Hurricane Electric's IPv6 Tunnel Broker Forums

Tunnelbroker.net Specific Topics => Questions & Answers => Topic started by: bachawiss on March 06, 2013, 03:50:31 PM

Title: can't ping Server IPv6 Address
Post by: bachawiss on March 06, 2013, 03:50:31 PM
Hi
I am tunnel broker in gns3 cisco router
I can ping the ipv4 server address but,not ipv6 address,so i can't ping any ipv6 address
Server IPv4 Address:216.66.84.42
Server IPv6 Address:2001:470:1f12:1155::1/64
Client IPv4 Address:197.15.27.141
Client IPv6 Address:2001:470:1f12:1155::2/64

And the router running config  :
Quote
ipv6 unicast-routing
ipv6 cef

interface Tunnel0
no ip address
ipv6 address 2001:470:1F12:1155::2/64
ipv6 enable
tunnel source 192.168.137.10
tunnel destination 216.66.84.42
tunnel mode ipv6ip
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 192.168.137.10 255.255.255.0
duplex auto
speed auto
Thank for help
Title: Re: can't ping Server IPv6 Address
Post by: broquea on March 06, 2013, 04:08:59 PM
So what is the NAT/firewall/router appliance upstream of this? Because there is a chance it is filtering Protocol 41 to hosts behind it. Otherwise your config looks correct aside from a missing default IPv6 route. The HE side definitely responds when pinged.
Title: Re: can't ping Server IPv6 Address
Post by: bertrand1980 on March 06, 2013, 04:59:43 PM
Hi,
I had the same issue. I had an ACL on my Cisco router and added the line "permit 41 any any" and it worked after that (being able to ping the server).
I'm just wondering what this protocol 41 is and if i had to allow it for anyone or only for the ipv4 server address.
Title: Re: can't ping Server IPv6 Address
Post by: cholzhauer on March 06, 2013, 05:09:36 PM
Protocol 41 is what is used to carry the traffic on the tunnel... The HE tunnel users 6in4 which uses proto41.  You only have to allow it for  the device hosting the tunnel.
Title: Re: can't ping Server IPv6 Address
Post by: bertrand1980 on March 06, 2013, 05:32:15 PM
Thanks.
I wonder if it would be wise to add a few more hints to the configuration exemples tab when creating the tunnel, like explaining that the routed /64 has to be added to an interface in the LAN (i missed that so i guess other would too).
Title: Re: can't ping Server IPv6 Address
Post by: bertrand1980 on March 06, 2013, 05:39:58 PM
I must be blind. i just checked again and the info is there. Did someone just added it a moment ago or am i losing my mind ?
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 12:25:51 AM
I added this acl to 41,echo and echo reply in the fa1/0 connetcted to internet
But i still cannot ping
Quote
ipv6 unicast-routing
ipv6 cef


interface Tunnel0
no ip address
ipv6 address 2001:470:1F12:1155::2/64
ipv6 enable
tunnel source 192.168.137.10
tunnel destination 216.66.84.42
tunnel mode ipv6ip

!
interface FastEthernet1/0
ip address 192.168.137.10 255.255.255.0
ip access-group 110 in
duplex auto
speed auto

ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 192.168.137.1
no ip http server
no ip http secure-server

access-list 110 permit 41 any any
access-list 110 permit icmp any any echo-reply
access-list 110 permit icmp any any echo
ipv6 route ::/0 Tunnel0

R7(config)#int fastEthernet 1/0
R7(config-if)#ip access-group 110 in
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 06:52:30 AM
If you see the capture file,in the picture, i have not echo reply,that the router has rejected,if it was acl problem i see the echo reply
what is the problem ??
I do the capture in the link between the routeur fa1/0 and the cloud,in gns3
Title: Re: can't ping Server IPv6 Address
Post by: cholzhauer on March 07, 2013, 06:53:32 AM
You never answered reply#1 above...
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 07:10:40 AM
Quote from: cholzhauer on March 07, 2013, 06:53:32 AM
You never answered reply#1 above...
I don't use any firewall,I use nat to share connexion to GNS3
Title: Re: can't ping Server IPv6 Address
Post by: cholzhauer on March 07, 2013, 07:11:53 AM
What's the device that's directly ahead of your router in the upstream path?
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 07:14:13 AM
it's directly connected to LAN
Title: Re: can't ping Server IPv6 Address
Post by: broquea on March 07, 2013, 07:52:57 AM
Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?

QuoteI use nat to share connexion to GNS3
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 08:19:23 AM
Quote from: broquea on March 07, 2013, 07:52:57 AM
Lets try this again. Your Cisco emulator has an RFC1918 IP address. What is acting as the NAT gateway for that IP range? What is the 192.168.137.1 device?

QuoteI use nat to share connexion to GNS3
I have a wireless LAN 192.168.1.0 /24
I use a loopback adaptor,to connect routers in GNS3,which is a virtual LAN CARD,her ip address is 192.168.137.1
I shared connexion between loopback card and wireless card by the NAT it translate the ip adresses in 192.168.137.0 to 192.168.1.0
so Loopback CARD(192.168.137.0) ->wirelessLAN(192.168.1.0)->WAN
my cisco router is connected to 192.168.137.0 network,and it ping wan ipv4 adresses
Title: Re: can't ping Server IPv6 Address
Post by: broquea on March 07, 2013, 08:30:41 AM
So you have DOUBLE NAT it sounds like. So now you need to make certain that both NATs "between loopback card and wireless card" as well as the device with 197.15.27.141 configured on it aren't filtering Protocol 41. Also the word is "connection".
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 08:38:05 AM
Quote from: broquea on March 07, 2013, 08:30:41 AM
So you have DOUBLE NAT it sounds like. So now you need to make certain that both NATs "between loopback card and wireless card" as well as the device with 197.15.27.141 configured on it aren't filtering Protocol 41. Also the word is "connection".
The system firewall is disabled,how can I check that 41 is not filtered
For the word "connection",I am sorry,In french it's written " connexion" I have not make attention
I used before a tunnel in wireless card,and it has worked perfectly
Title: Re: can't ping Server IPv6 Address
Post by: broquea on March 07, 2013, 09:17:00 AM
If the tunnel worked all the way up to the wireless card, in front of this second NAT you configured, you'd need to look at how that NAT got set up. You could packet capture on that system and see if Protocol 41 packets are making their way out of the virtual lab and out that wireless card.
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 10:01:03 AM
when i launch a packet capture in loopback interface,i have seen only echo request ,and not echo reply
when i launch the capture in wireless interface i have not seen any ipv6 packet,but when I ping an ipv4 address,I have seen
the packets,and with ip address translated
Title: Re: can't ping Server IPv6 Address
Post by: bachawiss on March 07, 2013, 10:56:55 AM
I changed the interface to Local interface and it has worked :)
thanks