HE tunnel with virtual-router on SRX not working any help please
Configuration that works related to IPV6 and tunnel
Real interface and ip tunnel none virtual route
interfaces {
ge-0/0/0 {
unit 0 {
family inet {
address 70.88.135.217/28;
}
}
}
ip-0/0/0 {
unit 0 {
tunnel {
source 70.88.135.217;
destination 216.66.22.2;
}
family inet6 {
address 2001:470:7:9e7::2/64;
}
}
}
routing-optoins with out virtual route
routing-options {
rib inet6.0 {
static {
route ::/0 next-hop 2001:470:7:9e7::1;
}
}
static {
route 0.0.0.0/0 next-hop 70.88.135.222;
}
}
Security zones with out virtual route
security-zone IPV6-untrust {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
ge-0/0/0.0;
ip-0/0/0.0;
}
}
results of ping to ipv4
root@gatekeeper# run ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=42 time=29.841 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=42 time=34.638 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=42 time=45.059 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=42 time=29.123 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max/stddev = 29.123/34.665/45.059/6.364 ms
results of ping to ipv6 address
root@gatekeeper# run ping ipv6.google.com
PING6(56=40+8+8 bytes) 2001:470:7:9e7::2 --> 2607:f8b0:4004:802::1011
16 bytes from 2607:f8b0:4004:802::1011, icmp_seq=0 hlim=59 time=65.543 ms
16 bytes from 2607:f8b0:4004:802::1011, icmp_seq=1 hlim=59 time=66.740 ms
16 bytes from 2607:f8b0:4004:802::1011, icmp_seq=2 hlim=59 time=32.758 ms
16 bytes from 2607:f8b0:4004:802::1011, icmp_seq=3 hlim=59 time=30.691 ms
16 bytes from 2607:f8b0:4004:802::1011, icmp_seq=4 hlim=59 time=24.021 ms
^C
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/std-dev = 24.021/43.951/66.740/18.351 ms
Route used in current setup
root@gatekeeper# run show route
inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:15:04
> to 70.88.135.222 via ge-0/0/0.0
70.88.135.208/28 *[Direct/0] 00:15:04
> via ge-0/0/0.0
70.88.135.217/32 *[Local/0] 00:15:04
Local via ge-0/0/0.0
inet6.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
::/0 *[Static/5] 00:10:01
> to 2001:470:7:9e7::1 via ip-0/0/0.0
2001:470:7:9e7::/64*[Direct/0] 00:10:02
> via ip-0/0/0.0
2001:470:7:9e7::2/128
*[Local/0] 00:10:02
Local via ip-0/0/0.0
fe80::/64 *[Direct/0] 00:10:02
> via ip-0/0/0.0
fe80::56e0:3200:64:ee00/128
*[Local/0] 00:10:02
Local via ip-0/0/0.0
root@gatekeeper# show
instance-type virtual-router;
interface ge-0/0/0.0;
interface ip-0/0/0.0;
routing-options {
rib IPV6.inet6.0 {
static {
route ::/0 next-hop 2001:470:7:9e7::1;
}
}
static {
route 0.0.0.0/0 next-hop 70.88.135.222;
}
}
[edit routing-instances IPV6]
I can ping a ipv4 address
root@gatekeeper# run ping routing-instance IPV6 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=42 time=38.846 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=42 time=28.538 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=42 time=30.479 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 28.538/32.621/38.846/4.472 ms
but when I ping an IPV6 address I get this
root@gatekeeper# run ping routing-instance IPV6 2607:f8b0:4004:802::1011
PING6(56=40+8+8 bytes) 2001:470:7:9e7::2 --> 2607:f8b0:4004:802::1011
ping: sendmsg: No route to host
ping6: wrote 2607:f8b0:4004:802::1011 16 chars, ret=-1
ping: sendmsg: No route to host
ping6: wrote 2607:f8b0:4004:802::1011 16 chars, ret=-1
ping: sendmsg: No route to host
ping6: wrote 2607:f8b0:4004:802::1011 16 chars, ret=-1
ping: sendmsg: No route to host
ping6: wrote 2607:f8b0:4004:802::1011 16 chars, ret=-1
^C
--- 2607:f8b0:4004:802::1011 ping6 statistics ---
4 packets transmitted, 0 packets received, 100% packet loss
copy of routing table
IPV6.inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
0.0.0.0/0 *[Static/5] 00:34:38
> to 70.88.135.222 via ge-0/0/0.0
70.88.135.208/28 *[Direct/0] 00:35:34
> via ge-0/0/0.0
70.88.135.217/32 *[Local/0] 00:35:34
Local via ge-0/0/0.0
IPV6.inet6.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2001:470:7:9e7::2/128
*[Local/0] 00:35:34
Reject
fe80::56e0:3200:64:ee00/128
*[Local/0] 00:35:34
Reject
Now I do see one problem IPV6.inet6.0 shows reject
show interface terse results
root@gatekeeper# run show interfaces terse
Interface Admin Link Proto Local Remote
ge-0/0/0 up up
ge-0/0/0.0 up up inet 70.88.135.217/28
gr-0/0/0 up up
ip-0/0/0 up up
ip-0/0/0.0 up down inet6 2001:470:7:9e7::2/64
fe80::56e0:3200:64:ee00/64
I am not familiar with that config format, but what I did notice is that the IP address of the tunnel server (216.66.22.2) is nowhere to be found in the new configuration. Obviously it needs to be somewhere. Did you perhaps leave out some relevant part of the configuration?
When creating a virtual router interfaces that are already setup are used so in the first setup I used ge-0/0/0.0 as my real external interface with the IPV4 address the tunnel knows about and interface ip-0/0/0.0 as the tunnel. That works with no problems now when I take those interfaces and move them over to the virtual router and add the rib route. I can now ping any ipv4 address with the virtual router I also made sure I could ping the IPV4 address for an external site and that worked. But the tunnel does not work at all under a virtual route.
instance-type virtual-router;
interface ge-0/0/0.0;
interface ip-0/0/0.0;
routing-options {
rib IPV6.inet6.0 {
static {
route ::/0 next-hop 2001:470:7:9e7::1;
}
}
static {
route 0.0.0.0/0 next-hop 70.88.135.222;
}
}