• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Set up tunnel and now only ipv6.google.com works, but other sites ping fine.

Started by AndrejaKo, February 25, 2011, 08:00:16 AM

Previous topic - Next topic

AndrejaKo

I'm having really bad luck with IPv6!

I finally managed to get a router which can run OpenWRT and then I spent several days setting up IPv6 connection to SixXs using AICCU, because it looked easier than HE.net. After I set everything up nicely, my PoP started acting up and going down all the time. Fine. I then spent several days researching and experimenting with HE and managed to have my router set up a tunnel and have it hand out addresses using radvd.

After that I noticed that only web-site that works is ipv6.google.com! I can ping sixxs, he, kame and others fine, and I can get traceroutes to them but when I type the URL into firefox, it doesn't load. It's just in loading state.

Here's for example my tracert for ipv6.he.net:

Tracing route to ipv6.he.net [2001:470:0:64::2]
over a maximum of 30 hops:

 1    <1 ms     1 ms     1 ms  2001:470:1f0b:de5::1
 2    62 ms    63 ms    62 ms  andrejako-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1]
 3    60 ms    60 ms    63 ms  gige-g2-4.core1.fra1.he.net [2001:470:0:69::1]
 4    63 ms    68 ms    68 ms  10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1]
 5    84 ms    74 ms    76 ms  10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
 6   146 ms   147 ms   151 ms  10gigabitethernet4-4.core1.nyc4.he.net [2001:470:0:128::1]
 7   200 ms   198 ms   202 ms  10gigabitethernet5-3.core1.lax1.he.net [2001:470:0:10e::1]
 8   219 ms     *      210 ms  10gigabitethernet2-2.core1.fmt2.he.net [2001:470:0:18d::1]
 9   221 ms   338 ms   209 ms  gige-g4-18.core1.fmt1.he.net [2001:470:0:2d::1]
10   206 ms   210 ms   207 ms  ipv6.he.net [2001:470:0:64::2]

Trace complete.


Also, I don't know if this is the right forum, because the issue could be related to the router too. My computers are using Windows 7 64bit SP1.

So what should I do?

UPDATE: I can browse IPv6 sites fine from the router,

cholzhauer

Did you assign an IPv6 address to your local area connection? If not, assign one out of your routed /64  (check your tunnel page for it)

AndrejaKo

Yes, I did assign IP address to LAN interface of the router. 
It's  2001:470:1f0b:de5::1/64.

cholzhauer

What are you using for a DNS server?  If you entered HE's DNS server, this is the behavior I would expect.

kriteknetworks

Quote from: AndrejaKo on February 25, 2011, 08:18:46 AM
Yes, I did assign IP address to LAN interface of the router. 
It's  2001:470:1f0b:de5::1/64.

The same adress you're using for your tunnel endpoint?


  1    <1 ms     1 ms     1 ms  2001:470:1f0b:de5::1

AndrejaKo

@cholzhauer
I'm using my ISP's DNS servers and Google's 8.8.8.8 I never had problems resolving AAAA with them and they worked fine with SixXs. Shouls I be using different DNS servers?

@kriteknetworks
Well, under my tunnel settings it says:
Client IPv6 address: 2001:470:1f0a:de5::2/64


Shouldn't that be the endpoint of my tunnel at my side?

Anyway, I'll try with a different address just in case that's the problem.
It didn't help.

cholzhauer

That's fine...I was just wondering if you were using HE's DNS for everything.

The 2001:470:1f0a:de5::2/64 should only appear on your tunnel adapter...you have a routed /64 network listed on your tunnel detail page that is one character different.

From your trace route though, it looks like that's correct.  Your first hop is 2001:470:1f0b:de5::1  and your second hop is 2001:470:1f0a:de5::1.  I assume the first hop is the "inside interface" of your router and the 2001:470:1f0a:de5::1 is the IP address of the HE side of your tunnel.

It's strange that everything is working from your tunnel server and not anything behind it.  You mentioned that you're doing RA...what happens if you set up the addresses by hand?

AndrejaKo

Manual settings didn't help either. I can still access only Google form the computers. On router using elinks, everything seems to be fine and sixxs is reporting that I'm using IPv6.


