Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: IPv6 server not reachable from host, however reachable from Archer C7 (openwrt)  (Read 7968 times)

jfargen

  • Newbie
  • *
  • Posts: 8

Hello-

I have setup an IPv6 tunnel on my Archer C7 router running OpenWRT:
root@OpenWrt:~# ifconfig
6in4-henet Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::485b:5169/128 Scope:Link
          inet6 addr: 2001:470:d9bf::2/48 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
          RX packets:9 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:936 (936.0 B)  TX bytes:936 (936.0 B)


As you can see I have setup a /64 subnet, not sure if this correct however it is my first time:
br-lan    Link encap:Ethernet  HWaddr 14:CC:20:F1:96:DE 
          inet addr:192.168.11.1  Bcast:192.168.11.255  Mask:255.255.255.0
          inet6 addr: 2001:470:db9f:1::1/64 Scope:Global
          inet6 addr: fe80::16cc:20ff:fef1:96de/64 Scope:Link
          inet6 addr: fdd4:db6:22e2::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6622 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4145 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:956650 (934.2 KiB)  TX bytes:1865997 (1.7 MiB)


From the openwrt router I can ping ipv6.he.net:
root@OpenWrt:~# ping6 ipv6.he.net
PING ipv6.he.net (2001:470:0:64::2): 56 data bytes
64 bytes from 2001:470:0:64::2: seq=0 ttl=56 time=90.005 ms
64 bytes from 2001:470:0:64::2: seq=1 ttl=56 time=89.341 ms
64 bytes from 2001:470:0:64::2: seq=2 ttl=56 time=89.112 ms
64 bytes from 2001:470:0:64::2: seq=3 ttl=56 time=88.887 ms
64 bytes from 2001:470:0:64::2: seq=4 ttl=56 time=88.665 ms
^C
--- ipv6.he.net ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 88.665/89.202/90.005 ms

On my laptop running OS X, I have the following ipv6 addresses, they were setup automagically I didn't configure radvd or dhcp6:
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1400
   ether 84:38:35:5b:c3:50
   inet6 fe80::8638:35ff:fe5b:c350%en0 prefixlen 64 scopeid 0x4
   inet 192.168.11.216 netmask 0xffffff00 broadcast 192.168.11.255
   inet6 fdd4:db6:22e2::8638:35ff:fe5b:c350 prefixlen 64 autoconf
   inet6 fdd4:db6:22e2::b1fa:8ca9:3b09:8e8a prefixlen 64 autoconf temporary
   inet6 2001:470:db9f:1:8638:35ff:fe5b:c350 prefixlen 64 autoconf
   inet6 2001:470:db9f:1:dd44:38d3:ef2b:5bba prefixlen 64 autoconf temporary
   inet6 2001:470:db9f:1::b04 prefixlen 64 dynamic
   nd6 options=1<PERFORMNUD>
   media: autoselect
   status: active

But ping6 or traceroute6 from my OS X host does not work:
$ ping6 ipv6.he.net
PING6(56=40+8+8 bytes) 2001:470:db9f:1:dd44:38d3:ef2b:5bba --> 2001:470:0:64::2
^C
--- ipv6.he.net ping6 statistics ---
11 packets transmitted, 0 packets received, 100.0% packet loss


and

$ traceroute6 ipv6.he.net
traceroute6 to ipv6.he.net (2001:470:0:64::2) from 2001:470:db9f:1:dd44:38d3:ef2b:5bba, 64 hops max, 12 byte packets
 1  2001:470:db9f:1::1  1.603 ms  0.990 ms  0.840 ms
 2  2001:470:db9f:1::1  0.733 ms  1.101 ms  1.030 ms
 3  2001:470:db9f:1::1  0.932 ms *  1.948 ms
 4  2001:470:db9f:1::1  1.043 ms  0.945 ms  1.412 ms
 5  2001:470:db9f:1::1  1.043 ms

