routing problem fritz--sixxs
Shadow Hawkins on Wednesday, 19 March 2014 11:12:27
Hi,
I just set up a tunnel yesterday. I used a static tunnel first, but changed it do dynamic heartbeat.
My Fritz tells me, the tunnel is up, but I cannot ping it from outside, I can however ping PoP IPv6 fine.
ping6 tells me "Destination unreachable: No route" when I try to ping my fritz's ipv6 address.
2001:4dd0:ff00:1849::1 is pingable, 2001:4dd0:ff00:1849::2 is not.
According to live tunnel status, there are lots of HB Sender Mismatches.
The ability to look into my Fritz 6360 is very limited as it is a cable box from unity media, there is no telnetd or anything else I know about to log in to cli. The box doesn't even offer a ping test tool in it's web interface.
I know my fritzbox has two public IPs, one internal=dynamic I can't see in ther interface and one static my ISP programmed into the box. Maybe that's a problem?
I cannot determine which one gets uses by connections originating from the fritz itself.
Live Tunnel Status shows the static IP as "Outer Them"
How should I proceed to determine the problem?
routing problem fritz--sixxs
Jeroen Massar on Wednesday, 19 March 2014 15:45:59 the tunnel is up
What is the measure of the tunnel being 'up'?
but I cannot ping it from outside,
That can be because of a firewall rule on your end.
I can however ping PoP IPv6 fine.
What is the route taken?
ping6 tells me "Destination unreachable: No route" when I try to ping my fritz's ipv6 address. 2001:4dd0:ff00:1849::1 is pingable, 2001:4dd0:ff00:1849::2 is not.
What is the source address used for either, what is the route taken?
According to live tunnel status, there are lots of HB Sender Mismatches.
That is indicative that your tunnel is misconfigured.
The Live status also contains:
Last Heartbeat : never
Which indicates that the tunnel never was properly active as no valid heartbeat was ever received.
I know my fritzbox has two public IPs, one internal=dynamic I can't see in ther interface and one static my ISP programmed into the box. Maybe that's a problem?
Without more details on what you mean with that, there is little to say about the problem.
How should I proceed to determine the problem?
More details about your exact setup, actual configuration details of hosts (interfaces, routing tables etc) would be a good start. See also the "Reporting Problems Checklist" on the contact page.
routing problem fritz--sixxs
Shadow Hawkins on Thursday, 20 March 2014 16:50:41
Thanks for your quick reply.
Jeroen Massar wrote:
> the tunnel is up
What is the measure of the tunnel being 'up'?
My Fritzbox shows a green symbol plus a message saying "connected since 19.03.2014, 22:37 Uhr". In addition to that I see the assigned IPv6 Address and Prefix:
IPv6-Adresse: 2001:4dd0:ff00:1849::2, Gltigkeit: 4294967295/4294967295s,
IPv6-Prfix: 2001:4dd0:ff00:9849::/64, Gltigkeit: 4294967295/4294967295s
I realize now that from the PoP point of view, the tunnel is down.
(according to the "Live Tunnel Status")
> but I cannot ping it from outside,
That can be because of a firewall rule on your end.
I am traceroute6ing from a linux box in my home network, via fritzbox dsl router using 6to4, which works fine.
The route it takes is:
traceroute to 2001:4dd0:ff00:1849::1 (2001:4dd0:ff00:1849::1), 30 hops max, 80 byte packets
1 2002:5cc9:ba0a:0:be05:43ff:fe15:75ff (2002:5cc9:ba0a:0:be05:43ff:fe15:75ff) 0.513 ms 1.300 ms 1.547 ms
2 * * *
3 rtdecix-po1-2.netcologne.de (2001:7f8::20e6:0:1) 35.987 ms 36.988 ms 38.502 ms
4 core-sto2-te7-1.netcologne.de (2001:4dd0:a2b:72:dc30::c) 40.119 ms 43.675 ms 43.823 ms
5 core-eup2-te3-2.netcologne.de (2001:4dd0:a2b:23:dc40::1) 42.831 ms 43.889 ms 45.264 ms
6 swrt-eup2-vl503.netcologne.de (2001:4dd0:a2b:37:dc40::d) 46.720 ms 32.150 ms 33.216 ms
7 2001:4dd0:1234:3::42 (2001:4dd0:1234:3::42) 34.847 ms 35.272 ms 35.299 ms
8 gw-6218.cgn-01.de.sixxs.net (2001:4dd0:ff00:1849::1) 38.784 ms 38.812 ms 39.077 ms
The attempt to traceroute6 to the other side of the tunnel leads to:
traceroute to 2001:4dd0:ff00:1849::2 (2001:4dd0:ff00:1849::2), 30 hops max, 80 byte packets
1 2002:5cc9:ba0a:0:be05:43ff:fe15:75ff (2002:5cc9:ba0a:0:be05:43ff:fe15:75ff) 10.500 ms 10.492 ms 10.472 ms
2 * * *
3 rtdecix-po1-2.netcologne.de (2001:7f8::20e6:0:1) 37.049 ms 37.273 ms 38.947 ms
4 core-sto2-te7-1.netcologne.de (2001:4dd0:a2b:72:dc30::c) 40.263 ms 41.607 ms 42.859 ms
5 core-eup2-te3-2.netcologne.de (2001:4dd0:a2b:23:dc40::1) 44.210 ms 45.843 ms 46.729 ms
6 swrt-eup2-vl503.netcologne.de (2001:4dd0:a2b:37:dc40::d) 47.799 ms 34.629 ms 35.538 ms
7 2001:4dd0:1234:3::42 (2001:4dd0:1234:3::42) 37.154 ms 31.719 ms 32.945 ms
8 gw-6218.cgn-01.de.sixxs.net (2001:4dd0:ff00:1849::1) 32.529 ms !N 32.541 ms !N 31.218 ms !N
ping6 says:
PING 2001:4dd0:ff00:1849::2(2001:4dd0:ff00:1849::2) 56 data bytes
From 2001:4dd0:ff00:1849::1 icmp_seq=1 Destination unreachable: No route
I can however ping PoP IPv6 fine.
