• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

How to create a Tunnel using a own server?

Started by lucabert, March 03, 2012, 10:56:33 AM

Previous topic - Next topic

lucabert

Hi, folks!

I have a server (Ubuntu 10.04) with a native IPv6 connection. My Provider gave 2 /64-Subnet and I want to create a Tunnel to my PC at home, in order to be independent and have an IPv6 connection.

Now, this is what I did on my server:
/sbin/ip tunnel add ipv6tun mode sit ttl 255 remote <my IP at home> local <IPv4 of my server>
/sbin/ip link set dev ipv6tun up
/sbin/ip -6 addr add 2001:1608:10:47:1::1/64 dev ipv6tun
/sbin/ip -6 route add 2001:1608:10:47:10::/64 dev ipv6tun metric 1

Just for fun, I tried, from another Server using IPv6, to ping 2001:1608:10:47:1::1. No answer...
Not wondering, that I can't reach my PC at home using this tunnel...

If I give the same IP (oder another IP of this Subnet) to eth0 it works (I can ping it), but I can't route the pakets to the tunnel...

Now: what is the error? I found many Howtos to create such a tunnel, and all of them say that I just have to do what I did...
Why the evil it does not work?

Please, help me to find my error...

Regards
Luca Bertoncello

lucabert

Hi, again!

Some other info:
I tried giving 2001:1608:10:47:1::1/128 to the interface ipv6tun and ping from another server.
Here what I see with tcpdump (on my server, interface eth0):

21:38:06.644712 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::1, length 32
21:38:07.371903 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
21:38:07.931582 IP6 fe80::dcad:dd09:f0d3:c9da.546 > ff02::1:2.547: dhcp6 solicit

Nothing to see on ipv6tun with tcpdump...

Any idea?

Thanks a lot
Luca Bertoncello

nathana

Have you turned on IPv6 forwarding?

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding

-- Nathan

lucabert

Quote from: nathana on March 03, 2012, 01:18:59 PM
Have you turned on IPv6 forwarding?

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding


Yes, but it does not help... :(

Today I tried this, too:

On the server:
ip=$(dig +short lucabert.homelinux.org)
/sbin/ip tunnel add ipv6tun mode sit ttl 255 remote $ip local 84.200.210.163
/sbin/ip link set dev ipv6tun up
/sbin/ip -6 route add 2001:1608:10:47:10::/80 dev ipv6tun metric 1

On my PC:
IPLOCAL=`/sbin/ip addr show dev ppp0 | /bin/grep inet | /usr/bin/awk '{print $2}'`
/sbin/ip tunnel add ipv6tun mode sit remote 84.200.210.163 local $IPLOCAL ttl 255
/sbin/ip link set ipv6tun up
/sbin/ip route add ::/0 dev ipv6tun
/sbin/ip -6 addr add 2001:1608:10:47:10::1/80 dev eth0

Well, from my Server I can reach my PC and from my PC I can reach the Server, but again, when I try, from my PC, to reach any other Host, I can't get an answer:

tcpdump on my PC (tcpdump -n -i ipv6tun), when I try to ping 2001:1608:10:47::1:
08:22:49.630898 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 1, length 64
08:22:50.639091 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 2, length 64
08:22:51.639103 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 3, length 64
08:22:52.639104 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 4, length 64
08:22:53.639106 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 5, length 64
08:22:54.639102 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 6, length 64
08:22:55.639104 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 7, length 64

