Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Address unreachable  (Read 623 times)

KuoKongQingYun

  • Newbie
  • *
  • Posts: 2
    • View Profile
Address unreachable
« on: December 13, 2016, 07:01:39 PM »

I configure a tunnel on my "VPS1",but when I ping from "VPS2" to "VPS1",I "SOMETIMES" get:
Code: [Select]
[root@VPS2 ~]# ping6 VPS1.xxx.com
PING VPS1.xxx.com(xxxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net) 56 data bytes
From tserv1.ywg1.he.net icmp_seq=1 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=2 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=3 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=4 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=5 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=6 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=7 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=8 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=9 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=10 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=11 Destination unreachable: Address unreachable
From tserv1.ywg1.he.net icmp_seq=12 Destination unreachable: Address unreachable

When I got this,I ping from my "VPS1" to ipv6.google.com:
Code: [Select]
[root@VPS1 ~]# ping6 ipv6.google.com
PING ipv6.google.com(yyz08s10-in-x0e.1e100.net) 56 data bytes
64 bytes from yyz08s10-in-x0e.1e100.net: icmp_seq=1 ttl=59 time=5.51 ms
64 bytes from yyz08s10-in-x0e.1e100.net: icmp_seq=2 ttl=59 time=5.20 ms

Then I ping from VPS2 to VPS1 once again,and it become normal:
Code: [Select]
[root@VPS2 ~]# ping6 VPS1.xxx.com
PING VPS1.xxx.com(xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net) 56 data bytes
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=1 ttl=56 time=57.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=2 ttl=56 time=55.5 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=3 ttl=56 time=57.4 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=4 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=5 ttl=56 time=56.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=6 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=7 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=8 ttl=56 time=57.2 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=9 ttl=56 time=55.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=10 ttl=56 time=55.8 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=11 ttl=56 time=55.9 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=12 ttl=56 time=55.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=13 ttl=56 time=57.2 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=14 ttl=56 time=55.6 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=15 ttl=56 time=55.8 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=16 ttl=56 time=57.4 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=17 ttl=56 time=55.8 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=18 ttl=56 time=55.6 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=19 ttl=56 time=55.7 ms
64 bytes from xxx-1-pt.tunnel.tserv21.tor1.ipv6.he.net: icmp_seq=20 ttl=56 time=55.9 ms

But a few minutes later after no ipv6 connection exists,the problem appears again.

It looks like that the router of HE can't "remember" the "VPS1","VPS1" must connect to outer server forwardly,then router of HE can find the "VPS1" and outer server can reach VPS1.

I am sorry for my poor English.

What should I do to fix the problem?
« Last Edit: December 14, 2016, 06:56:02 AM by KuoKongQingYun »
Logged

kcochran

  • Sr. Network Engineer, Hurricane Electric
  • Administrator
  • Sr. Member
  • *****
  • Posts: 398
    • View Profile
Re: Address unreachable
« Reply #1 on: December 14, 2016, 09:13:14 AM »

6in4 tunnels are stateless.  There's nothing on our side to remember or forget, beyond the IPv4/IPv6 address of your side, and those are ultimately statically configured.  If you have to send out traffic to get the tunnel operating again, there's likely a stateful firewall for IPv4 involved on your side.  If you've got an IPv4 firewall configured on VPS1, ensure it has explicit permits for the tunnel server's IPv4 address, and isn't relying on something like conntrack.
Logged

KuoKongQingYun

  • Newbie
  • *
  • Posts: 2
    • View Profile
Re: Address unreachable
« Reply #2 on: December 14, 2016, 09:26:38 AM »

As you said,I stopped the service of IPv4 firewall,then it works excellently.
So,I just add a white rule to IPv4 firewall for the IPv4 address of the tunnel server, and the problem is solved.

Thank you so much!
« Last Edit: December 14, 2016, 09:37:52 AM by KuoKongQingYun »
Logged