• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Help! IPv6 tunnel NOT working

Started by moto, August 10, 2010, 07:57:16 PM

Previous topic - Next topic

moto

Hi,

I have just created a IPv6 tunnel over IPv4,
but it won't work.
Any suggestion is highly welcome!!

My node is Linode's Ubuntu 10.04 TLS virtual box.

=== /etc/network/interfaces ===
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp
iface eth0 inet6 static
   address 2001:470:1f04:f28::dead:beef
   netmask 64

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
   address 2001:470:1f04:f28::2
   netmask 64
   endpoint 72.54.104.74
   local 173.230.157.78
   gateway 2001:470:1f04:f28::1
   ttl 255
=========================

After reboot, I got these interfaces and routes;
=========================
# ifconfig
eth0      Link encap:Ethernet  HWaddr fe:fd:ad:e6:9d:4e 
          inet addr:173.230.157.78  Bcast:173.230.157.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1f04:f28::dead:beef/64 Scope:Global
          inet6 addr: fe80::fcfd:adff:fee6:9d4e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5854 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2801 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:538608 (538.6 KB)  TX bytes:369878 (369.8 KB)
          Interrupt:28

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::ade6:9d4e/128 Scope:Link
          inet6 addr: 2001:470:1f04:f28::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:205 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:20143 (20.1 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:90 errors:0 dropped:0 overruns:0 frame:0
          TX packets:90 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:11187 (11.1 KB)  TX bytes:11187 (11.1 KB)
=========================
# netstat -nr4
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
173.230.157.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
0.0.0.0         173.230.157.1   0.0.0.0         UG        0 0          0 eth0

# netstat -nr6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::1/128                        ::                         Un   0   1    11 lo
2001:470:1f04:f28::1/128       ::                         U    1024 0     1 he-ipv6
2001:470:1f04:f28::2/128       ::                         Un   0   1    12 lo
2001:470:1f04:f28::dead:beef/128 ::                         Un   0   1     5 lo
2001:470:1f04:f28::/64         ::                         Un   256 0     0 he-ipv6
2001:470:1f04:f28::/64         ::                         U    256 0     0 eth0
fe80::ade6:9d4e/128            ::                         Un   0   1     5 lo
fe80::fcfd:adff:fee6:9d4e/128  ::                         Un   0   1     0 lo
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         Un   256 0     0 he-ipv6
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 he-ipv6
::/0                           2001:470:1f04:f28::1       UG   1024 0   112 he-ipv6
::/0                           ::                         !n   -1  1     1 lo
=========================

Now, ping6 to the remote IPv6 address won't get answer,
both in ping6 and tcpdump output.
=========================
# ping6 -c 3 2001:470:1f04:f28::1
PING 2001:470:1f04:f28::1(2001:470:1f04:f28::1) 56 data bytes

--- 2001:470:1f04:f28::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
=========================
# tcpdump -i he-ipv6 -n
11:53:21.848084 IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 1, length 64
11:53:22.847932 IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 2, length 64
11:53:23.847966 IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 3, length 64
=========================
# tcpdump -i eth0 -n host 72.54.104.74
11:53:21.848122 IP 173.230.157.78 > 72.54.104.74: IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 1, length 64
11:53:22.847959 IP 173.230.157.78 > 72.54.104.74: IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 2, length 64
11:53:23.847992 IP 173.230.157.78 > 72.54.104.74: IP6 2001:470:1f04:f28::2 > 2001:470:1f04:f28::1: ICMP6, echo request, seq 3, length 64
=========================


I am not familiar to iptables, but it doesn't seem to drop anything.
Anyway, I didn't change iptables configuration since installation of this ubuntu.
=========================
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
=========================


Thank you very much!!


moto

patrickdk

Yay, all your ipv6 ip's are on the same subnet. That just is not going to work, as you noticed.

the tunnel page gives you 2 sets of ip's to use, one for the tunnel (he-ipv6 interface) and one you can use on your network (eth0)

I dunno what your other range is, you will have to log into your tunnel config and check, and see what one is not correct.

moto

Hi patrickdk,

Thank you very much !!

> Yay, all your ipv6 ip's are on the same subnet. That just is not going to work, as you noticed.

You are right, I was a bone-headed man to use same segment on two interfaces. Uguaah.
But even after correcting eth0 address, it doesn't work.
ping6 and tcpdump show the same picture (I can see outgoing packets but no incoming)

I will destroy this tunnel and re-create it.

Still I am looking forward to any suggestion.

Thank you very much.

moto

snarked

First mistake:  eth0 - "1f04"?  Should be 1f05.

Second mistake:  ip6tables?  You didn't list your rules (if any), so we can't tell you if you have a firewall problem.

moto

Thank you, snarked

I am double bone-headed to mistype the remote IPv4 address.
And fixing it bring me the tunnel working!!

Thank you very very much.
moto

> First mistake:  eth0 - "1f04"?  Should be 1f05.

Yes, this was corrected and rebooted. See command out put below.

> Second mistake:  ip6tables?  You didn't list your rules (if any), so we can't tell you if you have a firewall problem.

ip6tables shows as following;
==========
# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination 
==========
# ifconfig
eth0      Link encap:Ethernet  HWaddr fe:fd:ad:e6:9d:4e 
          inet addr:173.230.157.78  Bcast:173.230.157.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1f05:f28::1/64 Scope:Global                                   <== corrected.
          inet6 addr: fe80::fcfd:adff:fee6:9d4e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:848 errors:0 dropped:0 overruns:0 frame:0
          TX packets:606 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:75182 (75.1 KB)  TX bytes:102742 (102.7 KB)
          Interrupt:28

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::ade6:9d4e/128 Scope:Link
          inet6 addr: 2001:470:1f04:f28::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:832 (832.0 B)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:82 errors:0 dropped:0 overruns:0 frame:0
          TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:10376 (10.3 KB)  TX bytes:10376 (10.3 KB)
==========

hvdkooij

The obvious thing to check is if you actually allow the 6-in-4 traffic in your IPv4 iptables.