Hi, all:
I have created a ipv6 tunnel on a Fedora server with the following commands:
modprobe ipv6
ip tunnel add he-ipv6 mode sit remote 74.82.46.6 local 10.21.0.8 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:23:5d8::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
I use the private IP address(10.21.0.8) instead of my public address(114.xx.xx.xx)
But when I finish all the steps and ping6 a ipv6 address like 2001:470:23:5d8::1 or www.kame.net,
The response will always show "Destination unreachable: Address unreachable"
Could someone tell me where I have gone wrong?
Thanks.
Are you able to ping the HE side of the tunnel?
Is your router router properly forwarding protocol41?
I can ping the IPv4 address of the remote tunnel end point, but not work with the IPv6 address. ???
And my router can forward the proto41 packets.
Yeah I meant if you could ping the ipv6 address. How do you know your router can forward protocol 41?
Because someone else has done this before ...
Someone with your computers and network, or just someone on the 'net? :)
Post useful stuff like interface configurations and routing table on the machine trying to use the tunnel.
What model NAT appliance are you behind?
Have you tried putting your host in it's DMZ?
Someone on the same net.
The following is the output of 'ifconfig -a'.
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: fe80::a00:20f/128 Scope:Link
inet6 addr: 2001:470:23:5d8::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:936 (936.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:452 errors:0 dropped:0 overruns:0 frame:0
TX packets:452 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:63991 (62.4 KiB) TX bytes:63991 (62.4 KiB)
p16p1 Link encap:Ethernet HWaddr 08:00:27:29:AA:C9
inet addr:10.21.0.8 Bcast:10.21.0.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe29:aac9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:718 errors:0 dropped:0 overruns:0 frame:0
TX packets:952 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:263530 (257.3 KiB) TX bytes:122182 (119.3 KiB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Output of 'ip addr':
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: p16p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:29:aa:c9 brd ff:ff:ff:ff:ff:ff
inet 10.21.0.8/24 brd 10.21.0.255 scope global p16p1
inet6 fe80::a00:27ff:fe29:aac9/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
12: he-ipv6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN
link/sit 10.21.0.8 peer 74.82.46.6
inet6 2001:470:23:5d8::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::a00:20f/128 scope link
valid_lft forever preferred_lft forever
And here is the 'tcpdump -i he-ipv6 ip6' record when I ping6 to the server side of the tunnel:
14:32:21.724235 IP6 yang0914-1-pt.tunnel.tserv22.tyo1.ipv6.he.net > yang0914-1.tunnel.tserv22.tyo1.ipv6.he.net: ICMP6, echo request, seq 1, length 64
14:32:22.730144 IP6 yang0914-1-pt.tunnel.tserv22.tyo1.ipv6.he.net > yang0914-1.tunnel.tserv22.tyo1.ipv6.he.net: ICMP6, echo request, seq 2, length 64
14:32:23.731075 IP6 yang0914-1-pt.tunnel.tserv22.tyo1.ipv6.he.net > yang0914-1.tunnel.tserv22.tyo1.ipv6.he.net: ICMP6, echo request, seq 3, length 64
14:32:24.731518 IP6 yang0914-1-pt.tunnel.tserv22.tyo1.ipv6.he.net > yang0914-1.tunnel.tserv22.tyo1.ipv6.he.net: ICMP6, echo request, seq 4, length 64
14:32:25.733127 IP6 yang0914-1-pt.tunnel.tserv22.tyo1.ipv6.he.net > yang0914-1.tunnel.tserv22.tyo1.ipv6.he.net: ICMP6, echo request, seq 5, length 64
tcpdump -i p16p1 -n proto 41 -vv
will be more usefull
Hello!
I hope the OP don't mind that I "hijack" this thread, because I pretty much have the exact same problem, although I use Debian Wheezy.
