• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

External connections to routed /64 fail since upgrade to OS X Lion

Started by ivanfilippov, February 13, 2012, 11:16:36 AM

Previous topic - Next topic

ivanfilippov

Hi everyone!

I have a Mac Mini that, while it was running Snow Leopard, had no problems acting as the IPv6 router for my small network. Since upgrading to Lion a few days ago, I've been unable to both ping its IPv6 interface, and connect to any hosted services on it via IPv6. The mini is still able to ping and use IPv6 services on the internet, and the other computers on the network which get IPv6 addresses from the minis rtadvd service are able to use the IPv6 internet.

I tried to figure this out yesterday and this morning, but had no luck. The best I can come up with is that its a routing issue on the mini. If I tcpdump the gif0 interface, which if the tunnel interface, I can see my external host (2001:470:5:97a::1) is pinging the first address of my routed /64, which is assigned to en0 on the mini, but nothing responds over the tunnel. Below is a snippet of the tcpdump.


12:07:13.178945 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 1, length 64
12:07:14.185405 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 2, length 64
12:07:15.193452 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 3, length 64
12:07:16.201447 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 4, length 64
12:07:17.209511 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 5, length 64
12:07:18.217356 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 6, length 64
12:07:19.225472 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 7, length 64
12:07:20.233422 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 8, length 64
12:07:21.246180 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 9, length 64
12:07:22.258692 IP6 2001:470:5:97a::1 > 2001:470:1f05:108::1: ICMP6, echo request, seq 10, length 64


Below are the relevant configs:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        options=3<RXCSUM,TXCSUM>
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 2001:470:1f05:108:: prefixlen 64
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
        tunnel inet 192.168.0.99 --> 72.52.104.74
        inet6 fe80::225:4bff:feb4:2a08%gif0 prefixlen 64 scopeid 0x2
        inet6 2001:470:1f04:108::2 --> 2001:470:1f04:108::1 prefixlen 128
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
        ether 00:25:4b:b4:2a:08
        inet6 fe80::225:4bff:feb4:2a08%en0 prefixlen 64 scopeid 0x4
        inet 192.168.0.99 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 2001:470:1f05:108::1 prefixlen 64
        media: autoselect (1000baseT <full-duplex,flow-control>)
        status: active


And the routing table:

Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 2001:470:1f04:108::1            UGSc           gif0
::1                                     link#1                          UHL             lo0
2001::4137:9e76:808:2d5:b736:3df8       2001:470:1f04:108::1            UGHW3Ii        gif0   3475
2001::4137:9e76:103f:1abd:b04f:6855     2001:470:1f04:108::1            UGHW3Ii        gif0   3564
2001::4137:9e76:1c7d:d4f5:cd86:c5db     2001:470:1f04:108::1            UGHWIi         gif0
2001::4137:9e76:3815:e2b:475d:ff72      2001:470:1f04:108::1            UGHW3Ii        gif0   3512
2001::5ef5:79fb:30a6:25c7:ba58:36b      2001:470:1f04:108::1            UGHW3Ii        gif0   3548
2001:470:5:79a::1                       2001:470:1f04:108::1            UGHW3Ii        gif0   3279
2001:470:5:97a::1                       2001:470:1f04:108::1            UGHW3Ii        gif0   3494
2001:470:1f04:108::1                    2001:470:1f04:108::2            UHL            gif0
2001:470:1f04:108::1                    link#2                          UHLI           gif0
2001:470:1f04:108::2                    link#2                          UHL             lo0
2001:470:1f05:108::                     link#1                          UHL             lo0
2001:470:1f05:108::/64                  fe80::1%lo0                     UcI             lo0
2001:470:1f05:108::1                    0:25:4b:b4:2a:8                 UHLS            lo0
2001:4860:4860::8844                    2001:470:1f04:108::1            UGHW3Ii        gif0   2010
2001:4860:4860::8888                    2001:470:1f04:108::1            UGHW3Ii        gif0   3105
2607:f8b0:4001:c01::63                  2001:470:1f04:108::1            UGHWIi         gif0
2607:f8b0:4001:c01::68                  2001:470:1f04:108::1            UGHW3Ii        gif0   1615
2607:f8b0:4001:c01::69                  2001:470:1f04:108::1            UGHW3Ii        gif0   3295
2607:f8b0:4001:c01::93                  2001:470:1f04:108::1            UGHW3Ii        gif0   2875
2607:fcd0:100:c21:216:3cff:fe8d:d540    2001:470:1f04:108::1            UGHW3Ii        gif0   3439
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%gif0/64                          link#2                          UCI            gif0
fe80::1%gif0                            link#2                          UHLWIi         gif0
fe80::225:4bff:feb4:2a08%gif0           link#2                          UHLI            lo0
fe80::4901:6562:347a:262a%gif0          link#2                          UHLWIi         gif0
fe80::c62c:3ff:fe17:60ab%gif0           link#2                          UHLWIi         gif0
fe80::%en0/64                           link#4                          UCI             en0
fe80::225:4bff:feb4:2a08%en0            0:25:4b:b4:2a:8                 UHLI            lo0
fe80::a20b:baff:fe8e:4e%en0             a0:b:ba:8e:0:4e                 UHLWIi          en0
fe80::c62c:3ff:fe17:60ab%en0            c4:2c:3:17:60:ab                UHLWIi          en0
ff01::%lo0/32                           fe80::1%lo0                     UmCI            lo0
ff01::%gif0/32                          link#2                          UmCI           gif0
ff01::%en0/32                           link#4                          UmCI            en0
ff02::%lo0/32                           fe80::1%lo0                     UmCI            lo0
ff02::%gif0/32                          link#2                          UmCI           gif0
ff02::%en0/32                           link#4                          UmCI            en0


Can anyone see any glaring errors in the configs, or problems in the routing table?

Thank you for your time!  :)

cholzhauer

Did you have to re-configure the tunnel after you upgraded? 

ivanfilippov

Quote from: cholzhauer on February 13, 2012, 11:26:51 AM
Did you have to re-configure the tunnel after you upgraded? 

No, I didn't touch the configuration after the upgrade.

nickbeee

Has Lion changed the way the firewall is configured? Can you turn off the firewall temporarily and repeat the tests?

Looks like I will be sticking with 10.6 for a while longer then!
Nick B.

Tunnelling with [Open|Net|Free]BSD and IOS.
IPv6 courtesy of   HE and   Sixxs.

ivanfilippov

Quote from: nickbeee on February 13, 2012, 04:08:45 PM
Has Lion changed the way the firewall is configured? Can you turn off the firewall temporarily and repeat the tests?

I have the ip6fw set to allow everything:

65535 allow ipv6 from any to any