AYIYA tunnel on freebsd becomes unresponsive
Shadow Hawkins on Thursday, 16 October 2014 08:33:53
I'm running an AYIYA tunnel in pfsense via the sixxs-aiccu binary provided for FreeBSD (8.3?) as per the instructions here https://forum.pfsense.org/index.php?topic=62136.0 (this is mainly for integration in pfsense's web interface and doesn't impact the tunnel at all). The tunnel works great until it seems to fail after some time, more info below.
The pfsense box sets up a PPPoE connection to my DSL provider. Every 36 hours or so my provider breaks the session from its side. To prevent this I restart the PPPoE connection via a cron script every night at 4AM. I believe this is when the AYIYA tunnel becomes unresponsive, this is confirmed by the sixxs tunnel status page that lists 02:00 UTC as 'Last Alive' for my tunnel. After the PPPoE connection is live again, the sixxs-aiccu binary is still running, the tun0 interface is still available but there are no responses for outgoing IPv6 traffic.
For example pinging the PoP IPv6:
ping6 2a02:578:3fe:a7::1 & tcpdump -i tun0 -n ip6
[1] 68872
PING6(56=40+8+8 bytes) 2a02:578:3fe:a7::2 --> 2a02:578:3fe:a7::1
tcpdump: WARNING: tun0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type NULL (BSD loopback), capture size 96 bytes
10:15:00.292900 IP6 2a02:578:3fe:a7::2 > 2a02:578:3fe:a7::1: ICMP6, echo request, seq 1, length 16
10:15:01.000813 IP6 2a02:578:3fe:80a7::5 > 2001:500:2::c: ICMP6, echo request, seq 8, length 28
10:15:01.002903 IP6 2a02:578:3fe:a7::2 > 2a02:578:3fe:a7::1: ICMP6, neighbor solicitation, who has 2a02:578:3fe:a7::1, length 24
10:15:01.283050 IP6 2a02:578:3fe:a7::2 > 2a02:578:3fe:a7::1: ICMP6, echo request, seq 2, length 16
10:15:02.002351 IP6 2a02:578:3fe:80a7::5 > 2001:500:2::c: ICMP6, echo request, seq 9, length 28
10:15:02.003076 IP6 2a02:578:3fe:a7::2 > 2a02:578:3fe:a7::1: ICMP6, neighbor solicitation, who has 2a02:578:3fe:a7::1, length 24
Obviously resetting the PPPoE connection is giving the issue, however if I don't reset it I will get disconnected during the day at some point (which is unacceptable). As a work-around I kill and restart the sixxs-aiccu daemon via cron at 4:05AM as per this script https://gist.github.com/fvdnabee/4defa281bcb7fe676b56. Now Jeroen mentioned that I should read the FAQ, as you never ought to kill the daemon (it is designed to survive a large range of disconnection scenarios?).
I did read it and tried getting more output from the sixxs-aiccu binary as to what is happening around 4AM. So I ran sixxs-aiccu in screen over night (in non-daemon mode) in the hopes to get some output, however there is no such output. After the output from setting up the tunnel there is nothing extra. I put the entire output on pastebin: http://pastebin.com/99umpT34.
It is unclear to me what is happening in the sixxs-aiccu binary while I write this. I'm guessing it didn't hang, as kill <PID> does shut down sixxs-aiccu after 10 seconds or so. It might not have detected that my PPPoE connection was reset and this might be causing issues? I honestly don't know. Note that my WAN IPv4 address doesn't necessarily change when resetting the PPPoE connection. Also, verbose and heartsbeats are set to true in my sixxs-aiccu config. The latter should detect when the tunnel fails and reconnect, but this doesn't seem to be happening. I've put my config on http://pastebin.com/ShjE9J1H.
Any ideas? The cron work-around is pretty cumbersome. Instead I'd rather find an actual solution.
P.S. sixxs-aiccu version is
AICCU 2007.01.15-console-kame by Jeroen Massar
AYIYA tunnel on freebsd becomes unresponsive
Shadow Hawkins on Monday, 26 January 2015 12:18:55
I am not having issues with my FreeBSD (6.2) running sixxs-aiccu. I have managed 14 days before my box got rebooted, so my tunnel stays up. That script you mentioned at github appears to have a 10 second sleep in it and my guess is that it is your delay question. I would have a few questions about what is happening on your side. Is this a routing issue or is something else going on with the tunnel? Your logs only appear to be the startup and do not show anything on the sixxs-aiccu setup. I am not a big fan of 'kill -9' as that leaves some stuff behind. My guess is that your ISP is doing something else such as changing your IPv4 address.
Posting is only allowed when you are logged in. |