• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Unable to get tunnel on fedora-37

Started by jinternux, June 13, 2023, 09:59:17 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

jinternux

June 13, 2023, 09:59:17 AM
Hello,

I'm trying hard to get my tunnel up'n'running, but I end with unreachable network:
Code Select
PING google.com(REMOTE_SRV.1e100.net (2a00:1450:400a:808::200e)) 56 data bytes
From gw.xx.yy.ch (2001:470:xx:zz::2) icmp_seq=1 Destination unreachable: Address unreachable
From gw.xx.yy.ch (2001:470:xx:zz::2) icmp_seq=2 Destination unreachable: Address unreachable
My setup is as follow:
ISP modem -> gw -> LAN

As far as I can tell, my ISP doesn't support protocol 41 (at least tcpdump -i eno2 -n protocol 41 doesn't show anything), meaning I should use my external, public IP according to the note in the example scripts.

I've used this:

Code Select
MY_IP=$(dig @resolver1.opendns.com myip.opendns.com +short)

ip tunnel add hev6 mode sit remote (remote_endpoint_ip) local $MY_IP ttl 255
ip link set hev6 up
ip addr add 2001:470:xx:zz::2/64 dev hev6
ip route add ::/0 dev hev6

the route seems correct:
Code Select
[root@gw ~]# ip -6 ro
::1 dev lo proto kernel metric 256 pref medium
2001:470:xx:zz::/64 dev hev6 proto kernel metric 256 pref medium
[... local link routing ...]
default dev hev6 metric 1024 pref medium

and configured interface as well:
Code Select
15: hev6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 state UNKNOWN qlen 1000
    inet6 2001:470:xx:zz::2/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::59d9:186c/64 scope link
       valid_lft forever preferred_lft forever

I'm probably missing something - but I can't figure what :/.

Thank you for your help - and, of course, if I'm missing any important details, please lemme know!

Cheers,

C.

snarked

#1
June 14, 2023, 07:18:39 AM
Does it work when you try this:

ip -6 route add default gw 2001:470:xx:zz::1 dev hev6

?

jinternux

#2
June 14, 2023, 10:12:58 AM
Hello Snarked,

Nope, doesn't work either (tested yesterday already while trying to understand the issue).

As a matter of fact, I'm unable to ping the gateway itself...

I think there's something crappy either with my ISP modem (it's a zyxel fiber box, my firewall/gateway is configured to be in its "dmz", meaning it SHOULD be exposed as-is on the Internet), or at my ISP level (Sunrise, a Swiss provider). But I'm unable to discover what may be wrong :(.

Note, the script I pasted in my first post is a slightly modified copy of the one provided by HE directly - mostly, I changed the interface name to be shorter.

Cheers,

C.
Print
Go Up Pages1
User actions