Looks like my default gateway is using the link-local for br-lan interface. Is that okay?
Internet6:
Destination                             Gateway                         Flags         Netif Expire
default                                 fe80::16cc:20ff:fef1:96de%en0   UGc             en0
::1                                     ::1                             UHL             lo0
2001:470:db9f:1::/64                    link#4                          UC              en0
2001:470:db9f:1::1                      14:cc:20:f1:96:de               UHLWIi          en0
2001:470:db9f:1::b04                    84:38:35:5b:c3:50               UHL             lo0
2001:470:db9f:1:8638:35ff:fe5b:c350     84:38:35:5b:c3:50               UHL             lo0
2001:470:db9f:1:dd44:38d3:ef2b:5bba     84:38:35:5b:c3:50               UHL             lo0
fdd4:db6:22e2::/64                      link#4                          UC              en0
fdd4:db6:22e2::8638:35ff:fe5b:c350      84:38:35:5b:c3:50               UHL             lo0
fdd4:db6:22e2::b1fa:8ca9:3b09:8e8a      84:38:35:5b:c3:50               UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::16cc:20ff:fef1:96de%en0           14:cc:20:f1:96:de               UHLWIir         en0
fe80::8638:35ff:fe5b:c350%en0           84:38:35:5b:c3:50               UHLI            lo0
fe80::%awdl0/64                         link#8                          UCI           awdl0
fe80::c82:a4ff:fe43:7281%awdl0          e:82:a4:43:72:81                UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%awdl0/32                         link#8                          UmCI          awdl0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%awdl0/32                         link#8                          UmCI          awdl0


Actually, now the route has disappeared:
Internet6:
Destination                             Gateway                         Flags         Netif Expire
::1                                     ::1                             UHL             lo0
fe80::%lo0/64                           fe80::1%lo0                     UcI             lo0
fe80::1%lo0                             link#1                          UHLI            lo0
fe80::%en0/64                           link#4                          UCI             en0
fe80::8638:35ff:fe5b:c350%en0           84:38:35:5b:c3:50               UHLI            lo0
fe80::%awdl0/64                         link#8                          UCI           awdl0
fe80::c82:a4ff:fe43:7281%awdl0          e:82:a4:43:72:81                UHLI            lo0
ff01::%lo0/32                           ::1                             UmCI            lo0
ff01::%en0/32                           link#4                          UmCI            en0
ff01::%awdl0/32                         link#8                          UmCI          awdl0
ff02::%lo0/32                           ::1                             UmCI            lo0
ff02::%en0/32                           link#4                          UmCI            en0
ff02::%awdl0/32                         link#8                          UmCI          awdl0


$ ping6 ipv6.he.net
ping6: UDP connect: No route to host
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1736

1) do not put any of your routed address space on the tunnel interface.

2) get rid of ULA unless you actually use it, and if you do, you need to figure out what exactly on your lan is spewing out RA, because you have SLAAC IPs on your windows box in both ULA and HE routed subnet.

3) link-local of the bridged interface as default gateway is expected when your autoconfigure. again if you didn't configure radvd on the WRT, then something on that device decided to without you knowing. it disappearing is probably a big issue with why you can't get out, but so is address selection, since ULA won't route over the tunnel/internet, and if you are sourcing from that, nothing will work.
Logged

jfargen

  • Newbie
  • *
  • Posts: 8

Thanks for replying!

1) Please be more verbose, I do not know exactly what you mean.

2) I will remove the ULA

3) Okay, it seems like my changes weren't static.


The good news is that it is working on the host side now.
$ traceroute6 ipv6.he.net
traceroute6 to ipv6.he.net (2001:470:0:64::2) from 2001:470:d9bf:1:64f3:8da0:d1d7:3d93, 64 hops max, 12 byte packets
 1  2001:470:d9bf:1::1  1.748 ms  1.163 ms  1.181 ms
 2  jfargen-1.tunnel.tserv12.mia1.ipv6.he.net  16.596 ms  32.035 ms  19.996 ms
 3  ge2-3.core1.mia1.he.net  42.073 ms  14.984 ms  14.920 ms
 4  10ge15-4.core1.dal1.he.net  47.535 ms  46.659 ms  102.897 ms
 5  10ge15-4.core1.phx2.he.net  85.078 ms  71.766 ms  77.381 ms
 6  10ge15-6.core1.lax2.he.net  85.018 ms  76.905 ms  84.932 ms
 7  10ge9-5.core1.sjc2.he.net  107.556 ms  104.405 ms  102.468 ms
 8  10ge4-2.core3.fmt2.he.net  94.626 ms  91.890 ms  100.026 ms
 9  10ge2-1.core1.fmt1.he.net  94.854 ms
    ipv6.he.net  176.856 ms  179.322 ms
Logged

jfargen

  • Newbie
  • *
  • Posts: 8

I figured out why my changes did not survive restart. I guess OpenWRT uses some kind of overlay and you need to execute 'uci commit network' to write the changes. Kind of new to OpenWRT and all. Thanks for you help!
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1736

