• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How to get default route set up properly.

Started by maestro, November 29, 2010, 12:16:12 PM

Previous topic - Next topic

maestro

Hi, I have just started trying to get a tunnel working, and the tunnel appears to come up OK, however I can't seem to get packets to route through the tunnel.

When I try to ping "ipv6.google.com" or "2404:6800:8004::68" (google's ipv6 address) then it doesn't attempt to send any packets out the tunnel.
# ping6 2404:6800:8004::68
connect: Network is unreachable
ping6 ipv6.google.com
connect: Network is unreachable


The script that I use to start the tunnel is as follows...
ip tunnel add he-ipv6 mode sit remote 72.52.104.74 local 192.168.1.253 ttl 255
ip link set he-ipv6 up
ip addr add 2001:470:1f04:158f::2/64 dev he-ipv6
ip route add ::/0 dev he-ipv6
ip -f inet6 addr

my routing table looks like this (I assume that the fe80 lines are the equivalent of localhost?)...
# ip -f inet6 route
2001:470:1f04:158f::/64 via :: dev he-ipv6  metric 256  expires 21334117sec mtu 1480 advmss 1420 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.10  metric 256  expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.100  metric 256  expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.101  metric 256  expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.20  metric 256  expires 20967010sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 via :: dev he-ipv6  metric 256  expires 21334102sec mtu 1480 advmss 1420 hoplimit 4294967295
default dev he-ipv6  metric 1024  expires 21334133sec mtu 1480 advmss 1420 hoplimit 4294967295

I can ping my own address (and tcpdump shows no packets on the tunnel, as expected)
# ping6  2001:470:1f04:158f::2
PING 2001:470:1f04:158f::2(2001:470:1f04:158f::2) 56 data bytes
64 bytes from 2001:470:1f04:158f::2: icmp_seq=0 ttl=64 time=0.114 ms

When I ping an address within my /64 range, it sends it out the tunnel, and I can see it going out with tcpdump, and an ICMP redirect coming back through the tunnel. I presume that this is because I haven't yet configured any local ipv6 and that this is expected behaviour given the touring table above.
# ping6  2001:470:1f04:158f::8
PING 2001:470:1f04:158f::8(2001:470:1f04:158f::8) 56 data bytes
--- 2001:470:1f04:158f::8 ping statistics ---
73 packets transmitted, 0 received, 100% packet loss, time 71991ms

I am using CentOS 5.2

maestro

OK, I managed to fix it by adding the following line to my script...

ip route add 2000::/3 dev he-ipv6


I believe that this is a bit of a hack, but will look into it in more detail once I have a bit more experience with IPv6

cholzhauer

I've seen that line included in instructions for certain variations of linux, but I can't remember off the top of my head which ones it was.

If it helps, I'm sure you're not the only one with that route in your config.

kriteknetworks

manual defaultroute broken in 2.6.20.[5..13], 2.6.21.[0..4], RHEL/CentOS 5.[012], use 2000::/3

Its a known problem.

maestro

OK, I am using 2.6.18 (the default for CentOS 5.2)

I read somewhere that it was broken for 2.4 kernels so I thought I would try it even though mine was 2.6.


lukec

I'd suggest :-

ip route add ::/0 dev he-ipv6

for the default route
rgds
lukec

broquea

for 2.6.18, try: ip route add 2000::/3 dev he-ipv6

Manual default route is pretty broken in that kernel for RHEL based distros.