As for IP addresses, as far as I can see, it's the way you described. Here's my ifconfig output:

6in4-hene Link encap:IPv6-in-IPv4
          inet6 addr: 2001:470:1f0a:de5::2/64 Scope:Global
          inet6 addr: fe80::4d69:288c/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
          RX packets:89 errors:0 dropped:0 overruns:0 frame:0
          TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:26960 (26.3 KiB)  TX bytes:26383 (25.7 KiB)

br-lan    Link encap:Ethernet  HWaddr 74:EA:3A:E4:DF:48
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: 2001:470:1f0b:de5::1/64 Scope:Global
          inet6 addr: fe80::5085:feff:fe5a:489c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:38625 errors:0 dropped:0 overruns:0 frame:0
          TX packets:68321 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2938427 (2.8 MiB)  TX bytes:85277918 (81.3 MiB)

eth0      Link encap:Ethernet  HWaddr 74:EA:3A:E4:DF:48
          inet6 addr: fe80::76ea:3aff:fee4:df48/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:70989 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40926 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:86623353 (82.6 MiB)  TX bytes:5126791 (4.8 MiB)
          Interrupt:4

eth0.1    Link encap:Ethernet  HWaddr 74:EA:3A:E4:DF:48
          inet6 addr: fe80::76ea:3aff:fee4:df48/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2618 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3649 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1008364 (984.7 KiB)  TX bytes:1825232 (1.7 MiB)

eth0.2    Link encap:Ethernet  HWaddr 74:EA:3A:E4:DF:48
          inet addr:77.105.40.140  Bcast:77.105.40.255  Mask:255.255.255.0
          inet6 addr: fe80::76ea:3aff:fee4:df48/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:68228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37266 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:84585557 (80.6 MiB)  TX bytes:3299682 (3.1 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:577 (577.0 B)  TX bytes:577 (577.0 B)

mon.wlan0 Link encap:UNSPEC  HWaddr 74-EA-3A-E4-DF-48-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:470 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:84371 (82.3 KiB)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 74:EA:3A:E4:DF:48
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:42694 errors:0 dropped:0 overruns:0 frame:0
          TX packets:73691 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5609868 (5.3 MiB)  TX bytes:88684085 (84.5 MiB)


cholzhauer

Strange.  OK, so your tunnel is up, I can verify by pinging your side of the tunnel.

Let's see a copy of the routing tables and ipconfig/ifconfig from one of your hosts that isn't working

Are you running any firewall on your router that might be interfering?

AndrejaKo

Please correct me if I'm wrong, since I'm not too sure I get the show routing and firewall tables.


root@OpenWrt:/# ip route show
77.105.40.0/24 dev eth0.2  proto kernel  scope link  src 77.105.40.140
192.168.1.0/24 dev br-lan  proto kernel  scope link  src 192.168.1.1
default via 77.105.40.141 dev eth0.2


I'm not too good with iptables, so I can't interpret the output.  I added  henet to wan zone as per instructions shown here: =hurricane&s[]=electric#dynamic.ipv6-in-ipv4.tunnel.he.net.only]http://wiki.openwrt.org/doc/uci/network?s[]=hurricane&s[]=electric#dynamic.ipv6-in-ipv4.tunnel.he.net.only

root@OpenWrt:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
syn_flood  tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02
input_rule  all  --  0.0.0.0/0            0.0.0.0/0
input      all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy DROP)
target     prot opt source               destination
zone_wan_MSSFIX  all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
forwarding_rule  all  --  0.0.0.0/0            0.0.0.0/0
forward    all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
output_rule  all  --  0.0.0.0/0            0.0.0.0/0
output     all  --  0.0.0.0/0            0.0.0.0/0

Chain forward (1 references)
target     prot opt source               destination
zone_lan_forward  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_forward  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_forward  all  --  0.0.0.0/0            0.0.0.0/0

Chain forwarding_lan (1 references)
target     prot opt source               destination

Chain forwarding_rule (1 references)
target     prot opt source               destination
nat_reflection_fwd  all  --  0.0.0.0/0            0.0.0.0/0

Chain forwarding_wan (1 references)
target     prot opt source               destination

Chain input (1 references)
target     prot opt source               destination
zone_lan   all  --  0.0.0.0/0            0.0.0.0/0
zone_wan   all  --  0.0.0.0/0            0.0.0.0/0
zone_wan   all  --  0.0.0.0/0            0.0.0.0/0

Chain input_lan (1 references)
target     prot opt source               destination

Chain input_rule (1 references)
target     prot opt source               destination

Chain input_wan (1 references)
target     prot opt source               destination