tcpdump on my Server (tcpdump -n -i eth0 ip6 and not port 22):
08:22:49.247589 IP6 fe80::c955:68cb:cc9d:fd72.546 > ff02::1:2.547: dhcp6 solicit
08:22:49.656513 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 1, length 64
08:22:49.752588 IP6 2001:1608:10:47::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:10::1, length 32
08:22:50.264218 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 117
08:22:50.264490 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 119
08:22:50.664686 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 2, length 64
08:22:50.665120 IP6 2001:1608:10:47::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:10::1, length 32
08:22:51.191265 IP6 fe80::2c8c:e070:d9ca:60ed.546 > ff02::1:2.547: dhcp6 solicit
08:22:51.247685 IP6 fe80::c955:68cb:cc9d:fd72.546 > ff02::1:2.547: dhcp6 solicit
08:22:51.664687 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 3, length 64
08:22:51.665089 IP6 2001:1608:10:47::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:10::1, length 32
08:22:51.777848 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
08:22:52.033862 IP6 fe80::64c7:cf29:b6af:44c5.546 > ff02::1:2.547: dhcp6 solicit
08:22:52.197662 IP6 fe80::2c8c:e070:d9ca:60ed.546 > ff02::1:2.547: dhcp6 solicit
08:22:52.413032 IP6 fe80::905:2ba0:3b63:5abc.546 > ff02::1:2.547: dhcp6 solicit
08:22:52.664719 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 4, length 64
08:22:53.275399 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 119
08:22:53.275568 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 117
08:22:53.664928 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 5, length 64
08:22:53.751755 IP6 2001:1608:10:47::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:10::1, length 32
08:22:53.957689 IP6 fe80::b8de:b220:8274:46b5.60560 > ff02::1:3.5355: UDP, length 22
08:22:54.211661 IP6 fe80::2c8c:e070:d9ca:60ed.546 > ff02::1:2.547: dhcp6 solicit
08:22:54.654328 IP6 fe80::e269:95ff:feb3:e4ec > 2001:1608:10:24::1: ICMP6, neighbor solicitation, who has 2001:1608:10:24::1, length 32
08:22:54.657554 IP6 fe80::223:9c00:f0fc:6fc0 > fe80::e269:95ff:feb3:e4ec: ICMP6, neighbor advertisement, tgt is 2001:1608:10:24::1, length 24
08:22:54.664670 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 6, length 64
08:22:54.665027 IP6 2001:1608:10:47::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:10::1, length 32
08:22:54.787263 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
08:22:54.830667 IP6 fe80::2002:4895:807b:75e7.546 > ff02::1:2.547: dhcp6 solicit
08:22:55.247875 IP6 fe80::c955:68cb:cc9d:fd72.546 > ff02::1:2.547: dhcp6 solicit
08:22:55.664690 IP6 2001:1608:10:47:10::1 > 2001:1608:10:47::1: ICMP6, echo request, seq 7, length 64
08:22:55.665099 IP6 2001:1608:10:47::1 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:10::1, length 32
08:22:55.825708 IP6 fe80::383e:8dda:5a62:671b.546 > ff02::1:2.547: dhcp6 solicit
08:22:55.914350 IP6 2001:1608:10:24:1::1.110 > 2001:470:1f0b:191:20b:6aff:fe73:a7cb.59568: Flags [S.], seq 28950079, ack 2257202300, win 5712, options [mss 1440,sackOK,TS val 198682843 ecr 1114510126,[|tcp]>
08:22:55.915935 IP6 2001:1608:10:24:1::1.110 > 2001:470:1f0b:191:20b:6aff:fe73:a7cb.59568: Flags [S.], seq 28950079, ack 2257202300, win 5712, options [mss 1440,sackOK,TS val 198682843 ecr 1114510126,[|tcp]>

Well, I can't understand WHY it does not work... Why ask my Server who has 2001:1608:10:47:10::1, if it can reach it using device ip6tun?

Thanks a lot for your help
Luca Bertoncello

nathana

Dumb question I'm sure, but...you are adding v6 addresses to both ends of the ipv6tun interface, yes?  In the first post, I see that you did it on the server side, but you didn't mention it on the client side.  And in the second post, you don't assign addresses to those interfaces at all.

These are the steps that would make sense to me (granted, I'm coming at this from an IPv4 background, so I'm sure I still have a few bad habits/assumptions that I need to break myself):

1. Enable IPv6 forwarding on the server (needs to be done after every reboot).
2. Create an ipv6tun interface the way you have been doing on the server, pointed at the client's IPv4 address.
3. Create an ipv6tun interface in the same way on the client, pointed at the server's IPv4 address.
4. Add an IPv6 address on the ipv6tun interface on the server.
5. Add an IPv6 address on the ipv6tun interface on the client (probably best if it is within the same subnet as the one you added on the server).
6. Add a route on the server, pointed at the ipv6tun interface, for the subnet you want to use on the client.
7. Add a default route on the client side, pointed at the ipv6tun interface.
8. Add the ::1 address for the subnet you are routing from the server to the client on the client's interface that faces the LAN (e.g., eth0).

That really should do it.  From another host on the IPv6 net, make sure you can successively A) ping the server at the address on any of its interfaces, B) specifically ping the server at the address you added to the ipv6tun interface, C) ping the client at the address you added on its ipv6tun interface, and finally D) ping the client at its ::1 address on eth0 or whatever.  If any of these tests fail, the one that it fails at should give you a clue about where to look next.

Hope this helps,

-- Nathan

lucabert

Hi, Nathan!

