Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Connection not working properly - Timeouts - no RX on Mikrotik  (Read 1463 times)

bjoernhoefer

  • Newbie
  • *
  • Posts: 2

Hi there,

as it is holiday season I've dedicated some spare time to getting my IPv6 Tunnel up and runnning again - and ran into the problem, that my tunnel can send data but never receives any data...

My setup:
912UAG-5HPnD
Sierra Wireless MC7710 3G/4G PCI Card for Internet-Connectivity
Several other clients (Other Mikrotik Routerboards and a Mac).

My IP address is dynamic so I've update it with a script found at the mikrotik-wiki which works fine (tested a few moments ago) - as soon my ip changes HE gets an update.

All clients are working fine with the provided internal scope: 2001:470:26:301::/64

But none of them is able to send requests beyond my internal borders...

If I try to ping the IPv6 2001:470:25:301::1 which is my default gateway - I'll get an timeout (tested on the router itself, another mikrotik router and my mac).

On the mikrotik router which holds the sit1 tunnel, I see packets leaving the interface - but none of them are getting back (absolutely zero - none...)

Also with wireshark I was able to see, that the packets are leaving - with the IPv6 destination 2001:470:25:301::1 and the IPv4 destination 216.66.80.98 - but nothing gets answered...

A few configurations from my mikrotik router:

Code: [Select]
ipv6 address print
Flags: X - disabled, I - invalid, D - dynamic, G - global, L - link-local
 #    ADDRESS                                     FROM-... INTERFACE        ADV
 0 DL fe80::e68d:8cff:fef7:af59/64                         VLAN666          no
 1 DL fe80::e68d:8cff:fef7:af59/64                         VLAN10           no
 2 DL fe80::e68d:8cff:fef7:af59/64                         VLAN1            no
 3 DL fe80::e68d:8cff:fef7:af59/64                         vlan666          no
 4 DL fe80::e68d:8cff:fef7:af59/64                         ether1           no
 5 DL fe80::4421:ccff:febe:507/64                          lte1             no
 6 DL fe80::200:5eff:fe00:101/64                           gw-vlan10        no
 7  G 2001:470:25:301::2/64                                sit1             no
 8  G 2001:470:26:301::1/64                                VLAN666          yes
 9 DL fe80::fefd:0/64                                      sit1             no

Code: [Select]
ipv6 route print   
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, o - ospf, b - bgp, U - unreachable
 #      DST-ADDRESS              GATEWAY                  DISTANCE
 0 A S  2000::/3                 2001:470:25:301::1              1
 1 ADC  2001:470:25:301::/64     sit1                            0
 2 ADC  2001:470:26:301::/64     VLAN666                         0

Code: [Select]
interface 6to4 print
Flags: X - disabled, R - running
 #       MTU ACTUAL-MTU LOCAL-ADDRESS   REMOTE-ADDRESS             
 0  R ;;; Hurricane Electric IPv6 Tunnel Broker
        1480       1480 178.112.22.4  216.66.80.98               

Code: [Select]
/ip firewall filter
add chain=input protocol=ipv6
add chain=input connection-state=established,related,new protocol=ipv6
add chain=output protocol=ipv6
add chain=input connection-state=established,related,new log=yes src-address=216.66.80.98
add chain=output dst-address=216.66.80.98
add chain=input comment="Allow limited pings" limit=50,2:packet protocol=icmp
add action=drop chain=input comment="Drop excess pings" protocol=icmp

Code: [Select]
/ipv6 firewall filter
add chain=output protocol=icmpv6
add chain=input protocol=icmpv6
add chain=output
add chain=input

In the firewall-counters I can see that traffic is going to 216.66.80.98 - but there is no traffic going back (

I've also talked with my internet-provider in advance - they do not filter out anything, as this can be disabled via self-servive portal (already done that ages ago).

I've also deleted my whole configuration and passed in the following configuration to my router (again).

Code: [Select]
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=178.112.22.4 mtu=1280 name=sit1 remote-address=216.66.80.98
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:25:301::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:25:301::2/64 advertise=no disabled=no eui-64=no interface=sit1


Here in this forum a few other posts were made with almost the same "errors" I've running into - strangely they did not get a lot of feedback, maybe someone can finally explain if this is a general problem, or how you could get rid of that.


Hopefully someone can help me.


Thanks in advance

Björn
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2715
Re: Connection not working properly - Timeouts - no RX on Mikrotik
« Reply #1 on: August 02, 2016, 06:09:20 PM »

I'll admit I did not study this in detail...have you emailed ipv6@he.net and asked them to look at your tunnel?  I've seen edge cases where the tunnel just doesn't get setup correctly.
Logged

bjoernhoefer

  • Newbie
  • *
  • Posts: 2
Re: Connection not working properly - Timeouts - no RX on Mikrotik
« Reply #2 on: August 03, 2016, 06:15:43 AM »

I've did - I'll keep this thread updated, if any news come in.

So far I've only received an acknowledgement mail by support.
Logged