• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

No route to host error

Started by sonicrules1234, June 22, 2010, 02:19:28 PM

Previous topic - Next topic

sonicrules1234

Hi, I'm getting some errors when trying to connect using the tunnel.
I am getting a no route to host error.

Here's the output of ping6

westly@westly-laptop /usr/src/linux $ ping6 ipv6.google.com
PING ipv6.google.com(nuq04s01-in-x63.1e100.net) 56 data bytes
From sonicrules1234-1-pt.tunnel.tserv3.fmt2.ipv6.he.net icmp_seq=1 Destination unreachable: Address unreachable

I am using gentoo linux.

jimb

Need a bit more detail.  Did you add the IPv6 default route through your tunnel interface?

sonicrules1234

Not sure what you mean by default route.

Here is part of my ifconfig

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f04:cbe::2/64 Scope:Global
          inet6 addr: fe80::476c:8e08/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:219 dropped:0 overruns:0 carrier:219
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

patrickdk

still same question, ifconfig doesn't show anything useful, except your ip address :)

ip -6 route show

Will give the most useful info as far as that goes.

Here is how I configure my interface on a debian/ubuntu type system in /etc/network/interfaces

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
    address 2001:470:7:xxxx::2
    netmask 64
    local my.ipv4.ip.addr
    endpoint 216.66.22.2
    gateway ::216.66.22.2
    ttl 255
    mtu 1480


broquea

Can't ping his side of tunnel from the tunnel-server itself. I suspect NAT not passing Protocol41 or some route misconfiguration on client side.

jimb

Presuming you have the the actual tunnel up (not sure given the last post), you need a default route.

You'd add this by doing: 

ip route add default via <IPv6 of other side of tunnel (the ::1 address)> dev <tunnel device name>


Under gentoo you can add this in /etc/conf.d/net like this: 

routes_<tunnel device name>=( "default via <IPv6 of other side of tunnel (the ::1 address)> dev <tunnel device name>" )


Under ubuntu /etc/network/interfaces add the line to your inet6 v4tunnel section:

gateway <IPv6 of other side of tunnel (the ::1 address)>


As for the tunnel not working, test this by trying to ping the other side of the tunnel (gateway) from that machine.  If you can't get a ping even there, then your 6in4 tunnel isn't working.  Make sure firewall isn't blocking it.  If you're behind a NAT, make sure you're using the real address of the machine, not your NATed public IP.  Make sure your NAT box is passing IP protocol #41 to your router.

sonicrules1234

Sorry about not posting enough info.  I didn't know what to post :P
I tried using that command to add a default route.  Nothing seemed to happen.
Here is the output of ip -6 route show

westly@westly-laptop /usr/src/linux $ sudo ip -6 route show
2001:470:1f04:cbe::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
fe80::/64 dev wlan0  proto kernel  metric 256  mtu 1500 advmss 1440 hoplimit 0
fe80::/64 via :: dev he-ipv6  proto kernel  metric 256  mtu 1480 advmss 1420 hoplimit 0
ff00::/8 dev wlan0  metric 256  mtu 1500 advmss 1440 hoplimit 0
ff00::/8 dev he-ipv6  metric 256  mtu 1480 advmss 1420 hoplimit 0
default dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0
default via 2001:470:1f04:cbe::1 dev he-ipv6  metric 1024  mtu 1480 advmss 1420 hoplimit 0

patrickdk

Looks good to me, and I changed my routes to mirror what you have and it works here.

Probably like he said above, not passing protocol 41 over your router, or possible maybe your set the tunnel to the wrong ip?

sonicrules1234

How would I go about passing protocol41 over my router?

sonicrules1234

Ok, I changed the IP from my public one to my private one, 10.10.10.100.  Now I can connect, but its only one way.


westly-laptop westly # ping6 ipv6.google.comPING ipv6.google.com(nuq04s01-in-x93.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 3999ms

jimb

You only need to do that if your box doesn't actually have an public IP.  If it's on the edge of your LAN, then use the public.  If it's behind a firewall/router and only has a private IP, use that.

On your firewall, make sure IP protocol 41 is able to pass out, and in, and is NATed back to your IPv6 router box.  Unfortunately some firewalls can't set up a static NAT for this.  But most will properly handle it if it's originated from behind the firewall by setting up a connection table entry.  However, if there is more than one box behind it trying to do 6in4 and being NATed to the same public IP, it will get confused, so make sure only your IPv6 router is trying to do 6in4.  You may also want to try the DMZ.