• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 server not reachable from host, however reachable from DIR-825

Started by kili2106, February 03, 2015, 07:52:46 AM

Previous topic - Next topic

kili2106

I am bringing up a HE tunnel to my home router Dlink DIR-825 Hardware Version: B1     Firmware Version: 2.09NA.
I have config all what i need with 6in4 tunnel configurations on my router.
I enabled ICMP to have IPv4 tunnel up. And I have IPv4 reachability to the HE IPv4 server
I do ping6 tests  from my Dlink to the server IPv6 address and it works. However, when i try to ping the same IPv6 from my PC behind the router, it doesnt work.
my laptop gets the IPv6 address from the LAN i have assigned from HE and configured on my Dlink as well. I can succesfully ping to the LAN default gw from my laptop.
So the Ipv6 in ipv4 tunnel is up and running, but i could not reach the IPv6 HE server from my laptop behind my router.
I guess is something related to NAT/protocol 41. But i dont find out the way to have reachability to the HE IPv6 server from my laptop.
Does anyone knows whats happening? and how to solve it?

THANKS!! :D

cholzhauer

Nothing to do what NAT on IPv6

Protocol 41 works as you've proven your tunnel is up and working with the ping tests.

How are you assigning addresses from your router to hosts behind the router?

kili2106

Yes, my laptop shows the IPv6 addr that i got from my lan. And I ping the LAN default gw from my laptop and works.
Even the IPV6 routing table on my laptop shows the default route ::/0 to the link local addr from my router...

In ipv4 i am assigning with DHCPv4.
in ipv6 i am assigning with Enable automatic IPv6 address assignment (non DHCP-PD). SLAAC+Stateless DHCP.

broquea

Make certain you are using the ROUTED prefix and not the tunnels, for your LAN.

kili2106

Yes. I am assining to my LAN the routed /64 that HE assigned to me, that is different from the tunnel v6 subnet.

broquea

I guess post some screenshots of your config, don't hide the numbers, and maybe someone will catch the issue.

kili2106

Here is my IPv6 dlink config. since i cannot upload the jpeg file for some reason, i am pasting it. hope it helps


My IPv6 Connection is :     IPv6 in IPv4 tunnel

Remote IPv4 Address :    209.51.161.58
Remote IPv6 Address :    2001:470:4:571::1
Local IPv4 Address :    x.x.x.x
Local IPv6 Address :    2001:470:4:571::2


    Use the following IPv6 DNS servers: Yes
Primary IPv6 DNS Server :    2001:470:20::2

Enable DHCP-PD :   No
LAN IPv6 Address :   2001:470:5:571::1/64
LAN IPv6 Link-Local Address :     FE80::218:x/64

Enable automatic IPv6 address assignment :    Yes
Enable Automatic DHCP-PD in LAN :    Yes
Autoconfiguration Type :     SLAAC + Stateless DHCP
Router Advertisement Lifetime :      (minutes)




broquea

That looks 100% correct. You can probably drop the DHCP-PD on lan, but it there shouldn't affect routing.

2001:470:5:571::1 is definitely reachable. What is an IP on your lan?

kili2106

Here is a output from my Win7:

  IPv6 Address. . . . . . . . . . . : 2001:470:5:571:f158:c63e:cae3:6930
  Temporary IPv6 Address. . . . . . : 2001:470:5:571:59e:61b4:8129:2db

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination      Gateway
10    281 ::/0                     fe80::218:e7ff:fede:e915
  1    306 ::1/128                  On-link
10     33 2001:470:5:571::/64      On-link
10     41 2001:470:5:571::/64      fe80::218:e7ff:fede:e915
10    281 2001:470:5:571:59e:61b4:8129:2db/128
                                    On-link
10    281 2001:470:5:571:f158:c63e:cae3:6930/128
                                    On-link
10    281 fe80::/64                On-link
10    281 fe80::f158:c63e:cae3:6930/128
                                    On-link
  1    306 ff00::/8                 On-link
10    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination      Gateway
  0 4294967295 ::/0                     2001:470:4:571::1

broquea

That last Gateway entry seems odd. Since that is a hop upstream. Did you try creating the tunnel on your Windows machine at any point? Otherwise your other default route looks correct (assuming your obfuscated link-local matches that). Running MTR to 2001:470:5:571:f158:c63e:cae3:6930 it stops at the tserv hop and your router's hop doesn't come up next. Maybe email ipv6@he.net and have them verify the static route for your /64 is in place.

kcochran

It's definitely routed to your side.  I see the traffic going out, and no errors being reported back via a tcpdump.

I'm with broquea here.  That last gateway looks odd.  Should be your router's LAN-side IPv6 on the client systems (or its link-local), and not our side of the tunnel.  With the metric set that high, it shouldn't be used, but...

In any case, not seeing anything amiss here.

kili2106

I removed that odd default route. so the only default route is pointing to my router link local addr.
and it is not working as well....

do you see IPv6 traffic over the tunnel? because i see the tunnel v4 running from my side...however i cannot reach the server IPv6 assigned from HE.
Even i cannot reach this server ipv6 addr from any looking glass....here is a capture that holds on a HE hop...

Query Results:

Sprint Source Region: Dallas, TX (sl-dr10-dal)
IP Destination: 2001:470:5:571:f158:c63e:cae3:6930
Performing: ICMP Traceroute

Tracing the route to 2001:470:5:571:F158:C63E:CAE3:6930
  1 sl-crs1-fw-po0-10-5-2.v6.sprintlink.net (2600:0:2:1239:144:232:9:248) 12 msec 144 msec 4 msec
  2 sl-crs1-atl-bu-1.v6.sprintlink.net (2600:0:2:1239:144:232:11:224) 176 msec 204 msec 200 msec
  3 sl-st50-atl-xe-8-0-0.0.v6.sprintlink.net (2600:0:2:1239:144:232:2:209) 212 msec
    sl-st50-atl-xe-11-1-0.0.v6.sprintlink.net (2600:0:2:1239:144:232:1:214) 128 msec
    sl-st50-atl-xe-4-0-0.0.v6.sprintlink.net (2600:0:2:1239:144:232:1:212) 20 msec
  4 2001:478:132::75 28 msec 20 msec 20 msec
  5 10ge4-1.core1.mia1.he.net (2001:470:0:A6::1) 36 msec 36 msec 36 msec
  6 tserv1.mia1.he.net (2001:470:0:8C::2) 36 msec 44 msec 36 msec
  7  *  *  *
  8  *