Hi, I have just started trying to get a tunnel working, and the tunnel appears to come up OK, however I can't seem to get packets to route through the tunnel.
When I try to ping "ipv6.google.com" or "2404:6800:8004::68" (google's ipv6 address) then it doesn't attempt to send any packets out the tunnel.
# ping6 2404:6800:8004::68
connect: Network is unreachable
ping6 ipv6.google.com
connect: Network is unreachable
The script that I use to start the tunnel is as follows...
ip tunnel add he-ipv6 mode sit remote 72.52.104.74 local 192.168.1.253 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1f04:158f::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr
my routing table looks like this (I assume that the fe80 lines are the equivalent of localhost?)...
# ip -f inet6 route
2001:470:1f04:158f::/64 via :: dev he-ipv6 metric 256 expires 21334117sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.10 metric 256 expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.100 metric 256 expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.101 metric 256 expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.20 metric 256 expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6 metric 256 expires 21334102sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6 metric 1024 expires 21334133sec mtu 1480 advmss 1420 hoplimit 4294967295
I can ping my own address (and tcpdump shows no packets on the tunnel, as expected)
# ping6 2001:470:1f04:158f::2
PING 2001:470:1f04:158f::2(2001:470:1f04:158f::2) 56 data bytes
64 bytes from 2001:470:1f04:158f::2: icmp_seq=0 ttl=64 time=0.114 ms
When I ping an address within my /64 range, it sends it out the tunnel, and I can see it going out with tcpdump, and an ICMP redirect coming back through the tunnel. I presume that this is because I haven't yet configured any local ipv6 and that this is expected behaviour given the touring table above.
# ping6 2001:470:1f04:158f::8
PING 2001:470:1f04:158f::8(2001:470:1f04:158f::8) 56 data bytes
--- 2001:470:1f04:158f::8 ping statistics ---
73 packets transmitted, 0 received, 100% packet loss, time 71991ms
I am using CentOS 5.2
OK, I managed to fix it by adding the following line to my script...
ip route add 2000::/3 dev he-ipv6
I believe that this is a bit of a hack, but will look into it in more detail once I have a bit more experience with IPv6
I've seen that line included in instructions for certain variations of linux, but I can't remember off the top of my head which ones it was.
If it helps, I'm sure you're not the only one with that route in your config.
manual defaultroute broken in 2.6.20.[5..13], 2.6.21.[0..4], RHEL/CentOS 5.[012], use 2000::/3
Its a known problem.
OK, I am using 2.6.18 (the default for CentOS 5.2)
I read somewhere that it was broken for 2.4 kernels so I thought I would try it even though mine was 2.6.
I'd suggest :-
ip route add ::/0 dev he-ipv6
for the default route
rgds
lukec
for 2.6.18, try: ip route add 2000::/3 dev he-ipv6
Manual default route is pretty broken in that kernel for RHEL based distros.