• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

New tunnel up, but can't get past next hop.

Started by HQuest, June 16, 2016, 05:45:32 AM

Previous topic - Next topic


After a while of using the ISP provided 6to4 tunnel, I decided to go back to HE.net and apparently things aren't as smooth as they used to be. I was out for so long, my old tunnel was deleted. So, whatever, I created a new one. Set up the tunnel, configured the router, able to ping the other end of the tunnel, and that's it. Can't get past the first hop.

So I deleted that tunnel, and create another on a different tunnel server. Same issue. So I'm a bit confused now.

#traceroute 2001:470:0:63::2

Type escape sequence to abort.
Tracing the route to 2001:470:0:63::2

  1 2001:470:1F11:7F4::1 17 msec 0 msec 0 msec
  2  *  *  *
  3  *  *

I captured some traffic and got some ICMPv6 3 (Time Exceeded) Code 0 (Hop limit in transit) packets. Since I cannot capture on my WAN, and since the source of this ICMPv6 packet was indeed the other side of my tunnel IPv6 address, I'm assuming something's broken on the HE's end.

Suggestions are welcome.

Thanks and regards.


Double check your outgoing default route.  I can ping you from within the subnet, but not externally.  Routing all looks right on this side.


Fixed. Seems like it wasn't routing. Apart of the standard, basic configs provided by HE during tunnel setup, I had something else I've been poking around for a while, and HE's tunnels doesn't like it somehow: Unicast RPF strict mode.

Had to change to loose mode, and tunnel started working right away.

Back to the documentation... Thanks anyway kcochran :)