Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Tunnel in ZRH stopped working  (Read 1921 times)

dachziegel5

  • Newbie
  • *
  • Posts: 2
Tunnel in ZRH stopped working
« on: February 15, 2016, 01:32:14 PM »

I'm on the tunnel server "216.66.80.98".

My configuration looks like this:
Code: [Select]
auto ipv6
iface ipv6 inet6 v4tunnel
        address 2001:470:25:b33::2
        netmask 64
        endpoint 216.66.80.98
        local 10.0.0.7
        ttl 255
        gateway 2001:470:25:b33::1

10.0.0.7, because I'm behind a NAT. This tunnel worked for almost a year. It stopped working some weeks ago.

I can't figure out what changed. UFW is completely disabled for testing, even thought it worked with UFW. iptables settings have been changed too and worked.

No packet is going throught the tunnel. I can't even ping the tunnel endpoint.

Could someone figure out what is wrong?

The tunnel is showing up correctly in "ifconfig".

Thanks!
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 419
Re: Tunnel in ZRH stopped working
« Reply #1 on: February 15, 2016, 04:57:18 PM »

I see traffic going out to you, but nothing coming back.  Did your local IPv4 endpoint change?
Logged

dachziegel5

  • Newbie
  • *
  • Posts: 2
Re: Tunnel in ZRH stopped working
« Reply #2 on: February 16, 2016, 02:48:26 AM »

My Public-IP never changed as it is a static one.
Inside my network the box which tries to get IPv6 has also static configuration for 10.0.0.7.

This is my ifconfig:
Code: [Select]
eth0      Link encap:Ethernet  HWaddr c0:3f:d5:69:ea:17
          inet addr:10.0.0.7  Bcast:10.0.0.255  Mask:255.255.255.0
          inet6 addr: 2001:470:26:b33::1/64 Scope:Global
          inet6 addr: fe80::c23f:d5ff:fe69:ea17/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:152812 errors:0 dropped:0 overruns:0 frame:0
          TX packets:152522 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:96430412 (96.4 MB)  TX bytes:93687260 (93.6 MB)

ipv6      Link encap:IPv6-in-IPv4
          inet6 addr: fe80::a00:7/64 Scope:Link
          inet6 addr: 2001:470:25:b33::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11428 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:976013 (976.0 KB)


As you can see there is a "2001:470:26:b33::1" configured from my /64 range from HE because I'm using this device as the router. Its assigning IPv6 addresses to my home network. Those clients btw, receive an IP from my /64, but are also not able to get throught the tunnel. This worked before..

Am I overseeing something?

Thanks in advance!
« Last Edit: February 16, 2016, 02:50:16 AM by dachziegel5 »
Logged

folken

  • Newbie
  • *
  • Posts: 1
Re: Tunnel in ZRH stopped working
« Reply #3 on: May 09, 2016, 08:47:40 AM »

I have the same problem with the ZRH tserv. New nets do not seem to be  provisioned there. All other brokers (frankfurt,amsterdam) work with the same setup and different ips.

tcpdump -i eth1 -pn host 216.66.80.98

17:45:24.708353 IP X.X.X.X > 216.66.80.98: IP6 2001:470:25:1c2::2 > 2001:470:25:1c2::1: ICMP6, echo request, seq 308, length 64

Never a reply.
Logged

bbfoc

  • Newbie
  • *
  • Posts: 1
Re: Tunnel in ZRH stopped working
« Reply #4 on: June 16, 2016, 11:41:44 PM »

Hi,

I have the exact same problem. I'm in France, using Bouygues/Numericable. I've used HE for some years with no problems and, a few days (weeks ?) ago it just stopped working. I did not change anything and I even double checked (and fully opened ;) ) my firewall. I can ping my side of the tunnel but not the other side.

Tunnel is up but no ipv6 connectivity. Using wireshark, I can see packets going to 216.66.84.42 but no packets coming back.

My guess is that somehow my box (given and managed by Bouygues) changed something and blocks this traffic, perhaps because of protocol 41. My Linux router behind my box is configured as DMZ for my box and still receives all incoming packets (I'm self hosted and had no problems with incoming connections).

Is there some way to check if HE routes my ping requests and answers ? To know if the problem is really at my box ? If the problem is with my ISP, I guess it will be very hard to resolve... :-(

Cheers,
Francois
Logged