Quote from: nathana on March 04, 2012, 03:06:06 AM
Dumb question I'm sure, but...you are adding v6 addresses to both ends of the ipv6tun interface, yes?  In the first post, I see that you did it on the server side, but you didn't mention it on the client side.  And in the second post, you don't assign addresses to those interfaces at all.

These are the steps that would make sense to me (granted, I'm coming at this from an IPv4 background, so I'm sure I still have a few bad habits/assumptions that I need to break myself):

1. Enable IPv6 forwarding on the server (needs to be done after every reboot).
2. Create an ipv6tun interface the way you have been doing on the server, pointed at the client's IPv4 address.
3. Create an ipv6tun interface in the same way on the client, pointed at the server's IPv4 address.
4. Add an IPv6 address on the ipv6tun interface on the server.
5. Add an IPv6 address on the ipv6tun interface on the client (probably best if it is within the same subnet as the one you added on the server).
6. Add a route on the server, pointed at the ipv6tun interface, for the subnet you want to use on the client.
7. Add a default route on the client side, pointed at the ipv6tun interface.
8. Add the ::1 address for the subnet you are routing from the server to the client on the client's interface that faces the LAN (e.g., eth0).

On my server I did:

echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
ip=$(dig +short lucabert.homelinux.org)
/sbin/ip tunnel add ipv6tun mode sit ttl 255 remote $ip local 84.200.210.163
/sbin/ip link set dev ipv6tun up
/sbin/ip -6 addr add 2001:1608:10:47:1::1/80 dev ipv6tun
/sbin/ip -6 route add 2001:1608:10:47:10::/80 dev ipv6tun metric 1


On my PC:
IPLOCAL=`/sbin/ip addr show dev ppp0 | /bin/grep inet | /usr/bin/awk '{print $2}'`
/sbin/ip tunnel add ipv6tun mode sit remote 84.200.210.163 local $IPLOCAL ttl 255
/sbin/ip link set ipv6tun up
/sbin/ip -6 addr add 2001:1608:10:47:1::2/80 dev ipv6tun
/sbin/ip -6 addr add 2001:1608:10:47:10::1/80 dev eth0
/sbin/ip route add ::/0 dev ipv6tun


Quote
That really should do it.  From another host on the IPv6 net, make sure you can successively A) ping the server at the address on any of its interfaces, B) specifically ping the server at the address you added to the ipv6tun interface, C) ping the client at the address you added on its ipv6tun interface, and finally D) ping the client at its ::1 address on eth0 or whatever.  If any of these tests fail, the one that it fails at should give you a clue about where to look next.

QuoteA) ping the server at the address on any of its interfaces
OK with 2001:1608:10:24:1::1 from my PC and other

QuoteB) specifically ping the server at the address you added to the ipv6tun interface
OK with 2001:1608:10:47:1::1 from my PC. From other Host:
    ping6 2001:1608:10:47:1::1
    PING 2001:1608:10:47:1::1(2001:1608:10:47:1::1) 56 data bytes
    From 2001:1608:0:13::1 icmp_seq=1 Destination unreachable: Address unreachable
    From 2001:1608:0:13::1 icmp_seq=5 Destination unreachable: Address unreachable

tcpdump -n -i eth0 ip6 on my Server:
21:07:36.364346 IP6 fe80::8c18:1b10:1bf7:20a2.546 > ff02::1:2.547: dhcp6 solicit
21:07:36.427969 IP6 fe80::225:90ff:fe3f:5dee.546 > ff02::1:2.547: dhcp6 solicit
21:07:37.013149 IP6 fe80::216:3eff:fe47:655f.5353 > ff02::fb.5353: 0[|domain]
21:07:37.483322 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::1, length 32
21:07:38.179213 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:07:38.483465 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::1, length 32
21:07:38.572234 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
21:07:39.016443 IP6 fe80::216:3eff:fe47:655f.5353 > ff02::fb.5353: 0[|domain]
21:07:39.482868 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:1: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::1, length 32
21:07:40.183182 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:07:40.958818 IP6 fe80::41b6:d6d0:4a6e:db88.546 > ff02::1:2.547: dhcp6 solicit
21:07:41.110825 IP6 fe80::a982:6b3f:b739:4aac.546 > ff02::1:2.547: dhcp6 solicit
21:07:41.315051 IP6 fe80::dcad:dd09:f0d3:c9da.546 > ff02::1:2.547: dhcp6 solicit


