• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Problems with ipv6 connectivity on Debian Linux

Started by evanesce, June 07, 2011, 09:30:28 PM

Previous topic - Next topic

evanesce

Here's my setup:

From HE:

Server IPv4 Address:66.220.18.42
Server IPv6 Address:2001:470:c:11bb::1/64
Client IPv4 Address:74.76.224.8
Client IPv6 Address:2001:470:c:11bb::2/64
Anycasted IPv6 Caching Nameserver:2001:470:20::2
Anycasted IPv4 Caching Nameserver:74.82.42.42
Routed /64:2001:470:d:11bb::/64
Routed /48:Assign /48

My public WAN ipv4 is: 74.76.224.8
My router is a: Netgear WGR614v7
My Debian box IP address via static DHCP on router: 192.168.4.4
Default DMZ server is set to: 192.168.4.4
SPI Firewall is Disabled

Commands to bring up the tunnel in debian:

ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::66.220.18.42
ifconfig sit1 up
ifconfig sit1 inet6 add 2001:470:c:11bb::2/64
route -A inet6 add ::/0 dev sit1

Debian results of ifconfig:

root@debian:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:e0:43:02
         inet addr:192.168.4.4  Bcast:192.168.4.255  Mask:255.255.255.0
         inet6 addr: fe80::a00:27ff:fee0:4302/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:9908 errors:0 dropped:0 overruns:0 frame:0
         TX packets:9326 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:957448 (935.0 KiB)  TX bytes:1090041 (1.0 MiB)

lo        Link encap:Local Loopback
         inet addr:127.0.0.1  Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:1442 errors:0 dropped:0 overruns:0 frame:0
         TX packets:1442 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:201429 (196.7 KiB)  TX bytes:201429 (196.7 KiB)

sit0      Link encap:IPv6-in-IPv4
         inet6 addr: ::127.0.0.1/96 Scope:Unknown
         inet6 addr: ::192.168.4.4/96 Scope:Compat
         UP RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

sit1      Link encap:IPv6-in-IPv4
         inet6 addr: 2001:470:c:11bb::2/64 Scope:Global
         inet6 addr: fe80::c0a8:404/64 Scope:Link
         UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
         RX packets:0 errors:0 dropped:0 overruns:0 frame:0
         TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:0 (0.0 B)  TX bytes:5408 (5.2 KiB)

IPv6 routing tables in Debian:

root@debian:~# netstat -r  -6
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
::/96                          ::                         Un   256 0     0 sit0
2001:470:c:11bb::/64           ::                         Un   256 0    10 sit1
fe80::/64                      ::                         U    256 0     0 eth0
fe80::/64                      ::                         Un   256 0     0 sit1
::/0                           ::                         U    1   0     0 sit1
::/0                           ::                         !n   -1  1    56 lo
::1/128                        ::                         Un   0   1     8 lo
::127.0.0.1/128                ::                         Un   0   1     0 lo
::192.168.4.4/128              ::                         Un   0   1     0 lo
2001:470:c:11bb::2/128         ::                         Un   0   1     7 lo
fe80::c0a8:404/128             ::                         Un   0   1     0 lo
fe80::a00:27ff:fee0:4302/128   ::                         Un   0   1     0 lo
ff00::/8                       ::                         U    256 0     0 eth0
ff00::/8                       ::                         U    256 0     0 sit1
::/0                           ::                         !n   -1  1    56 lo



someone please help

pings to any ipv6 times out IE:

PING 2001:470:20::2(2001:470:20::2) 56 data bytes
^C
--- 2001:470:20::2 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2009ms


thank you!!

Edit: also whenever i REBOOT my debian box all this info gets deleted and it only had ipv4 left.. ugh!

cholzhauer

You'll have to put those commands in whatever startup script Debian uses.

As for your tunnel not working, is your Netgear set to pass protocol 41?

evanesce

Thanks for the reply.  I have the router set up so this debian box is on full DMZ set to: 192.168.4.4 which is the local ipv4 of the debian box.  This should allow protocol 41 to pass with full DMZ right?  Is there a way I can test to be sure protocol 41 is passing properly?

Does all my config and routing look ok?

cholzhauer

Quote
This should allow protocol 41 to pass with full DMZ right?

In theory, yes ;)  Most routers will, some do not.  I know there are some Netgear's that don't, but I think it's just the older ones.

Quote
Is there a way I can test to be sure protocol 41 is passing properly?

I've never been able to find one.

