• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Address unreachable

Started by KuoKongQingYun, December 13, 2016, 07:01:39 PM

Previous topic - Next topic

KuoKongQingYun

I configure a tunnel on my "VPS1",but when I ping from "VPS2" to "VPS1",I "SOMETIMES" get:
[root@VPS2 ~]# ping6 VPS1.xxx.com
PING VPS1.xxx.com(xxxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net) 56 data bytes
From tserv1.ywg1.he.net icmp_seq=1 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=2 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=3 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=4 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=5 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=6 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=7 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=8 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=9 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=10 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=11 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=12 Destination unreachable: Address unreachable


When I got this,I ping from my "VPS1" to ipv6.google.com:
[root@VPS1 ~]# ping6 ipv6.google.com
PING ipv6.google.com(yyz08s10-in-x0e.1e100.net) 56 data bytes
64 bytes from yyz08s10-in-x0e.1e100.net: icmp_seq=1 ttl=59 time=5.51 ms
64 bytes from yyz08s10-in-x0e.1e100.net: icmp_seq=2 ttl=59 time=5.20 ms


Then I ping from VPS2 to VPS1 once again,and it become normal:
[root@VPS2 ~]# ping6 VPS1.xxx.com
PING VPS1.xxx.com(xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net) 56 data bytes
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=1 ttl=56 time=57.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=2 ttl=56 time=55.5 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=3 ttl=56 time=57.4 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=4 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=5 ttl=56 time=56.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=6 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=7 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=8 ttl=56 time=57.2 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=9 ttl=56 time=55.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=10 ttl=56 time=55.8 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=11 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=12 ttl=56 time=55.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=13 ttl=56 time=57.2 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=14 ttl=56 time=55.6 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=15 ttl=56 time=55.8 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=16 ttl=56 time=57.4 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=17 ttl=56 time=55.8 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=18 ttl=56 time=55.6 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=19 ttl=56 time=55.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=20 ttl=56 time=55.9 ms


But a few minutes later after no ipv6 connection exists,the problem appears again.

It looks like that the router of HE can't "remember" the "VPS1","VPS1" must connect to outer server forwardly,then router of HE can find the "VPS1" and outer server can reach VPS1.

I am sorry for my poor English.

What should I do to fix the problem?

kcochran

6in4 tunnels are stateless.  There's nothing on our side to remember or forget, beyond the IPv4/IPv6 address of your side, and those are ultimately statically configured.  If you have to send out traffic to get the tunnel operating again, there's likely a stateful firewall for IPv4 involved on your side.  If you've got an IPv4 firewall configured on VPS1, ensure it has explicit permits for the tunnel server's IPv4 address, and isn't relying on something like conntrack.

KuoKongQingYun

#2
As you said,I stopped the service of IPv4 firewall,then it works excellently.
So,I just add a white rule to IPv4 firewall for the IPv4 address of the tunnel server, and the problem is solved.

Thank you so much!