QuoteC) ping the client at the address you added on its ipv6tun interface, and finally
OK from my server. From other Host:
    ping6 2001:1608:10:47:1::2
    PING 2001:1608:10:47:1::2(2001:1608:10:47:1::2) 56 data bytes
    From 2001:1608:0:13::1 icmp_seq=1 Destination unreachable: Address unreachable
    From 2001:1608:0:13::1 icmp_seq=5 Destination unreachable: Address unreachable

tcpdump -n -i eth0 ip6 on my Server:
21:09:01.468686 IP6 2001:1608:10:24::1 > 2001:1608:10:24:3::2: ICMP6, neighbor solicitation, who has 2001:1608:10:24:3::2, length 32
21:09:01.468743 IP6 2001:1608:10:24:3::2 > 2001:1608:10:24::1: ICMP6, neighbor advertisement, tgt is 2001:1608:10:24:3::2, length 24
21:09:01.468769 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::2, length 32
21:09:01.704431 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
21:09:01.999558 IP6 fe80::2901:65f1:afee:e12.546 > ff02::1:2.547: dhcp6 solicit
21:09:02.708136 IP6 fe80::216:3eff:fe47:655f.5353 > ff02::fb.5353: 0[|domain]
21:09:03.177269 IP6 fe80::c59e:b228:95fc:c8a0.546 > ff02::1:2.547: dhcp6 solicit
21:09:03.468350 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::2, length 32
21:09:03.711687 IP6 fe80::216:3eff:fe47:655f.5353 > ff02::fb.5353: 0[|domain]
21:09:04.144144 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:09:04.468165 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::2, length 32
21:09:04.493641 IP6 fe80::c136:49cd:6eab:5865.546 > ff02::1:2.547: dhcp6 solicit
21:09:04.774341 IP6 fe80::e269:95ff:feb3:e4ec > 2001:1608:10:24::1: ICMP6, neighbor solicitation, who has 2001:1608:10:24::1, length 32
21:09:04.774772 IP6 fe80::223:9c00:f0fc:6fc0 > fe80::e269:95ff:feb3:e4ec: ICMP6, neighbor advertisement, tgt is 2001:1608:10:24::1, length 24
21:09:05.151571 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:09:05.217409 IP6 fe80::2002:4895:807b:75e7.60915 > ff02::1:3.5355: UDP, length 24
21:09:05.325857 IP6 fe80::2002:4895:807b:75e7.60915 > ff02::1:3.5355: UDP, length 24
21:09:05.463498 IP6 fe80::9df8:d7a2:3331:8e0.546 > ff02::1:2.547: dhcp6 solicit
21:09:05.467949 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::2, length 32
21:09:05.495154 IP6 fe80::216:3eff:fe05:9fc2.5353 > ff02::fb.5353: 0[|domain]
21:09:05.700033 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
21:09:05.948864 IP6 fe80::2d84:7baa:66cc:c2a6.546 > ff02::1:2.547: dhcp6 solicit
21:09:06.503177 IP6 fe80::216:3eff:fe05:9fc2.5353 > ff02::fb.5353: 0[|domain]
21:09:06.948251 IP6 fe80::2d84:7baa:66cc:c2a6.546 > ff02::1:2.547: dhcp6 solicit
21:09:07.155566 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:09:07.467529 IP6 fe80::223:9c00:f0fc:6fc0 > ff02::1:ff00:2: ICMP6, neighbor solicitation, who has 2001:1608:10:47:1::2, length 32


tcpdump -n -i ipv6tun on my PC:
21:09:03.011092 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 2, length 64
21:09:04.011100 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 3, length 64
21:09:05.011106 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 4, length 64
21:09:06.011104 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 5, length 64
21:09:07.013039 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 6, length 64


QuoteD) ping the client at its ::1 address on eth0 or whatever.
The same result:
tcpdump -n -i eth0 ip6 on my Server:

