• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Tunnel broken, or have I screwed something up?

Started by torchddv, April 20, 2011, 08:03:58 PM

Previous topic - Next topic

torchddv

I had some issues getting my dd-wrt based router working with the tunnel, but all has been well for the last couple of weeks. Today, all of a sudden, out of the blue, I can no longer reach IPv6 sites. I CAN ping the IPv6 tunnel endpoint server (2001:470:1c:545::1) in Toronto but I cannot ping anything beyond -- eg the Anycasted IPv6 Caching Nameserver (2001:470:20::2) -- I just get "Destination net unreachable."

Oddly enough, if I try to ping by URL (eg: ipv6.google.com) it does resolve the name to an address ("Pinging ipv6.1.google.com[2001:4860:800b::68]", but with the same "Destination net unreachable". To me it looks like a problem at the server end of the tunnel, but the Tunnel Server Status page shows everything is up and running.

Any ideas or suggestions here?

mbunkus

I seem to have the same problem with the tunnel server in Amsterdam. I'm setting up a new tunnel there because the Frankfurt server doesn't have any free /48 left. I can ping the tunnel server in Amsterdam but nothing else. When I switch back to my Frankfurt tunnel (that's been running fine since August 2010) I can ping everything else in the whole wide world, e.g. ipv6.google.com.

I don't want to rule out that my configuration is broken for the Amsterdam tunnel, but as I can ping the tunnel server itself (verified via tcpdump that packets are actually sent and received and that I'm not pinging myself for some reason) I don't think the configuration is wrong.

I also don't receive any ICMP (4 or 6) message if I ping anything that's not the tunnel server IP -- just silence.

cholzhauer

Is it still broke? I can ping the HE end of the tunnel and I can also ping you


C:\Users\cholzhauer>ping 2001:470:1c:545::2

Pinging 2001:470:1c:545::2 with 32 bytes of data:
Reply from 2001:470:1c:545::2: time=106ms
Reply from 2001:470:1c:545::2: time=104ms
Reply from 2001:470:1c:545::2: time=98ms
Reply from 2001:470:1c:545::2: time=105ms

Ping statistics for 2001:470:1c:545::2:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 98ms, Maximum = 106ms, Average = 103ms

C:\Users\cholzhauer>ping 2001:470:1c:545::1

Pinging 2001:470:1c:545::1 with 32 bytes of data:
Reply from 2001:470:1c:545::1: time=70ms
Reply from 2001:470:1c:545::1: time=70ms
Reply from 2001:470:1c:545::1: time=70ms
Reply from 2001:470:1c:545::1: time=70ms

Ping statistics for 2001:470:1c:545::1:
   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
   Minimum = 70ms, Maximum = 70ms, Average = 70ms


If you still can't get past your tunnel end point, I would shoot an email to ipv6@he.net so they can look into it.

torchddv

Yes, I should have mentioned that I can ping me too (using the "Looking Glass" utility). But I just checked again with the same results -- I'm not getting past the tunnel endpoint server.

cholzhauer


torchddv

Well, it's fixed. I'm not sure why or how. The other day I replaced the sd card in my router with a larger one. Thinking that something might have been corrupted, I deleted the ip6tables and reinstalled them. And now it works again. However, I had also sent an e-mail as suggested, so it might be something HE did in the interim.

torchddv

HE says they didn't do anything at their end, so it must have been something with the iptables files. I'm guessing the firewall let me ping the tunnel server because it's part of "my" network, but was blocking any traffic beyond that.