Print

[Nomadadon]

I've had my tunnel up for a good while, but sometime in the last few months, I don't know when it started happening, but after my firewall as been up for a week, give or take 3 days, it's random, it will just stop passing traffic.

Interface is up, routes are up, I can ping the remote IPv4 and the local IPv6, but 100% packet loss over the IPv6.  No changes to the firewall rules ( iptables ) or any config, it just starts dropping all packets.  As if I'm blocking a keepalive protocol I can't find docs on.  If I reboot my linux box, traffic resumes without issue.  If I down the interface and restart IPTables, no go, still dead.
 
Here's my config:

iface he-ipv6 inet6 v4tunnel
    # Bring up the actual tunnel
    address 2001:470:39:57c::2
    netmask 64
    endpoint 184.105.250.46
    #local `/usr/local/bin/GetExternalIP.sh`
    local 209.182.74.168
    ttl 255
    gateway 2001:470:39:57c::1
    post-up /etc/init.d/Firewall-6.sh restart
    #
    # For shutting down the interface
    down /sbin/ip route del ::/0 dev he-ipv6 2>/dev/null
    down /sbin/ifconfig he-ipv6 down 2>/dev/null
    down /sbin/ip link set he-ipv6 down 2>/dev/null
    post-down /sbin/ifconfig sit0 0.0.0.0 2>/dev/null
    post-down /sbin/ifconfig sit0 down 2>/dev/null
    post-down /sbin/ifconfig sit1 0.0.0.0 2>/dev/null
    post-down /sbin/ifconfig sit1 down 2>/dev/null
    post-down /sbin/modprobe -r sit 2>/dev/null

07:42:/home/nomad>ifconfig he-ipv6
he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 fe80::d1b5:4da8  prefixlen 64  scopeid 0x20<link>
        inet6 2001:470:39:57c::2  prefixlen 64  scopeid 0x0<global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 2504594  bytes 2856452096 (2.8 GB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1470748  bytes 248227701 (248.2 MB)
        TX errors 542  dropped 0 overruns 0  carrier 536  collisions 0

07:44:/home/nomad>ip -6 route
::1 dev lo proto kernel metric 256 pref medium
2001:470:39:57c::1 dev he-ipv6 metric 1024 pref medium
2001:470:39:57c::/64 dev he-ipv6 proto kernel metric 256 pref medium
2001:470:4b:57c::/64 dev em1 proto kernel metric 256 pref medium
fe80::/64 dev he-ipv6 proto kernel metric 256 pref medium
fe80::/64 dev enp9s4 proto kernel metric 256 pref medium
fe80::/64 dev em1 proto kernel metric 256 pref medium
fe80::/64 dev em1.5 proto kernel metric 256 pref medium
fe80::/64 dev em1.10 proto kernel metric 256 pref medium
fe80::/64 dev em1.99 proto kernel metric 256 pref medium
fe80::/64 dev em1.101 proto kernel metric 256 pref medium
default via 2001:470:39:57c::1 dev he-ipv6 metric 1024 onlink pref medium


07:42:/home/nomad>ping -c 3 184.105.250.46
PING 184.105.250.46 (184.105.250.46) 56(84) bytes of data.
64 bytes from 184.105.250.46: icmp_seq=1 ttl=59 time=8.85 ms
64 bytes from 184.105.250.46: icmp_seq=2 ttl=59 time=8.55 ms
64 bytes from 184.105.250.46: icmp_seq=3 ttl=59 time=8.60 ms

--- 184.105.250.46 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 8.553/8.668/8.854/0.132 ms

07:42:/home/nomad>ping -c 3 2001:470:39:57c::2
PING 2001:470:39:57c::2(2001:470:39:57c::2) 56 data bytes
64 bytes from 2001:470:39:57c::2: icmp_seq=1 ttl=64 time=0.070 ms
64 bytes from 2001:470:39:57c::2: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from 2001:470:39:57c::2: icmp_seq=3 ttl=64 time=0.059 ms

--- 2001:470:39:57c::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2035ms
rtt min/avg/max/mdev = 0.051/0.060/0.070/0.007 ms

07:42:/home/nomad>ping -c 3 2001:470:39:57c::1
PING 2001:470:39:57c::1(2001:470:39:57c::1) 56 data bytes

--- 2001:470:39:57c::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2041ms

[cholzhauer]

It does sound as if keep-alive is being blocked somehow.  I haven't seen a post of this type on here in a few years, but the solution then was just to create a cron job to run ping every so often. 

[Nomadadon]

I've got traffic flowing across it almost constantly though.

[Nomadadon]

Updated to the latest Ubuntu packages, kernel, etc.  Everything's working great, for about 6 days ( I set up a cron to reboot Monday morning at 4AM, this morning, Sunday, I've got no ipv6 again.

Any thoughts?

[mk01]

Nomadadon,

interesting what you are experiencing, because of one thing. I'm using HE tunnel for ... a long time. Since the day I set it up, the router was having hundreds of days uptime, no changes of any kind, basically a perfectly working blackbox. (router itself is very old jessie base install)

day before yesterday I suddenly realised, I'm without ip6 connectivity. did ifdown/up, revived the the tunnel with no issue. So forgot about it, then yesterday, the same happened.

Normally I would not think about it again, I mean for the years not knowing about it (= no issues), the history would turn those two incidents into dust quickly, right ?
But you are suddenly experiencing with no obvious reason as well, this can not be just random stuff anymore.

So - I don't have any solution as until I red your msg, there was no reason to dig deeper, at least this I was thinking.
So for now just - "you are not alone"

mk

[tomkep]

Could this be a reason:

triss:~> ping 209.182.74.168
PING 209.182.74.168 (209.182.74.168) 56(84) bytes of data.
From 185.48.8.110 icmp_seq=1 Destination Net Unreachable
From 185.48.8.110 icmp_seq=2 Destination Net Unreachable
From 185.48.8.110 icmp_seq=3 Destination Net Unreachable
From 185.48.8.110 icmp_seq=4 Destination Net Unreachable
From 185.48.8.110 icmp_seq=5 Destination Net Unreachable
From 185.48.8.110 icmp_seq=6 Destination Net Unreachable
^C
--- 209.182.74.168 ping statistics ---
6 packets transmitted, 0 received, +6 errors, 100% packet loss, time 14ms

It looks like your endpoint is unreachable for whatever reason. Maybe your provider if at fault here?