I can't seem to get a tunnel to work properly on my linux box. It's running the Armel port of Ubuntu 9.04, and I added this to /etc/network/interfaces:
# IPv6 via HE tunnel
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
endpoint 72.52.104.74
local 10.0.0.2
ttl 255
address 2001:470:1f04:30b::2
netmask 64
mtu 1480
up ip -6 route add default dev he-ipv6
down ip -6 route del default dev he-ipv6
As you can see, my box is behind a router, but I've verified that the router can be pinged from the internet.
This interface is brought up with no apparant problems, but when I try ping, I get this:
$ ping6 ipv6.google.com
PING ipv6.google.com(qw-in-x68.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4006ms
I'm using OpenDNS, which may be returning a different address for ipv6.google.com, but when I try to add the ipv6 DNS server listed in my tunnel page to /etc/resolv.conf, DNS lookups against it always time out.
Also, should I be able to ping the server ipv6 address? I get this:
$ ping6 2001:470:1f04:30b::1
PING 2001:470:1f04:30b::1(2001:470:1f04:30b::1) 56 data bytes
^C
--- 2001:470:1f04:30b::1 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6005ms
These results are consistent. I tried taking the code directly from the HowTo topic and making this script:
modprobe ipv6
ipv4a=72.52.104.74
ipv4b=10.0.0.2
ipv6a=2001:470:1f04:30b::1
ipv6b=2001:470:1f04:30b::2
ip tunnel add he-ipv6 mode sit remote $ipv4a local $ipv4b ttl 255
ip link set he-ipv6 up
ip addr add $ipv6b dev he-ipv6
ip route add ::/0 dev he-ipv6
Running this as root doesn't give any different results.
The only odd behavior I've noticed is that I always wind up with an interface called sit0. It's down, but it's there, and I can't seem to delete it with "ip tunnel del sit0". I'm not sure what's going on there.
Edit:
Here's the output of "ifconfig -a":
debio@Cloud:~$ sudo ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:62:81:a0:00:00
inet addr:10.0.0.2 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::262:81ff:fea0:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:14334 errors:0 dropped:0 overruns:0 frame:0
TX packets:11490 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10417128 (10.4 MB) TX bytes:1461464 (1.4 MB)
Interrupt:11
he-ipv6 Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:1f04:30b::2/64 Scope:Global
inet6 addr: fe80::a00:2/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:4603 (4.6 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1695 errors:0 dropped:0 overruns:0 frame:0
TX packets:1695 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:136185 (136.1 KB) TX bytes:136185 (136.1 KB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
As you can see, he-ipv6 has received no data, and that zombie sit0 interface is still around.
Don't worry about sit0. There is a chance that whatever appliance you are behind that hands out the 10.x.x.x address might not pass Protocol41 to hosts behind it. Try putting the machine in it's DMZ, or check if the make/model has any remarks online about if it passes the protocol to hosts behind it.
Yep. Looks like your NAT isn't forwarding IP proto 41 (6in4) traffic to your router box. RX packets on that interface is zero. Make sure iptables isn't blocking it. And check ip6tables as well.
You may also want to try a lower MTU. Something on your path to or back from the HE tunnel server may be dropping your packets because of that MTU. Try something like 1280.