• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

I Must Be Doing Something Wrong...

Started by debio, October 21, 2009, 09:41:52 PM

Previous topic - Next topic

debio

I can't seem to get a tunnel to work properly on my linux box. It's running the Armel port of Ubuntu 9.04, and I added this to /etc/network/interfaces:
# IPv6 via HE tunnel
auto he-ipv6
iface he-ipv6 inet6 v4tunnel
       endpoint   72.52.104.74
       local      10.0.0.2
       ttl        255
       address    2001:470:1f04:30b::2
       netmask    64
       mtu        1480
       up      ip -6 route add default dev he-ipv6
       down    ip -6 route del default dev he-ipv6



As you can see, my box is behind a router, but I've verified that the router can be pinged from the internet.
This interface is brought up with no apparant problems, but when I try ping, I get this:
$ ping6 ipv6.google.com
PING ipv6.google.com(qw-in-x68.1e100.net) 56 data bytes
^C
--- ipv6.google.com ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4006ms


I'm using OpenDNS, which may be returning a different address for ipv6.google.com, but when I try to add the ipv6 DNS server listed in my tunnel page to /etc/resolv.conf, DNS lookups against it always time out.
Also, should I be able to ping the server ipv6 address? I get this:

$ ping6 2001:470:1f04:30b::1
PING 2001:470:1f04:30b::1(2001:470:1f04:30b::1) 56 data bytes
^C
--- 2001:470:1f04:30b::1 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6005ms


These results are consistent. I tried taking the code directly from the HowTo topic and making this script:
modprobe ipv6
ipv4a=72.52.104.74
ipv4b=10.0.0.2
ipv6a=2001:470:1f04:30b::1
ipv6b=2001:470:1f04:30b::2

ip tunnel add he-ipv6 mode sit remote $ipv4a local $ipv4b ttl 255
ip link set he-ipv6 up
ip addr add $ipv6b dev he-ipv6
ip route add ::/0 dev he-ipv6


Running this as root doesn't give any different results.
The only odd behavior I've noticed is that I always wind up with an interface called sit0. It's down, but it's there, and I can't seem to delete it with "ip tunnel del sit0". I'm not sure what's going on there.

Edit:
Here's the output of "ifconfig -a":

debio@Cloud:~$ sudo ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:62:81:a0:00:00 
          inet addr:10.0.0.2  Bcast:10.255.255.255  Mask:255.0.0.0
          inet6 addr: fe80::262:81ff:fea0:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14334 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11490 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:10417128 (10.4 MB)  TX bytes:1461464 (1.4 MB)
          Interrupt:11

he-ipv6   Link encap:IPv6-in-IPv4 
          inet6 addr: 2001:470:1f04:30b::2/64 Scope:Global
          inet6 addr: fe80::a00:2/128 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:54 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:4603 (4.6 KB)

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1695 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1695 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:136185 (136.1 KB)  TX bytes:136185 (136.1 KB)

sit0      Link encap:IPv6-in-IPv4 
          NOARP  MTU:1480  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)


As you can see, he-ipv6 has received no data, and that zombie sit0 interface is still around.

broquea

Don't worry about sit0. There is a chance that whatever appliance you are behind that hands out the 10.x.x.x address might not pass Protocol41 to hosts behind it. Try putting the machine in it's DMZ, or check if the make/model has any remarks online about if it passes the protocol to hosts behind it.

jimb

Yep.  Looks like your NAT isn't forwarding IP proto 41 (6in4) traffic to your router box.  RX packets on that interface is zero.  Make sure iptables isn't blocking it.  And check ip6tables as well.

You may also want to try a lower MTU.  Something on your path to or back from the HE tunnel server may be dropping your packets because of that MTU.  Try something like 1280.