21:10:37.150057 IP6 fe80::383e:8dda:5a62:671b.546 > ff02::1:2.547: dhcp6 solicit
21:10:37.492944 IP6 fe80::216:3eff:fe47:655f.5353 > ff02::fb.5353: 0[|domain]
21:10:38.176615 IP6 2001:1608:10:47:1::2.47719 > 2001:470:0:63::2.80: Flags , seq 311755423, win 5648, options [mss 1412,sackOK,TS val 459427389 ecr 0,[|tcp]>
21:10:38.528020 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:10:38.585020 IP6 fe80::e1e5:bf48:1fc2:21a1.546 > ff02::1:2.547: dhcp6 solicit
21:10:38.773951 IP6 fe80::4d8a:8118:d34a:bc20.546 > ff02::1:2.547: dhcp6 solicit
21:10:38.840587 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
21:10:39.067977 IP6 fe80::2002:4895:807b:75e7.546 > ff02::1:2.547: dhcp6 solicit
21:10:39.162398 IP6 fe80::383e:8dda:5a62:671b.546 > ff02::1:2.547: dhcp6 solicit
21:10:39.536045 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:10:39.584904 IP6 fe80::e1e5:bf48:1fc2:21a1.546 > ff02::1:2.547: dhcp6 solicit
21:10:39.778378 IP6 fe80::4d8a:8118:d34a:bc20.546 > ff02::1:2.547: dhcp6 solicit
21:10:40.068799 IP6 fe80::2002:4895:807b:75e7.546 > ff02::1:2.547: dhcp6 solicit
21:10:40.085377 IP6 fe80::2067:7a0c:ea7b:7e4b.546 > ff02::1:2.547: dhcp6 solicit
21:10:40.659749 IP6 fe80::216:3eff:fe05:9fc2.5353 > ff02::fb.5353: 0[|domain]
21:10:40.895646 IP6 2001:1608:10:47:1::2.33199 > 2001:470:1f0b:191:1::1.80: Flags , seq 2656707139, win 5648, options [mss 1412,sackOK,TS val 459428069 ecr 0,[|tcp]>
21:10:41.175886 IP6 2001:1608:10:47:1::2.47719 > 2001:470:0:63::2.80: Flags , seq 311755423, win 5648, options [mss 1412,sackOK,TS val 459428139 ecr 0,[|tcp]>
21:10:41.540055 IP6 fe80::217:31ff:fe36:cadf.5353 > ff02::fb.5353: 0[|domain]
21:10:41.585174 IP6 fe80::e1e5:bf48:1fc2:21a1.546 > ff02::1:2.547: dhcp6 solicit
21:10:41.778900 IP6 fe80::4d8a:8118:d34a:bc20.546 > ff02::1:2.547: dhcp6 solicit
21:10:41.854548 IP6 fe80::2c8c:e070:d9ca:60ed.59494 > ff02::c.1900: UDP, length 146
21:10:42.080648 IP6 fe80::2002:4895:807b:75e7.546 > ff02::1:2.547: dhcp6 solicit
21:10:42.758285 IP6 fe80::216:3eff:fe47:655f.5353 > ff02::fb.5353: 0[|domain]


