• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Tunnel wont start. General Trouble Shooting?

Started by jeffsadowski, August 18, 2017, 09:38:58 AM

Previous topic - Next topic

jeffsadowski

I am using Ubuntu 16.04 and am trying to start an 1pv6 tunnel.
I logged into https://tunnelbroker.net/
clicked on my tunnel
went to example configuration tab
selected debian/ubuntu
and copy and pasted
into /etc/network/interfaces (as it suggested)
I did "ifup he-ipv6" and was expecting my tunnel.
I guess there is more to it?

I saw some more instructions here https://wiki.ubuntu.com/IPv6
talking about adding the first routed ip (noting it was differentfrom the ip I set as the gateway in the interfaces file) to my interfaces ipv6 tab and setting its gateway to the address ...:2 in my interfaces file.
I then restarted my main interface so it has the address I assigned.

Still no go.

What more do I need to do?

I can ping my local he-ipv6 ipv6 address but not the gateway ipv6 address.
are there some tcp ports I can test? (I can use ping to test)
are there udp things to test? (I don't know how to check UDP traffic)

cholzhauer

Can you paste the output of ifconfig and the commands you used to start the tunnel?

Is your ISP blocking proto41? Is your router?

jeffsadowski

#2
Quote from: cholzhauer on August 18, 2017, 12:05:24 PM
Can you paste the output of ifconfig and the commands you used to start the tunnel?

Is your ISP blocking proto41? Is your router?
# ifconfig
eno1      Link encap:Ethernet  HWaddr f8:b1:56:cd:d5:1a 
          inet addr:10.0.102.107  Bcast:10.0.103.255  Mask:255.255.252.0
          inet6 addr: 2001:470:d:bb3::1/64 Scope:Global
          inet6 addr: fe80::194e:35aa:8817:f95a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:39178902 errors:0 dropped:1 overruns:0 frame:0
          TX packets:31747934 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7471397493 (7.4 GB)  TX bytes:12864750080 (12.8 GB)
          Interrupt:20 Memory:f5100000-f5120000

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: fe80::40ea:a2de/64 Scope:Link
          inet6 addr: 2001:470:c:bb3::2/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:719 dropped:0 overruns:0 carrier:719
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:31420402 errors:0 dropped:0 overruns:0 frame:0
          TX packets:31420402 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:4232322361 (4.2 GB)  TX bytes:4232322361 (4.2 GB)

Isn't "ifup he-ipv6" suppose to start the tunnel?
Is your ISP blocking proto41? is there a way to test for this and how do I turn this off on a cisco asa?

divad27182

Quote from: jeffsadowski on August 18, 2017, 12:22:22 PM
Quote from: cholzhauer on August 18, 2017, 12:05:24 PM
Can you paste the output of ifconfig and the commands you used to start the tunnel?

Is your ISP blocking proto41? Is your router?
# ifconfig
eno1      Link encap:Ethernet  HWaddr f8:b1:56:cd:d5:1a 
          inet addr:10.0.102.107  Bcast:10.0.103.255  Mask:255.255.252.0
          inet6 addr: 2001:470:d:bb3::1/64 Scope:Global
          inet6 addr: fe80::194e:35aa:8817:f95a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:39178902 errors:0 dropped:1 overruns:0 frame:0
          TX packets:31747934 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:7471397493 (7.4 GB)  TX bytes:12864750080 (12.8 GB)
          Interrupt:20 Memory:f5100000-f5120000

I suspect you have two problems.

1) You are behind a NAT firewall, so data might not reach you.  If you haven't already, try configuring your gateway as the DMZ.  Also, try starting with traffic from inside (see problem 2), and hoping that the firewall opens a session for you.

2) You are behind a NAT firewall, so the provided configuration is not quite right.  Packets might not even be being sent.  Try removing the "local" definition in "/etc/network/interfaces".  (I think "local" is about bypassing the routing tables for the IPV4 traffic.)  Also, run dmesg to check for errors from the kernel.


Quote from: jeffsadowski on August 18, 2017, 12:22:22 PM
Isn't "ifup he-ipv6" suppose to start the tunnel?
Is your ISP blocking proto41? is there a way to test for this and how do I turn this off on a cisco asa?

"ifup he-ipv6" does start the tunnel, but doesn't tell any non-debian user anything.  Try running "ifup -v he-ipv6", which shows the actual commands used, along with other activities if-up performs.

I would also recommend trying packet capture (wireshark) on the external interface of your host.  See if packets are sent or received.  See if there are error packets or rejects.   etc...

I can't help you with the protocol blocking question.

--David

cholzhauer

As for proto41, you'd have to break out wireshark or call your ISP