The way to test I guess is to remove the firewall from the picture and connect your debian machine to your cable modem and see if you can get the tunnel going that way

evanesce

All my config looks ok however?  I don't have physical access to this setup so I will be unable to test without the router in place, unfortunately.

cholzhauer

Yeah, the config looks fine.  I don't have much experience with Debian, but your config matches what I see under my tunnel (minus the IP addresses of course)

evanesce

It must not be passing protocol 41, it's a really really bad crap router.  I wouldn't be surprised.  I can't think of any other reason.  The only thing i can think of is to use the router as a switch, and turn off DHCP, and connect a crossover from one of the switch ports to the WAN to get wireless access as well.  That would in theory give all wired PC's direct access to a cable modem IP, and I think my ISP gives me 5 CPEs.

ReasonMan

I'm having the exact same issue on Squeeze.  Setup exactly the same way, all my configs look the same as well as my routes, no errors on commands or anything..  I went as far as dropping the router and giving my box the public IP and making it fully Internet accessible but still no dice.  I've tried a few setups I've found but nothing that seems to work.  I'm sure I'm doing it all right.

evanesce

is there any sort of troubleshooting we can do to get this up?

cholzhauer

You had mentioned you were going to stop using NAT and try to use a public IP...how did that go?

efball

I'm using Debian 6 squeeze as my router box. The sit interface is supposed to be depricated, so I did my configuration a little differently, but it works.
In /etc/network/interfaces add this:

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:470:1f04:XXXX::2
        netmask 64
        gateway 2001:470:1f04:XXXX::1
        endpoint 72.52.104.74
        local 98.my.ip.addr
        #
        up ip -6 addr add 2001:470:1f05:XXXX::1/64 dev he-ipv6
        down ip -6 addr del 2001:470:1f05:XXXX::1/64 dev he-ipv6

ReasonMan

You know, I'm pretty sure I tried at least a variation of that but after bringing the interface down and back up it'd complain about not being able to find he-ipv6.  Now for whatever reason it works and I can get out.  Bookmarking your reply, thank you so much.  For two weeks it's been driving me insane.

UltraZero

Who is your carrier??  Really depends on the carrier and actually it depends on where you live with the carrier.

I was with ATT and I've talked to many people who swear ATT works.  I don't disbelieve them,but, I purchased a new router to try to get att to work and nothing worked.  I tried to talk to them and I got conflicting responses through them.  I got fed up and I made 1 phone call and by that afternoon, My local cable provider came in, and I had a new new connection.  I moved my routers over, changed IP addresses and my tunnel was up in seconds. 

The other idea  you could do is try this on a laptop with a friends network connection.  I't's just a change in IP addresses and shouldn't take long to test.


uinpusdatin1

hi, also have problems with the connectivity of ipv6:

im using centos, this is my conf:

/etc/sysconfig/network-scripts/init.ipv6-global
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        endpoint 216.218.221.42
        address 2001:470:35:270::2
        netmask 64
        local 202.47.88.76
        gateway 2001:470:35:270::1
        ttl 25

eth0      Link encap:Ethernet  HWaddr 00:26:18:EE:C6:4F 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:28 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr 00:24:01:D2:2B:D1 
          inet addr:202.47.88.67  Bcast:202.47.88.79  Mask:255.255.255.240
          inet6 addr: fe80::224:1ff:fed2:2bd1/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:71413 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56647 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:78420113 (74.7 MiB)  TX bytes:6250877 (5.9 MiB)
          Interrupt:20 Base address:0x8c00

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:35:270::2/64 Scope:Global
          inet6 addr: fe80::ca2f:584c/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:1127 dropped:0 overruns:0 carrier:1127
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1282 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1282 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:179044 (174.8 KiB)  TX bytes:179044 (174.8 KiB)

#modprobe ipv6
#ip tunnel add he-ipv6 mode sit remote 216.218.221.42 local 202.47.88.76 ttl 255
#ip link set he-ipv6 up
# ip addr add 2001:470:35:270::2/64 dev he-ipv6
#ip route add ::/0 dev he-ipv6
#ip -f inet6 addr

everything run well, and the output:

[root@ip6 pusdatin]# ping6 ipv6.google.com
PING ipv6.google.com(2404:6800:800b::69) 56 data bytes
From 2001:470:35:270::2 icmp_seq=1 Destination unreachable: Address unreachable
From 2001:470:35:270::2 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:470:35:270::2 icmp_seq=3 Destination unreachable: Address unreachable
From 2001:470:35:270::2 icmp_seq=4 Destination unreachable: Address unreachable
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 7399ms

regards XD

cholzhauer

Is the IP address of eth1 correct?  If not, there's where your problem is.