• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Wont get my ipv6 tunnel to work as it should.

Started by auth, June 30, 2008, 01:37:05 AM

Previous topic - Next topic

auth

ip tunnel add he-ipv6 mode sit remote 216.66.84.46 local 88.80.13.202 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1f14:181::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

Did i write.


My ifconfig:
he-ipv6   Link encap:IPv6-in-IPv4
          inet6 addr: 2001:470:1f14:181::2/64 Scope:Global
          inet6 addr: fe80::5850:dca/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:323 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:40052 (39.1 Kb)

route -A inet6:
Kernel IPv6 routing table
Destination                                 Next Hop                                Flags Metric Ref    Use Iface
2001:470:1f14:181::/64                      ::                                      U     256    324       0 he-ipv6
fe80::/64                                   ::                                      U     256    0        0 eth1
fe80::/64                                   ::                                      U     256    0        0 he-ipv6
::/0                                        ::                                      U     1024   0        0 he-ipv6
::1/128                                     ::                                      U     0      9        1 lo
2001:470:1f14:181::/128                     ::                                      U     0      0        2 lo
2001:470:1f14:181::2/128                    ::                                      U     0      7        1 lo
fe80::/128                                  ::                                      U     0      0        2 lo
fe80::5850:dca/128                          ::                                      U     0      0        1 lo
fe80::20c:29ff:fe10:5880/128                ::                                      U     0      0        1 lo
ff00::/8                                    ::                                      U     256    0        0 eth1
ff00::/8                                    ::                                      U     256    0        0 he-ipv6

ip -6 route show:
2001:470:1f14:181::/64 via :: dev he-ipv6  metric 256  expires 21333881sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 21332812sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21333881sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21333881sec mtu 1480 advmss 1420 hoplimit 4294967295

but i cant ping anything except my own ipv6 ip locally or connect to some other server that using ipv6.
why?

ping6 2001:470:1f14:181::1:
PING 2001:470:1f14:181::1(2001:470:1f14:181::1) 56 data bytes
^C
--- 2001:470:1f14:181::1 ping statistics ---
52 packets transmitted, 0 received, 100% packet loss, time 51002ms


Nothing happens

broquea

And you aren't behind a firewall appliance correct?

216.66.84.46 is configured on eth0, or whatever interface you use for WAN?

auth

216.66.84.46 <- is the tunnel server ip adress..

no i am not behind firewall.
iptables -L:
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

88.80.13.202 is my public ip, and that is configured on my network interface.

broquea

#3
Gah sorry, its late, wasn't thinking.

I've verified that the tunnel-server has the correct configuration, and can ping other tunnels as well as the general IPv6 world.
Trying to ping6 your side of the tunnel doesn't reply, but pinging your IPv4 endpoint does.

Do you know if your ISP does any filtering in front of customer equipment? Perhaps they are filtering out Protocol 41?

Nothing is misconfigured on our side, and the commands you ran should have brought up the tunnel without issue.

[edit] - also, what linux platform are you using? I remember there was something with CentOS a while back, and you had to use either a different default route statement, or change the kernel.

auth

#4
uname -a
Linux shell.auth.se 2.6.24-gentoo-r8 #6 SMP Fri Jun 27 17:33:14 CEST 2008 i686 Intel(R) Xeon(TM) CPU 3.06GHz GenuineIntel GNU/Linux

ifconfig sit0 88.80.13.202 up
ifconfig sit0 inet6 tunnel ::216.66.84.46
ifconfig sit1 88.80.13.202 up
ifconfig sit1 inet6 add 2001:470:1f14:181::2/64
route -A inet6 add ::/0 dev sit1

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.46
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f14:181::2/64
route -A inet6 add ::/0 dev sit1

ip tunnel add he-ipv6 mode sit remote 216.66.84.46 local 88.80.13.202 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1f14:181::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

those settings has i tried with.
and no of them will work so i can connect to any ipv6 or ping.

no my isp dont filtering anything because i have a usual ipv4 tunnel also that works perfectly.

i have now tried this in deb/gentoo/freebsd7 and its same problem on them all .


tried even little more and got it to work. something blocking the communiocation in my main router. pf do i run.
what can it be?

piojan

Are there any packets going to / from the tunnel server?
Mayby the following command would be usefull:
sudo tcpdump -i eth1 host tserv11.ams1.ipv6.he.net
where eth1 is my wan interface and simultaniesly doing ipv6 pinging on the other console.

kriteknetworks

try this:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::216.66.84.46
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:1f14:181::2/64
route -A inet6 add ::/0 dev sit1

I don't know why you're running all those other commands, or why you're assigning the IP 88.80.13.202 to the sit devices.

Hope that helps.

auth

my tunnel is up and running now. it works fine when i put it in my usual nat behind a regular router.
but when i put it behind my freebsd gateway/router its something with pf that wont allow it to work .