tcpdump -n -i ipv6tun on my PC:
21:10:34.363112 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 4, length 64
21:10:35.363103 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 5, length 64
21:10:36.363111 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 6, length 64
21:10:37.363104 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 7, length 64
21:10:38.156060 IP6 2001:1608:10:47:1::2.47719 > 2001:470:0:63::2.80: S 311755423:311755423(0) win 5648 <mss 1412,sackOK,timestamp 459427389 0,nop,wscale 7>
21:10:38.363104 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 8, length 64
21:10:39.363112 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 9, length 64
21:10:40.363100 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 10, length 64
21:10:40.875090 IP6 2001:1608:10:47:1::2.33199 > 2001:470:1f0b:191:1::1.80: S 2656707139:2656707139(0) win 5648 <mss 1412,sackOK,timestamp 459428069 0,nop,wscale 7>
21:10:41.023789 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: S 1715147604:1715147604(0) win 5648 <mss 1412,sackOK,timestamp 459428106 0,nop,wscale 7>
21:10:41.049707 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: S 1969128717:1969128717(0) ack 1715147605 win 5632 <mss 1420,sackOK,timestamp 203289356 459428106,nop,wscale 7>
21:10:41.049816 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 1 win 45 <nop,nop,timestamp 459428112 203289356>
21:10:41.075750 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: P 1:96(95) ack 1 win 44 <nop,nop,timestamp 203289358 459428112>
21:10:41.075846 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 96 win 45 <nop,nop,timestamp 459428119 203289358>
21:10:41.076700 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 1:7(6) ack 96 win 45 <nop,nop,timestamp 459428119 203289358>
21:10:41.102234 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: . ack 7 win 44 <nop,nop,timestamp 203289361 459428119>
21:10:41.102418 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: P 96:128(32) ack 7 win 44 <nop,nop,timestamp 203289361 459428119>
21:10:41.139075 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 128 win 45 <nop,nop,timestamp 459428135 203289361>
21:10:41.155078 IP6 2001:1608:10:47:1::2.47719 > 2001:470:0:63::2.80: S 311755423:311755423(0) win 5648 <mss 1412,sackOK,timestamp 459428139 0,nop,wscale 7>
21:10:41.241128 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 7:89(82) ack 128 win 45 <nop,nop,timestamp 459428160 203289361>
21:10:41.280794 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: . 128:1528(1400) ack 89 win 44 <nop,nop,timestamp 203289379 459428160>
21:10:41.280807 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: P 1528:1647(119) ack 89 win 44 <nop,nop,timestamp 203289379 459428160>
21:10:41.281466 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 1528 win 66 <nop,nop,timestamp 459428170 203289379>
21:10:41.283077 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 1647 win 66 <nop,nop,timestamp 459428170 203289379>
21:10:41.306736 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 89:228(139) ack 1647 win 66 <nop,nop,timestamp 459428176 203289379>
21:10:41.365494 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 1, length 64
21:10:41.369454 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: . ack 228 win 53 <nop,nop,timestamp 203289388 459428176>
21:10:41.378205 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 228:287(59) ack 1647 win 66 <nop,nop,timestamp 459428194 203289388>
21:10:41.391297 IP6 2001:1608:10:24:2::1 > 2001:1608:10:47:1::2: ICMP6, echo reply, seq 1, length 64
21:10:41.404592 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: . ack 287 win 53 <nop,nop,timestamp 203289391 459428194>
21:10:41.405270 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: P 1647:1706(59) ack 287 win 53 <nop,nop,timestamp 203289391 459428194>
21:10:41.431993 IP6 2001:1608:10:47:1::2 > 2001:1608:10:24:2::1: ICMP6, echo request, seq 1, length 64
21:10:41.443075 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 1706 win 66 <nop,nop,timestamp 459428211 203289391>
21:10:41.452899 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 287:372(85) ack 1706 win 66 <nop,nop,timestamp 459428213 203289391>
21:10:41.485674 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: P 1706:1759(53) ack 372 win 53 <nop,nop,timestamp 203289399 459428213>
21:10:41.487264 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: . ack 1759 win 66 <nop,nop,timestamp 459428222 203289399>
21:10:41.488037 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 372:425(53) ack 1759 win 66 <nop,nop,timestamp 459428222 203289399>
21:10:41.514101 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: P 1759:1812(53) ack 425 win 53 <nop,nop,timestamp 203289402 459428222>
21:10:41.515780 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: P 425:462(37) ack 1812 win 66 <nop,nop,timestamp 459428229 203289402>
21:10:41.542420 IP6 2001:1608:10:24:1::1.110 > 2001:1608:10:47:1::2.51396: FP 1812:1902(90) ack 462 win 53 <nop,nop,timestamp 203289404 459428229>
21:10:41.552202 IP6 2001:1608:10:47:1::2.51396 > 2001:1608:10:24:1::1.110: R 462:462(0) ack 1903 win 66 <nop,nop,timestamp 459428238 203289404>


So, it seems that I can send the pakets from my PC to other Hosts, but can not get the answer.
And (really curious!) I can send pakets from other Hosts to my PC, but not get the answer...

I'm really puzzled...

Thanks for any help!
Luca Bertoncello

lucabert

Hi!

I just see a very strange thing: on my server, with tcpdump, I can see, that it tried to send pakets to 2001:470:1f0b:191:1::1, and not to 2001:1608:10:47:10::1.
Now, 2001:470:1f0b:191:1::1 is my IP by tunnelbroker, and of course, I deleted it from eth0 before beginning with these tests...

Why do I see it now?
I think, this can be the problem... Maybe must my PC "send an ARP message to the world" with the new address?

Thanks again for your help!
Luca Bertoncello

nathana

Well, ARP has been replaced by NDP in IPv6.  But I think the more troubling thing is that you say that your PC can ping the server at its ...:47:1::1 address (indicating that the tunnel between the PC and the server is working), but that you cannot ping ...:47:1::1 on the server from other hosts?  (Test B.)  If so, either the packets are reaching your server via your provider but your server is not handling them appropriately, or they are not even making it that far in the first place.

What does a traceroute to 2001:1608:10:47:1::1 from this other host of yours show?  And what happens if instead of putting that subnet on the ipv6tun interface, you instead temporarily stuck it on an ethernet interface?  Can you ping it then?

If not, depending on the results of the traceroute, I would almost venture to guess that either 2001:1608:10:47::/64 does not belong to you (was not one of the /64s you got from your ISP...perhaps a typo?), or they screwed up the routing on their end for that subnet and they aren't sending traffic destined for that address space to you.

