• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.


Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

mac os-x assistance

Started by gyounger, February 18, 2011, 04:00:45 PM

Previous topic - Next topic



So I've spent a bit of time trying to get a tunnel up between my mac with os-x 10.6 and tunnelbroker.  However, the tunnel does not appear to work.  I cannot reach the tunnelbroker server ipv6 address.  Any assistance would be appreciated.  

gif0 is up as well as associated interfaces.  using nat ip address for tunnel and en1 airport interface.

bash-3.2# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
   inet6 ::1 prefixlen 128
   inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
   inet netmask 0xff000000
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
   tunnel inet 192.168.x.240 -->
   inet6 fe80::7e6d:62ff:fe8b:fcf0%gif0 prefixlen 64 scopeid 0x2
   inet6 <my tunnelbroker ipv6 ending in 2> --> <tunnelbroker ipv6 server ending in 1> prefixlen 128
stf0: flags=0<> mtu 1280
   ether 7c:6d:62:8b:fc:f0
   media: autoselect
   status: inactive
   ether 58:b0:35:6a:71:01
   inet6 fe80::5ab0:35ff:fe6a:7101%en1 prefixlen 64 scopeid 0x5
   inet 192.168.x.240 netmask 0xffffff00 broadcast 192.168.x.255
   media: autoselect
   status: active

Destination        Gateway            Flags        Refs      Use   Netif Expire
default            192.168.x.1      UGSc           65        0     en1
127                UCS             0        0     lo0          UH              2     5787     lo0
169.254            link#5             UCS             0        0     en1
192.168.x        link#5             UCS             2        0     en1
192.168.x.1      f0:7d:68:72:e9:d2  UHLWI          83      461     en1   1129
192.168.x.230    0:90:a9:82:3a:d6   UHLWI           1    29286     en1   1164
192.168.x.240          UHS             0        0     lo0

Destination                             Gateway                         Flags         Netif Expire
default                                 <tunnelbroker ipv6 server ending in 1>               UGSc           gif0
::1                                     ::1                             UH              lo0
<my tunnelbroker ipv6 ending in 2>                         UH             gif0
<my tunnelbroker ipv6 ending in 2>                       link#2                          UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     Uc              lo0
fe80::1%lo0                             link#1                          UHL             lo0
fe80::%gif0/64                          link#2                          UC             gif0
fe80::7e6d:62ff:fe8b:fcf0%gif0          link#2                          UHL             lo0
fe80::%en1/64                           link#5                          UC              en1
fe80::5ab0:35ff:fe6a:7101%en1           58:b0:35:6a:71:1                UHL             lo0
ff01::/32                               ::1                             Um              lo0
ff02::/32                               ::1                             UmC             lo0
ff02::/32                               link#2                          UmC            gif0
ff02::/32                               link#5                          UmC             en1

i can ping my side of the ipv6 tunnel, but not the tunnelbroker server.  i can ping the far end of the ipv4 tunnel too.

bash-3.2# ping6 <my tunnelbroker ipv6 ending in 2
PING6(56=40+8+8 bytes) <my tunnelbroker ipv6 ending in 2> --> <my tunnelbroker ipv6 ending in 2>
16 bytes from <my tunnelbroker ipv6 ending in 2>, icmp_seq=0 hlim=64 time=0.115 ms
16 bytes from <my tunnelbroker ipv6 ending in 2>, icmp_seq=1 hlim=64 time=0.172 ms
--- removed::2 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.115/0.143/0.172/0.029 ms

ping tunnel broker ipv6 - doesn't work

bash-3.2# ping6 <tunnelbroker ipv6 server ending in 1>
PING6(56=40+8+8 bytes) <my tunnelbroker ipv6 ending in 2> --> <tunnelbroker ipv6 server ending in 1>
Request timeout for icmp_seq=0
Request timeout for icmp_seq=1
::1 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss

bash-3.2# ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=55 time=205.516 ms
64 bytes from icmp_seq=1 ttl=55 time=204.730 ms
64 bytes from icmp_seq=2 ttl=55 time=204.911 ms
--- ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 204.730/205.052/205.516/0.336 ms

What am I missing here?  If there are additional steps necessary please let me know.



x'ing out ip addresses makes it hard for us to follow.

Since you're behind NAT, did you use your NAT address to create the tunnel?


Yes, the NAT ip address was used to create the tunnel.  .240 is the host NAT ip address on the MAC.


Probably a protocol41 issue then...is your ISP blocking it at some point?  Is there a rule in your firewall to allow it?  If not, try moving your host to the DMZ.


For testing I disabled by host FW (.240), router FW (.1), and verified there is no FW on ISP end blocking anything.  I put my host in the DMZ just for kicks.  Still no luck.  Bugger! So it's looking like my dsl router might not pass protocol 41.  It's a cheap d-link.  Any further steps to verify that? 

I will try to stitch up the tunnel at work today to bypass the dlink and my ISP.  Thanks for the pointers.


I haven't found a way to check to see if a router/firewall/device is passing protocol41

if you find one, please let me know ;)


The easiest way I can think of to check would be to fire up a packet sniffer on the host that is terminating the tunnel then send some IPv6 traffic from a host on the other side of the tunnel and see if the sniffer picks up anything.

Or you could put a Cisco device between the DSL modem and the tunnel box with an ACL the specifically permits protocol 41 and see if you get any inbound hit counts on the ACL.


The problem resides in the fact I can't get to the other end of the IPv6 tunnel.  So if I can't get to/ping6 the IPv6 Tunnel Broker Server IP, which is essentially my IPv6 gateway, then no other IPv6 traffic can reach me.  I did a tcpdump on the host, but that didn't provide much information other than I am sending Protocol 41 traffic and not receiving it.

The obvious culprit is the d-link dsl router.  The only way to get something in front of the d-link is to put another dsl router in.  I need something to terminate the DSL, so just any Cisco device won't work.  Maybe I can run the d-link in bridging mode.


yeah, bridge is the way to go