• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.


Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

tunnel dead on my end?

Started by funman, April 27, 2009, 09:01:20 AM

Previous topic - Next topic


I recently set up a tunnel on my new dedicated server running Linux (2.6.27-7), but for some reason it is unresponsive, after setting it up, I did a ping6 as I always do to check if it was configured properly, but I got the "Sendmsg: operation not permitted" error.

From experience I know this usually indicates a firewalling issue, so I disabled my firewall and tried again, but this didn't help, I asked my host if they ran any firewalls that might block it, which they assured me they don't.

Doing a traceroute from another of my tunnels shows that the last hop is at HE in New York, and an attempt at a route from the box in question doesn't receive a single hop.

Following is my ifconfig, in hopes that someone might be able to shed some light on all this (for the record if anyone tries doing any pings etc, my firewall is back up)
eth0      Link encap:Ethernet  HWaddr 00:30:48:b0:03:92
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::230:48ff:feb0:392/64 Scope:Link
          RX packets:2075685288 errors:0 dropped:476196 overruns:0 frame:0
          TX packets:2275918976 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:1383034641 (1.3 GB)  TX bytes:1155855121 (1.1 GB)

he-ipv6   Link encap:IPv6-in-IPv4
          inet6 addr: 2001:470:1f06:f62::2/64 Scope:Global
          inet6 addr: fe80::4593:e90a/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:11914422 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11914422 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1336204918 (1.3 GB)  TX bytes:1336204918 (1.3 GB)

I appreciate all help I can get, thanks in advance.


well, first of all, double check if your 'client endpoint' points to that your ipv4 address on the tunnel broker settings page. If the endpoint is not set as your actual and connecting IP address, no traffic will happen.

If you have several interfaces or IPs, you'd better specify on the tunnel (where you setup the sit1 or whatever interface with the server's ipv4 endpoint) the ipv4 address for the tunnel to bind to ( On 'iproute2' command, it would be something like:

ip tunnel add sit1 mode sit remote <your "Server IPv4 address"> local 
ip -6 addr add <your "Client IPv6 address"> dev sit1
ip -6 route add default add via <your "Server IPv6 address"> dev sit1

This way, even thought you may have not set up any route advertiser daemon, you must be able to ping6 somewhere outside the network (using your "Client IPv6 address").

It might be a dumb possibility, but maybe you cleared iptables rules but not ip6tables ones, or the chains' policies are DROP or something different than ACCEPT (which will make absent rules do the policy rule by default).

Sorry I don't mean you are a dumb or whatever on firewall I am just trying to figure out some possibilities to help you out. :) Sometimes we forget some simple things that makes the difference even though we can know lotsa things. (the fact there are lotsa things make it more vulnerable to a small gap)