-- Nathan

lucabert

Quote from: nathana on March 04, 2012, 02:48:20 PM
Well, ARP has been replaced by NDP in IPv6.  But I think the more troubling thing is that you say that your PC can ping the server at its ...:47:1::1 address (indicating that the tunnel between the PC and the server is working), but that you cannot ping ...:47:1::1 on the server from other hosts? 

Right!

Quote(Test B.)  If so, either the packets are reaching your server via your provider but your server is not handling them appropriately, or they are not even making it that far in the first place.

The question, now, is: how can I check it? And then: what have I to say my provider, to correct the problem?

QuoteWhat does a traceroute to 2001:1608:10:47:1::1 from this other host of yours show? 

2001:1608:10:47:1::1 is now on my server on ipv6tun:

mtr -r -c 2 2001:1608:10:47:1::1
HOST: node1                       Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. 2001:4178:2:1359::3           0.0%     2    0.5   0.5   0.5   0.5   0.0
  2. te1-3-b1.net.muc2.internetx.  0.0%     2    0.4   0.5   0.4   0.5   0.0
  3. ten9-2.r2.muc2.m-online.net   0.0%     2    0.9   0.9   0.9   0.9   0.0
  4. rt-decix.m-online.net         0.0%     2    8.9  49.3   8.9  89.6  57.0
  5. decix.accelerated.de          0.0%     2    8.9   9.0   8.9   9.1   0.1
  6. 2001:1608:0:13::1             0.0%     2    9.0   9.0   9.0   9.0   0.0
  7. ???                          100.0     2    0.0   0.0   0.0   0.0   0.0


QuoteAnd what happens if instead of putting that subnet on the ipv6tun interface, you instead temporarily stuck it on an ethernet interface?  Can you ping it then?

Now:

/sbin/ip -6 addr del 2001:1608:10:47:1::1/80 dev ipv6tun
/sbin/ip -6 addr add 2001:1608:10:47:1::1/80 dev eth0


and then mtr from the same host, I started the mrt before:

mtr -r -c 2 2001:1608:10:47:1::1
HOST: node1                       Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. 2001:4178:2:1359::3           0.0%     2    1.6   1.3   1.0   1.6   0.4
  2. te1-3-b1.net.muc2.internetx.  0.0%     2    0.3   0.3   0.3   0.3   0.0
  3. ten9-2.r2.muc2.m-online.net   0.0%     2    1.0   1.0   1.0   1.0   0.0
  4. rt-decix.m-online.net         0.0%     2    8.8   8.8   8.8   8.9   0.0
  5. decix.accelerated.de          0.0%     2    9.0   9.1   9.0   9.2   0.1
  6. 2001:1608:0:13::1             0.0%     2    8.9   8.9   8.9   9.0   0.0
  7. 2001:1608:10:47:1::1         50.0%     2    9.4   9.4   9.4   9.4   0.0


It seems, that the world know how to reach my subnet, isn't it? But, if the IPs are on interface ipv6tun, it can't be reached...

QuoteIf not, depending on the results of the traceroute, I would almost venture to guess that either 2001:1608:10:47::/64 does not belong to you (was not one of the /64s you got from your ISP...perhaps a typo?), or they screwed up the routing on their end for that subnet and they aren't sending traffic destined for that address space to you.

I sent the result of mtr... What can you say now? 2001:1608:0:13::1 is an host of my provider...

Thanks a lot!
Luca Bertoncello

lucabert

Quote from: nathana on March 04, 2012, 02:48:20 PM
Well, ARP has been replaced by NDP in IPv6.  But I think the more troubling thing is that you say that your PC can ping the server at its ...:47:1::1 address (indicating that the tunnel between the PC and the server is working), but that you cannot ping ...:47:1::1 on the server from other hosts?  (Test B.)  If so, either the packets are reaching your server via your provider but your server is not handling them appropriately, or they are not even making it that far in the first place.

What does a traceroute to 2001:1608:10:47:1::1 from this other host of yours show?  And what happens if instead of putting that subnet on the ipv6tun interface, you instead temporarily stuck it on an ethernet interface?  Can you ping it then?

If not, depending on the results of the traceroute, I would almost venture to guess that either 2001:1608:10:47::/64 does not belong to you (was not one of the /64s you got from your ISP...perhaps a typo?), or they screwed up the routing on their end for that subnet and they aren't sending traffic destined for that address space to you.