1) below is the output you provided for your tunnel interface

Code: [Select]
6in4-henet Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::485b:5169/128 Scope:Link
          inet6 addr: 2001:470:d9bf::2/48 Scope:Global

that /48 doesn't belong there, only your tunnel Client IPv6 IP does.
Logged

jfargen

  • Newbie
  • *
  • Posts: 8

Weird. It was working with the /48, but I swapped it out for my Client IPv6 Address as shown below and my host behind the router doesn't work any longer.

Code: [Select]
6in4-henet Link encap:IPv6-in-IPv4 
inet6 addr: fe80::485b:5169/128 Scope:Link
inet6 addr: 2001:470:4:599::2/64 Scope:Global
         



Things seem to work fine with the /48.
Code: [Select]
6in4-henet Link encap:IPv6-in-IPv4 
inet6 addr: fe80::485b:5169/128 Scope:Link
inet6 addr: 2001:470:d9bf::2/48 Scope:Global

Logged

jfargen

  • Newbie
  • *
  • Posts: 8

One other interesting things to note...

I am able to ping6 google.com, ipv6.he.net, but ping6 www.cogentco.com is not working.

$ ping6 google.com
PING6(56=40+8+8 bytes) 2001:470:d9bf:1:88be:9875:f57a:34c5 --> 2607:f8b0:4008:808::200e
16 bytes from 2607:f8b0:4008:808::200e, icmp_seq=0 hlim=58 time=13.195 ms
16 bytes from 2607:f8b0:4008:808::200e, icmp_seq=1 hlim=58 time=22.982 ms
16 bytes from 2607:f8b0:4008:808::200e, icmp_seq=2 hlim=58 time=17.973 ms
^C
--- google.com ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 13.195/18.050/22.982/3.996 ms


and here is the ping from www.cogentco.com:

$ ping6 www.cogentco.com
PING6(56=40+8+8 bytes) 2001:470:d9bf:1:88be:9875:f57a:34c5 --> 2001:550:1::cc01
^C
--- cogentco.com ping6 statistics ---
9 packets transmitted, 0 packets received, 100.0% packet loss

When I go to Level3's looking glass I am able to ping6 www.cogentco.com.
Ping results from Miami, FL to 2001:550:1::cc01
icmp_seq=1 ttl=56 time=26.2 ms
icmp_seq=2 ttl=56 time=26.1 ms
icmp_seq=3 ttl=56 time=26.1 ms
icmp_seq=4 ttl=56 time=26.1 ms
icmp_seq=5 ttl=56 time=26.2 ms
icmp_seq=6 ttl=56 time=26.2 ms
icmp_seq=7 ttl=56 time=26.1 ms
icmp_seq=8 ttl=56 time=26.1 ms
icmp_seq=9 ttl=56 time=26.2 ms
icmp_seq=10 ttl=56 time=26.1 ms

---- target statistics ----
10 packets transmitted, 10 packets received, 0% packet loss
rtt min/avg/median/max/mdev/stddev = 26.1/26.14/26.1/26.2/0.219/0.049 ms

Is this a routing issue?
Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1736

It is a Cogent issue. They don't peer with HE or use an IPv6 transit. Their loss and their customer's loss.
Logged

jfargen

  • Newbie
  • *
  • Posts: 8

Back to my earlier question... Why doesn't doesn't my tunnel work when I use the Client IPv6 Address:2001:470:4:599::2/64, but it works fine when I use an IP in my Routed /48:2001:470:d9bf::/48 subnet?

Thanks
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 264
    • aRDy Music

Is ipv6 forwarding enabled?
Logged