Print

[LEOPOLDLIU]

Hi. Newbie here.

I have some trouble when I try to set up a tunnel on my raspberry pi 3b+.

After created a tunnel, I copied the example configuration of Debian/Ubuntu, and pasted it into /etc/network/interfaces. Since my pi is behind a modem, on which I set a static IP 192.168.1.10 to my pi, so I changed the local address. I can ssh to the pi from another computer in my local network through this address.

Here is the out put of /etc/network/interfaces:

Code: [Select]

pi@raspberrypi:~ $ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:470:c:fbc::2
        netmask 64
        endpoint 66.220.18.42
        local 192.168.1.10
        ttl 255
        gateway 2001:470:c:fbc::1

I restarted my network using "sudo system networking restart", and get output of ifconfig:

Code: [Select]

en0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fdac:751d:4768:7800:18a8:bfef:8d8f:5eb5  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::223d:fd87:da7b:2aa0  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:4b:44:80  txqueuelen 1000  (Ethernet)
        RX packets 137  bytes 18378 (17.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 86  bytes 14018 (13.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 fe80::c0a8:10a  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:c:fbc::2  prefixlen 64  scopeid 0x0<global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b8:27:eb:1e:11:d5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

The number of RX/TX packets is 0, and when I did some ping test, the output is:

Code: [Select]

pi@raspberrypi:~ $ ping 66.220.18.42
PING 66.220.18.42 (66.220.18.42) 56(84) bytes of data.
64 bytes from 66.220.18.42: icmp_seq=1 ttl=53 time=173 ms
64 bytes from 66.220.18.42: icmp_seq=2 ttl=53 time=173 ms
64 bytes from 66.220.18.42: icmp_seq=3 ttl=53 time=173 ms
^C
--- 66.220.18.42 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 173.137/173.256/173.376/0.097 ms
pi@raspberrypi:~ $ ping6 ipv6.google.com
PING ipv6.google.com(tsa03s01-in-x0e.1e100.net (2404:6800:4008:802::200e)) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 160ms

pi@raspberrypi:~ $ ping6 2001:470:c:fbc::1
PING 2001:470:c:fbc::1(2001:470:c:fbc::1) 56 data bytes
^C
--- 2001:470:c:fbc::1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 232ms

That suggests I still can't get connection to any other ipv6 address.

When I go to troubeshoot by googling, some suggest to check if the NAT (modem in my case) let protocol 41 get through. But I have successfully set up a tunnel on my WIN10 laptop using similar configurations. They are both behind my modem, they are both simply set by using the example configuration with a replacement of local address.

I noticed that the tunnel only allowed one tunnel at a time, so I deleted the old tunnel and created a new one to test, but I still failed.

So I guess maybe there should be some furthur setting of raspi, which is diffrent from normal Debian/Ubuntu devices, but I still didn't find that. Hope you guys can help me out.

Any help is greatly appreciated.

[cholzhauer]

The first thing I saw is that you shouldn't have fdac:751d:4768:7800:18a8:bfef:8d8f:5eb5 assigned to your inside interface...that IP should be a member of the tunnel /64

Can you ping 2001:470:c:fbc::1 from your Pi?

What are the commands you used to create the tunnel on your Pi?

[LEOPOLDLIU]

I can't ping that gateway address, here is the output:

Code: [Select]

pi@raspberrypi:~ $ ping6  2001:470:c:fbc::1
PING 2001:470:c:fbc::1(2001:470:c:fbc::1) 56 data bytes
^C
--- 2001:470:c:fbc::1 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 217ms

The process I created the tunnel is:
1) editing the /etc/network/interfacs, pasting the example configuration to that file
2) restart the network by using "service networking restart"
3) I even tried reboot my pi, but it still didn't work

I tried another ifconfig test, turned out that I can transmit packages through he tunnel, but cannot receive from it.

Here's the output of ifconfig now:

Code: [Select]

en0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fdac:751d:4768:7800:18a8:bfef:8d8f:5eb5  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::223d:fd87:da7b:2aa0  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:4b:44:80  txqueuelen 1000  (Ethernet)
        RX packets 101  bytes 10755 (10.5 KiB)
        RX errors 0  dropped 5  overruns 0  frame 0
        TX packets 91  bytes 16525 (16.1 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 2001:470:c:fbc::2  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0a8:10a  prefixlen 64  scopeid 0x20<link>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6  bytes 624 (624.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b8:27:eb:1e:11:d5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

As for the address fdac:751d:4768:7800:18a8:bfef:8d8f:5eb5, I checked all my devices in local network, turned out they all had a address like that, which is fdac:751d:4768:7800:X:X:X:X

After I reset my modem, that address is disappeared, the output of ifconfig for now is:

Code: [Select]

pi@raspberrypi:~ $ ifconfig
en0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.10  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::223d:fd87:da7b:2aa0  prefixlen 64  scopeid 0x20<link>
        ether b8:27:eb:4b:44:80  txqueuelen 1000  (Ethernet)
        RX packets 864  bytes 79077 (77.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 341  bytes 52878 (51.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 2001:470:c:fbc::2  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::c0a8:10a  prefixlen 64  scopeid 0x20<link>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 24  bytes 2008 (1.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2  bytes 196 (196.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2  bytes 196 (196.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether b8:27:eb:1e:11:d5  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I installed nmap to scan the protocols, here is the result

Code: [Select]

pi@raspberrypi:~ $ sudo nmap -Pn -sO -p 1,6,17,41 -6 2001:470:c:fbc::1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-26 09:45 CST
Nmap scan report for tunnel557606.tunnel.tserv15.lax1.ipv6.he.net (2001:470:c:fbc::1)
Host is up.

PROTOCOL STATE         SERVICE
1        open|filtered icmp
6        open|filtered tcp
17       open|filtered udp
41       open|filtered ipv6

Nmap done: 1 IP address (1 host up) scanned in 3.24 seconds

pi@raspberrypi:~ $ sudo nmap -Pn -sO -p 1,6,17,41 66.220.18.42
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-26 09:54 CST
Nmap scan report for tserv1.lax1.he.net (66.220.18.42)
Host is up (0.17s latency).

PROTOCOL STATE         SERVICE
1        open          icmp
6        open          tcp
17       open          udp
41       open|filtered ipv6

Nmap done: 1 IP address (1 host up) scanned in 2.76 seconds

Does the state "open|filtered" mean ipv6 service is filtered so i can't get access to any ipv6 address?

[snarked]

Your modem is doing NAT for IPv4.  Either disable it, move the tunnel to the modem, or enable a “DMZ” function for the pi.

[custompcs]

Your modem is doing NAT for IPv4.  Either disable it, move the tunnel to the modem, or enable a “DMZ” function for the pi.

Hi, I have the same problem, I did as suggested and DMZ'd the select RPi. Firewalled it for IPv6/4. everything worked after I set the DMZ IP and rebooted my router. but in under 1 hour the tunnel was dead. I couldn't icmp in or out and the portscan said this:

Code: [Select]

Starting Nmap 7.01 ( https://nmap.org ) at 2020-05-24 16:36 PDT
Nmap scan report for 2001:470:1f07:561::2020
Host is up.
All 1000 scanned ports on 2001:470:1f07:561::2020 are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.40 seconds

note: the previous scan when working showed port 113 open as it should be. but now nothing.

[tjeske]

Why should port 113 be open?

Do you have a dynamically assigned IPv4? Maybe your public IPv4 changed. If that happens, you have to restart the tunnel with the new public IPv4.