• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

problems after certifying tunnel

Started by annoyingspore, July 03, 2011, 10:21:23 PM

Previous topic - Next topic

annoyingspore

I set up a tunnel on fedora linux and he.net says it was ok, but now says it isnt, it seems to be broken. the Ipv4 VPN tunnel works, but i cannot ping6 from any of my windows or linux boxes to each other, or to he.net. I have tried to set ufw and iptables to forward packets, echo requests, etc, and checked the routing table. I will give an example:

my local /64 is obviously 2001:470:1f11:835:: , and my tunnel 2001:470:1f10:835::2

here is an ubuntu box:

eth0      Link encap:Ethernet  HWaddr 00:90:27:7b:ed:a9 
          inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::290:27ff:fe7b:eda9/64 Scope:Link
          inet6 addr: 2001:470:1f11:835::70/64 Scope:Global

Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:470:1f11:835::/64         ::                         U    256 0     1 eth0
2001:470:1f11:835::/64         ::                         U    256 0     1 eth2
fe80::/64                                ::                         U    256 0     0 eth0
fe80::/64                                ::                         U    256 0     0 eth2
::/0                           2001:470:1f11:835::5       UG   1   0   597 eth0
::/0                           2001:470:1f11:835::5       UG   1   0     0 eth2

obviously, that isnt all of it, just relevant part. ::5 is the fedora box with tunnel.

also, shouldnt i be able to ping6 the other end of the tunnel, from 2001:470:1f10:835::2 to ::1 ?
I should say, it seems to be the same problem whether using VPN or not.

here are some example tests:

traceroute to 2001:470:1f11:835::5 (2001:470:1f11:835::5), 30 hops max, 80 byte packets
1  2001:470:1f11:835::70 (2001:470:1f11:835::70)  3002.709 ms !H  3002.681 ms !H  3002.648 ms !H

PING 2001:470:1f11:835::5(2001:470:1f11:835::5) 56 data bytes
From 2001:470:1f11:835::70 icmp_seq=1 Destination unreachable: Address unreachable

strangely
PING 2001:470:1f11:835::55(2001:470:1f11:835::55) 56 data bytes
which is another ethernet card on same fedora machine gives nothing at all.

cholzhauer

did it ever work?  what commands did you use to setup the tunnel?

UltraZero

So..

has the modem been power cycled??  I ask because, if so, the original IPv4 address would have changed and your link would be down. If so, the new IPv4 address needs to be updated on the He.net website.

If using a DSL or Cable modem, turning off the modem and or computer could cause the original IPv4 address to be lost and you could be given an one via DHCP from  your provider.  If so, then the Ipv4 address needs to be updated on the tunnel brokers website in order to keep the tunnel active.  If this is the case,  you might
want to consider not turning the modem/computer off.  Or, check on the modem to see what the lease time is from your provider and work from there. 


annoyingspore

the commands to set it up are the normal ones listed on the tunnelbroker website. i put them in rc.local and created the he-ipv6 tunnel. sorry, i didnt list that. this one is through a VPN, so the endpoint is static.
Also I just made another tunnel on a d-link dir-601 router. you can do it right from the local web-based setup screen. this one is not a VPN, so must use local router address 192.168.0.1 as endpoint, i am pretty sure. this does not work either.
so strange that it worked before, and yes i did update the endpoint address on tunnelbroker website.

annoyingspore

this one is so simple, i dont know how it cant work.
on windows i have: static IP: 2001:470:1f11:744::112/64, gateway 2001:470:1f11:744::1, which is d-link router.
on router: IPv6 in IPv4 tunnel:
                         remote IP's are normal, local IPv4 192.168.0.2, which it gets from modem (diamond multimedia supramax on ATT DSL).
         d-link router says:
IPv6 Connection Type :     IPv6 in IPv4 Tunnel
Network Status :     Connected
WAN IPv6 Address :     2001:470:1f10:744::2/64
IPv6 Default Gateway :     2001:470:1f10:744::1
LAN IPv6 Address :     2001:470:1f11:744::1/64
LAN IPv6 Link-Local Address :     fe80::1eaf:f7ff:fed9:e187/64
Primary DNS Address :     2001:470:20::2

he.net certification says:  You do not appear to be using an IPv6 capable connection.

http://test-ipv6.com/ says:  No IPv6 address detected.


UltraZero

Hi.  just wondering if the address 2001:470:1f11:744::1 is he.nets end of the tunnel and not your end??

Shouldn't you point to  2001:470:1f11:744::2 which is on your end of the tunnel??

I have my IPv6 default to point to the ::2 address which is my fastethernet port which is what I would consider the gateway.  (my config is a little different than most)

You could try to do some testing by trying to ping6 your ::1 address, then trying to ping the gateway address, then try something past that.

See where you can't ping past. 

cholzhauer

Quote
Hi.  just wondering if the address 2001:470:1f11:744::1 is he.nets end of the tunnel and not your end??

::1 is the HE end of the tunnel and should be his default gateway.

I asked what commands you used to configure your tunnel because if you're behind a NAT, you will need to alter the commands given to you by HE.

If you can post the commands you used to try and configure the tunnel and the output of ifconfig (or ipconfig on windows) I can help you out.

annoyingspore

I am having this other really dumb problem. IPv6 doesnt even work on my local net. on windows 7 I just put in manually 2001:470:etc::12 , the gateway 2001:etc:1 (the dlink DIR-601 router) , which is set as above. windows tells me : IPv6 Connectivity        no network access". Are older switches a problem with IPv6? I have a dlink DES-3226L and a Gateway 7401. Actually I just tried it going straight from windows 7 to the DIR-601 and same problem.

cholzhauer

Something isn't set up correctly.  Did you ever get a way to test the tunnel?

Let's see a copy of your routing tables and the output of ipconfig /all.  Please do not block out IP addresses

annoyingspore

about that question:

no, 2001:470:1f11:744::1 is my router. 2001:470:1f10:744::1 would be he.nets gateway. 2001:470:1f10:744::2 my end of the tunnel. i was told to use the local 1F11 address as the router for other computers on the network.

I have also noticed that, using my DES-601 router as a stateful DHCPv6 server, my windows 7 IPv6 auto-config wont pick it up, but if i use stateless IPv6, it does seem to set it to a proper IPv6 address, but didnt set the default gateway.

maestroevolution

Quote from: annoyingspore on July 03, 2011, 10:21:23 PM
Kernel IPv6 routing table
Destination                    Next Hop                   Flag Met Ref Use If
2001:470:1f11:835::/64         ::                         U    256 0     1 eth0
2001:470:1f11:835::/64         ::                         U    256 0     1 eth2
fe80::/64                                ::                         U    256 0     0 eth0
fe80::/64                                ::                         U    256 0     0 eth2
::/0                           2001:470:1f11:835::5       UG   1   0   597 eth0
::/0                           2001:470:1f11:835::5       UG   1   0     0 eth2



I know this reply is a bit late.. but you appear to have the same IPv6 subnet on two different interfaces: eth0 and eth2