What is the route taken?
> ping6 tells me "Destination unreachable: No route" when I try to ping my fritz's ipv6 address.
In my Fritz there is not much to config, when selecteing SixXS as tunnel provider, all I have to enter is username, password and tunnel-id. Can't do much wrong here. The Fritzbox shows nothing in its log-output besides the allegedly successful tunnel-connection.
Looking at the "Live Tunnel Status" page it seems like the tunnel fails because of the HB mismatches. What I cannot see is what the mismatch actually is.
I have a feeling it could be because of the static IP I entered whne I first created the static tunnel which I changed later on to dynamic+heartbeat. (which should be correct for a fritzbox)
I now think that using the fritzbox for my tunnel was a mistake. It might be easy to configure but doesn't help a bit in diagnosing what is going on.
Maybe I should use a plain linux box or something like that.
2001:4dd0:ff00:1849::1 is pingable, 2001:4dd0:ff00:1849::2 is not.
What is the source address used for either, what is the route taken?
According to live tunnel status, there are lots of HB Sender Mismatches.
That is indicative that your tunnel is misconfigured.
The Live status also contains:
Last Heartbeat : never
Which indicates that the tunnel never was properly active as no valid heartbeat was ever received.
I know my fritzbox has two public IPs, one internal=dynamic I can't see in ther interface and one static my ISP programmed into the box. Maybe that's a problem?
Without more details on what you mean with that, there is little to say about the problem.
How should I proceed to determine the problem?
More details about your exact setup, actual configuration details of hosts (interfaces, routing tables etc) would be a good start. See also the "Reporting Problems Checklist" on the contact page.
routing problem fritz--sixxs
Jeroen Massar on Thursday, 20 March 2014 17:03:37 My Fritzbox shows a green symbol plus a message saying "connected since 19.03.2014, 22:37 Uhr"
Clearly shows that it does not means much ;)
Then again, they are not able to state anything else because there is no real 'up' state for protocol-41 based tunnels.
I am traceroute6ing from a linux box in my home network, via fritzbox dsl router using 6to4, which works fine. The route it takes is: traceroute to 2001:4dd0:ff00:1849::1 (2001:4dd0:ff00:1849::1), 30 hops max, 80 byte packets 1 2002:5cc9:ba0a:0:be05:43ff:fe15:75ff (2002:5cc9:ba0a:0:be05:43ff:fe15:75ff) 0.513 ms 1.300 ms 1.547 ms 2 * * *
You are using 6to4, note the above address in 2002::/16.
8 gw-6218.cgn-01.de.sixxs.net (2001:4dd0:ff00:1849::1) 32.529 ms !N 32.541 ms !N 31.218 ms !N
That just indicates that the tunnel is down. !N = no network.
Looking at the "Live Tunnel Status" page it seems like the tunnel fails because of the HB mismatches. What I cannot see is what the mismatch actually is.
Difficult to tell, as we do not know what AVM does. It is supposed to work. Best thing you can try is disabling the tunnel in the Fritz!Box and then re-enabling it again and hoping they refetch the data from TIC, maybe there is a mismatch there.
I now think that using the fritzbox for my tunnel was a mistake.
It normally works fine, try the above 'restart' and maybe that solves it.
routing problem fritz--sixxs
Shadow Hawkins on Thursday, 20 March 2014 19:10:51
Interesting. I switched my home-fritz to sixxs and it worked out of the box, literally ;-)
Either my cable ISP filters or the connection from another ip did the trick.
I will keep the tunnel up for a week or so and the try to change back.
Thanks for your help!
routing problem fritz--sixxs
Shadow Hawkins on Tuesday, 01 April 2014 08:44:10
Thomas Unger wrote:
Interesting. I switched my home-fritz to sixxs and it worked out of the box, literally ;-)
Either my cable ISP filters or the connection from another ip did the trick.
I will keep the tunnel up for a week or so and the try to change back.
Thanks for your help!
I did some testing today.
It seems my ISP (Unitymedia) has broken the Cable-Fritzs (running ISP modified firmware). A regular one has no problems with sixxs, a debian box behind my cable box works fine, too. The Cable-Fritz itself seems to not send heartbeat to the pop peer.
*sigh*
routing problem fritz--sixxs
Shadow Hawkins on Saturday, 05 April 2014 15:14:15
As far as I know with Unitymedia you already get native IPv6 paired with IPv4 via DS-Lite, see e.g. https://de-de.facebook.com/UnitymediaHilfe/posts/558947734132777. This might explain you problems with your Cable-Fritz due to its preconfigured DS-Lite.
Posting is only allowed when you are logged in. |