-- Nathan

Just another information, I noticed right now...
Currently I do not have the tunnel running, but I can reach the IPv6-address 2001:1608:10:47::1...
Hier an mtr from my PC (using HE-Tunnelbroker):

mtr -r -c 1 2001:1608:10:47::1
HOST: frodo                       Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. poweroy.tunnel.tserv6.fra1.i  0.0%     1   32.3  32.3  32.3  32.3   0.0
  2. gige-g2-4.core1.fra1.he.net   0.0%     1   27.3  27.3  27.3  27.3   0.0
  3. decix.accelerated.de          0.0%     1   26.7  26.7  26.7  26.7   0.0
  4. 2001:1608:10:47::1            0.0%     1   26.8  26.8  26.8  26.8   0.0


It seems, that my provider configured an Host with this IP, maybe as gateway for me... Can it be?
Can I just ask my provider to delete this gateway and hope, that this is the problem?

Or I just didn't understood anything about IPv6 and I do need this gateway?

Thanks
Luca Bertoncello

lucabert

Quote from: nathana on March 04, 2012, 02:48:20 PM
Well, ARP has been replaced by NDP in IPv6.  But I think the more troubling thing is that you say that your PC can ping the server at its ...:47:1::1 address (indicating that the tunnel between the PC and the server is working), but that you cannot ping ...:47:1::1 on the server from other hosts?  (Test B.)  If so, either the packets are reaching your server via your provider but your server is not handling them appropriately, or they are not even making it that far in the first place.

What does a traceroute to 2001:1608:10:47:1::1 from this other host of yours show?  And what happens if instead of putting that subnet on the ipv6tun interface, you instead temporarily stuck it on an ethernet interface?  Can you ping it then?

If not, depending on the results of the traceroute, I would almost venture to guess that either 2001:1608:10:47::/64 does not belong to you (was not one of the /64s you got from your ISP...perhaps a typo?), or they screwed up the routing on their end for that subnet and they aren't sending traffic destined for that address space to you.

-- Nathan

Hi, again!

I tried to configure the tunnel using the server of a friend of mine, that has a /56-Subnet.

I gave the same commands I used on my server (just changing the subnet, of course).
Well, I can reach the ipv6tun interface on the server without problem...

I checked the differences between the configuration of my server and his server.
The only differences I found was by the default route:

on my server:
default via 2001:1608:10:24::1 dev eth0  metric 1024  mtu 1500 advmss 1440 hoplimit 4294967295

on the server of the friend:
default via fe80::1 dev eth0  metric 1  mtu 1500 advmss 1440 hoplimit 0

I can't understand why the default route of the second server can run, and of course it does not run on my server...
But I'm now quiet sure, that the problem ist somewhere by the routing on my provider.

Now the question: how can I identify the problem and what have I to say my provider to correct it?

Thanks a lot
Luca Bertoncello

P.S.: No, I can't use the server of my friend, because he wants to change provider...

lucabert

Quote from: lucabert on March 05, 2012, 04:32:08 AM
I gave the same commands I used on my server (just changing the subnet, of course).
Well, I can reach the ipv6tun interface on the server without problem...

Well, I'm really puzzled...

I just tried this:

on the server:
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
ip=$(dig +short lucabert.homelinux.org)
/sbin/ip tunnel add ipv6tun mode sit ttl 255 remote $ip local 84.200.210.163
/sbin/ip link set dev ipv6tun up
/sbin/ip -6 addr add 2001:1608:10:24:1000::1/72 dev ipv6tun
/sbin/ip -6 route add 2001:1608:10:24:1100::/72 dev ipv6tun metric 1


on my PC:
IPLOCAL=`/sbin/ip addr show dev ppp0 | /bin/grep inet | /usr/bin/awk '{print $2}'`
/sbin/ip tunnel add ipv6tun mode sit remote 84.200.210.163 local $IPLOCAL ttl 255
/sbin/ip link set ipv6tun up
/sbin/ip -6 addr add 2001:1608:10:24:1000::3/72 dev ipv6tun
/sbin/ip route add ::/0 dev ipv6tun
/sbin/ip -6 addr add 2001:1608:10:24:1100::1/72 dev eth0


After a while I can reach my PC from an host via IPv6 and I can reach this host from my PC.
NO IDEA WHY!

Then, I tried to configure radvd with the new network, in order to allow the PC of my wife to use IPv6, too.
Many problem, can't reach any host from her PC, and so on...

Now, I can reach my PC from an host in Internet, but not the host from my PC...
From the PC of my wife I can reach my PC, but not the IPv6 of the device ipv6tun on my server...

What happens?!? Am I really idiot or something is really bad on my server?

Thanks a lot!
Luca Bertoncello