you very much!!
moto
Yay, all your ipv6 ip's are on the same subnet. That just is not going to work, as you noticed.
the tunnel page gives you 2 sets of ip's to use, one for the tunnel (he-ipv6 interface) and one you can use on your network (eth0)
I dunno what your other range is, you will have to log into your tunnel config and check, and see what one is not correct.
Hi patrickdk,
Thank you very much !!
> Yay, all your ipv6 ip's are on the same subnet. That just is not going to work, as you noticed.
You are right, I was a bone-headed man to use same segment on two interfaces. Uguaah.
But even after correcting eth0 address, it doesn't work.
ping6 and tcpdump show the same picture (I can see outgoing packets but no incoming)
I will destroy this tunnel and re-create it.
Still I am looking forward to any suggestion.
Thank you very much.
moto
First mistake: eth0 - "1f04"? Should be 1f05.
Second mistake: ip6tables? You didn't list your rules (if any), so we can't tell you if you have a firewall problem.
Thank you, snarked
I am double bone-headed to mistype the remote IPv4 address.
And fixing it bring me the tunnel working!!
Thank you very very much.
moto
> First mistake: eth0 - "1f04"? Should be 1f05.
Yes, this was corrected and rebooted. See command out put below.
> Second mistake: ip6tables? You didn't list your rules (if any), so we can't tell you if you have a firewall problem.
ip6tables shows as following;
==========
# ip6tables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
==========
# ifconfig
eth0 Link encap:Ethernet HWaddr fe:fd:ad:e6:9d:4e
inet addr:173.230.157.78 Bcast:173.230.157.255 Mask:255.255.255.0
inet6 addr: 2001:470:1f05:f28::1/64 Scope:Global <== corrected.
inet6 addr: fe80::fcfd:adff:fee6:9d4e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:848 errors:0 dropped:0 overruns:0 frame:0
TX packets:606 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:75182 (75.1 KB) TX bytes:102742 (102.7 KB)
Interrupt:28
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: fe80::ade6:9d4e/128 Scope:Link
inet6 addr: 2001:470:1f04:f28::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:832 (832.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:82 errors:0 dropped:0 overruns:0 frame:0
TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10376 (10.3 KB) TX bytes:10376 (10.3 KB)
==========
The obvious thing to check is if you actually allow the 6-in-4 traffic in your IPv4 iptables.