Chain nat_reflection_fwd (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  192.168.1.0/24       192.168.1.2         tcp dpt:80

Chain output (1 references)
target     prot opt source               destination
zone_lan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0

Chain output_rule (1 references)
target     prot opt source               destination

Chain reject (7 references)
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination
RETURN     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x17/0x02 limit: avg 25/sec burst 50
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan (1 references)
target     prot opt source               destination
input_lan  all  --  0.0.0.0/0            0.0.0.0/0
zone_lan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_ACCEPT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_DROP (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_MSSFIX (0 references)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain zone_lan_REJECT (1 references)
target     prot opt source               destination
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_lan_forward (1 references)
target     prot opt source               destination
zone_wan_ACCEPT  all  --  0.0.0.0/0            0.0.0.0/0
forwarding_lan  all  --  0.0.0.0/0            0.0.0.0/0
zone_lan_REJECT  all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan (2 references)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp dpt:68
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8
ACCEPT     41   --  0.0.0.0/0            0.0.0.0/0
input_wan  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_REJECT  all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_ACCEPT (2 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_DROP (0 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_MSSFIX (1 references)
target     prot opt source               destination
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x06/0x02 TCPMSS clamp to PMTU

Chain zone_wan_REJECT (2 references)
target     prot opt source               destination
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0
reject     all  --  0.0.0.0/0            0.0.0.0/0

Chain zone_wan_forward (2 references)
target     prot opt source               destination
ACCEPT     tcp  --  0.0.0.0/0            192.168.1.2
forwarding_wan  all  --  0.0.0.0/0            0.0.0.0/0
zone_wan_REJECT  all  --  0.0.0.0/0            0.0.0.0/0


Here's the ipconfig on a computer when radvd is enabled:


Windows IP Configuration


Ethernet adapter tun0:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Ethernet adapter Lokalna veza:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Ethernet adapter Bluetooth Network Connection:

  Media State . . . . . . . . . . . : Media disconnected
  Connection-specific DNS Suffix  . :

Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :
  IPv6 Address. . . . . . . . . . . : 2001:470:1f0b:de5:21b:38ff:fedd:7e0f
  Temporary IPv6 Address. . . . . . : 2001:470:1f0b:de5:78a1:3119:a794:5c1b
  Link-local IPv6 Address . . . . . : fe80::21b:38ff:fedd:7e0f%12
  IPv4 Address. . . . . . . . . . . : 192.168.1.2
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : fe80::5085:feff:fe5a:489c%12
                                      192.168.1.1

Wireless LAN adapter Wireless Network Connection:

  Connection-specific DNS Suffix  . : lan
  Link-local IPv6 Address . . . . . : fe80::21d:e0ff:feab:1d95%11
  IPv4 Address. . . . . . . . . . . : 192.168.1.143
  Subnet Mask . . . . . . . . . . . : 255.255.255.0
  Default Gateway . . . . . . . . . : 192.168.1.1


WLAN adapter isn't getting its IPv6 address automagically, but that's a problem which I had before and it only seems to be affecting this one particular computer on the network.

cholzhauer

I can't do IPTables either...why not just shut it off and see what happens?

You should be able to do a "netstat -nr" to get your routing tables

AndrejaKo

Here's netstat -nr
root@OpenWrt:/# netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
77.105.40.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0.2
192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 br-lan
0.0.0.0         77.105.40.141   0.0.0.0         UG        0 0          0 eth0.2

cholzhauer

Well the interesting thing is there isn't any mention of IPv6 routes there.

What OS?

AndrejaKo

Os on the router is OpenWRT Linux distribution.
Here's uname -a

Linux OpenWrt 2.6.32.25 #1 Fri Nov 19 20:27:50 PST 2010 mips GNU/Linux



There's some information on IPv6 routing on its wiki here: http://wiki.openwrt.org/doc/howto/ipv6?s[#enable.routing
According to that, my routing is correctly set up. When I run  cat /proc/sys/net/ipv6/conf/all/forwarding, I get 1.

cholzhauer

Did you add any routes to it manually?

# Add default routes
ip route add default via ${HETUNNELIP} dev ${INTERFACE} metric 1
ip route add 2000::/3 via ${HETUNNELIP} dev ${INTERFACE} metric 1

(That's in DDWRT, but I assume it'll work for openwrt)

I'm not aware of a separate command to list the IPv6 routing table...someone please correct me if i'm wrong