I cannot ping6 any ipv6 addresses, all I get back is:
ping6 ipv6.google.com
PING ipv6.google.com(la-in-x93.1e100.net) 56 data bytes
From magnuswallin-1-pt.tunnel.tserv24.sto1.ipv6.he.net icmp_seq=1 Destination unreachable: Address unreachable
The only ipv6 address I can successfully ping is my own endpoint:
ping6 2001:470:27:6d9::2
PING 2001:470:27:6d9::2(2001:470:27:6d9::2) 56 data bytes
64 bytes from 2001:470:27:6d9::2: icmp_seq=1 ttl=64 time=0.165 ms
I can not reach the HE endpoint:
ping6 2001:470:27:6d9::1
PING 2001:470:27:6d9::1(2001:470:27:6d9::1) 56 data bytes
From 2001:470:27:6d9::2 icmp_seq=1 Destination unreachable: Address unreachable
When I set this up, I followed this excellent guide (http://www.tunnelbroker.net/forums/index.php?topic=1642.0). And here is what my /etc/network/interfaces looks like:
# Entries for the ipv6 tunnel below
auto ipv6_tunnel
iface ipv6_tunnel inet6 v4tunnel
address 2001:470:27:6d9::2
netmask 64
endpoint 216.66.80.90
local 49.99.222.99 # <- that is not my actual ip!
gateway 2001:470:27:6d9::1
ttl 255
dns-nameservers 2001:470:20::2 74.82.42.42
A traceroute indeed tells me that the host is down. And here is the output of ip route:
ip -6 route
2001:470:27:6d9::1 dev ipv6_tunnel metric 1024
2001:470:27:6d9::/64 via :: dev ipv6_tunnel proto kernel metric 256
fe80::/64 dev wlan0 proto kernel metric 256
fe80::/64 via :: dev ipv6_tunnel proto kernel metric 256
default via 2001:470:27:6d9::1 dev ipv6_tunnel metric 1024
I have tried to disable ALL firewalls, both in the router (NAT), and on the server itself, to no avail. I also tried putting the server in the NAT's DMZ, no change.
If someone sees any obvious errors in my setup, I would appreciate if you could point them out. Also, there is talk of routers potentially not forwarding protocol 41. I honestly have no idea if my router does that or not, if you could tell me how to find out I'd be happy to try that out.
Thanks for reading and kind regards,
MW
Edit: I just want to let you know that ipv4 access (globally and locally) to the server works just fine!
Edit2: SOLVED! Funny, I changed my /etc/network/interfaces to my internal ip:
# Entries for the ipv6 tunnel below
auto ipv6_tunnel
iface ipv6_tunnel inet6 v4tunnel
address 2001:470:27:6d9::2
netmask 64
endpoint 216.66.80.90
local 192.168.1.160
gateway 2001:470:27:6d9::1
ttl 255
dns-nameservers 2001:470:20::2 74.82.42.42
And all of a sudden it works! However, I tried this yesterday - and then it didn't work ???
Anyways, it seems to be working fine for now. I hope maybe this information can be of help to someone else.
Best regards,
MW
That's exactly why the following is on the example configuration pages:
QuoteNOTE: When behind a firewall appliance that passes protocol 41, use the IPv4 address you get from your appliance's DHCP service instead of the IPv4 endpoint you provided to our broker.
Quote from: kcochran on September 27, 2013, 04:12:26 AM
That's exactly why the following is on the example configuration pages:
QuoteNOTE: When behind a firewall appliance that passes protocol 41, use the IPv4 address you get from your appliance's DHCP service instead of the IPv4 endpoint you provided to our broker.
Yes, I realize that. I also tried that yesterday - then it didn't work, but today it did. For a while...
Now, after rebooting the server, I am (almost) back at square one:
ping6 ipv6.google.com
PING ipv6.google.com(lb-in-x63.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
28 packets transmitted, 0 received, 100% packet loss, time 27216ms
This is frustrating!
Edit: Ok, it seems as if I get a new IP (external ipv4) from my isp at infrequent intervals. Sigh, better call them.
Edit 2: Ok, I called my isp. Apparently there has been a fire in their cables nearby, and they are currently working on fixing that - which means that the system is undergoin constant changes. I think this is the root of all my problems; the ever-changing external ipv4 address!