|
No ping response from PoP
![[ru]](/s/countries/ru.gif) Shadow Hawkins on Monday, 29 December 2014 13:52:15
Hello! I can't setup static 6in4 tunnel properly. At first, when i send ping6 request from my endpoint to PoP, it isn't responding, but local ping6 requests and regular ping is ok. I have a Zyxel keenetic giga 2 as DMZ host under NAT. It's can't traceroute, and i configuring it remotely, so help me please.
P.S. I've disabled my tunnel until i find any ideas.
No ping response from PoP
Hello! I can't setup static 6in4 tunnel properly.
What Operating System?
At first, when i send ping6 request from my endpoint to PoP, it isn't responding,
What addresses are involved, what is your running/active configuration?
but local ping6 requests and regular ping is ok.
What do you mean with 'local ping6 requests' and what with 'regular ping'?
I have a Zyxel keenetic giga 2 as DMZ host under NAT.
Proto-41 behind NAT is asking for problems. See the FAQ for the details. AYIYA exists for a reason.
No ping response from PoP
Shadow Hawkins on Monday, 29 December 2014 20:04:10What Operating System?
Zyxel have NDMS v2 firmware based on linux, but unfortunately that linux isn't editable, i can only select from vendor approved packages, there is not so many of them.
What addresses are involved, what is your running/active configuration?
(config)> show running-config
! $$$ Model: ZyXEL Keenetic Giga II
! $$$ Version: 2.0
! $$$ Agent: http/ci
! $$$ Last change: Mon, 29 Dec 2014 13:49:51 GMT
! $$$ Md5 checksum: 875c8d198fd2e480cbec89f291a873e2
system
set net.ipv4.ip_forward 1
set net.ipv4.tcp_fin_timeout 30
set net.ipv4.tcp_keepalive_time 120
set net.ipv4.netfilter.ip_conntrack_tcp_timeout_established 1200
set net.ipv4.netfilter.ip_conntrack_max 10240
set vm.swappiness 100
set net.ipv6.conf.all.forwarding 1
hostname Keenetic_Giga
clock date 29 Dec 2014 22:09:55
clock timezone Europe/Moscow
domainname WORKGROUP
!
ntp server 0.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org
known host Desktop 00:1d:7d:04:09:51
access-list _WEBADMIN_ISP
permit icmp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
permit tcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 port eq 23
permit tcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 port eq 80
permit tcp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
permit udp 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0
!
isolate-private
interface Switch0
port 4
mode access
access vlan 1
!
port 3
mode access
access vlan 1
!
port 2
mode access
access vlan 1
!
port 1
mode access
access vlan 1
!
port 0
mode access
access vlan 2
!
up
!
interface Switch0/VLAN1
description "Home VLAN"
security-level private
ip dhcp client dns-routes
ip dhcp client name-servers
up
!
interface Switch0/VLAN2
name ISP
description "Broadband connection"
mac address factory wan
security-level public
ip address dhcp
ip dhcp client dns-routes
ip dhcp client name-servers
ip access-group _WEBADMIN_ISP in
ip global 700
ipv6 address auto
ipv6 prefix auto
ipv6 name-servers auto
up
!
interface WifiMaster0
country-code RU
compatibility BGN
up
!
interface WifiMaster0/AccessPoint0
name AccessPoint
description "Wi-Fi access point"
mac access-list type none
security-level private
wps
authentication wpa-psk ns3 PNJRQeLlJVUYYedT/8FerYB/
encryption enable
encryption wpa2
ip dhcp client dns-routes
ip dhcp client name-servers
ssid Keenetic-1412
wmm
up
!
interface WifiMaster0/AccessPoint1
name GuestWiFi
description "Guest access point"
mac access-list type none
security-level private
ip address 10.1.30.1 255.255.255.0
ip dhcp client dns-routes
ip dhcp client name-servers
ssid Guest
wmm
down
!
interface WifiMaster0/AccessPoint2
mac access-list type none
security-level public
ip dhcp client dns-routes
ip dhcp client name-servers
down
!
interface WifiMaster0/AccessPoint3
mac access-list type none
security-level public
ip dhcp client dns-routes
ip dhcp client name-servers
down
!
interface WifiMaster0/WifiStation0
security-level public
encryption disable
ip address dhcp
ip dhcp client dns-routes
ip dhcp client name-servers
down
!
interface Bridge0
name Home
description "Home network (Wired and wireless hosts)"
inherit Switch0/VLAN1
include AccessPoint
security-level private
ip address 192.168.1.1 255.255.255.0
ip dhcp client dns-routes
ip dhcp client name-servers
ipv6 address auto
up
!
interface TunnelSixInFour0
description tunnel
ip remote 77.109.111.178
ipv6 address 2a02:578:5002:1ba::2
ipv6 prefix 2a02:578:5002:81ba::/64
ipv6 name-servers auto
ipv6 force-default
up
!
ip dhcp pool _WEBADMIN
range 192.168.1.33 192.168.1.52
bind Home
enable
!
ip dhcp pool _WEBADMIN_GUEST_AP
range 10.1.30.33 10.1.30.52
bind GuestWiFi
enable
!
ip dhcp host 00:1d:7d:04:09:51 192.168.1.2
ip arp 192.168.1.254 ff:ff:ff:ff:ff:ff
ip arp 192.168.1.254 ff:ff:ff:ff:ff:ff
ip nat Home
ip nat GuestWiFi
ip static udp ISP 9 192.168.1.254 9 !WOL
ip static tcp ISP 3389 192.168.1.2 3389 !RDP
ipv6 subnet Default
bind Home
number 0
mode slaac
debug
!
ipv6 local-prefix default
ppe
upnp lan Home
user admin
password md5 4b4e276668d8cb0082bf003542aa0f02
password nt c85ae31291f201a5f816e43dc428f4c7
tag cli
tag http
tag cifs
tag printers
!
service dhcp
service dns-proxy
service cifs
service http
service telnet
service ntp-client
service upnp
cifs
automount
permissive
!
printer 04e8:325b
name "Xerox Phaser 3117"
type cifs
port 9100
!
I get connection from my provider through GPON. GPON router D-Link DPN-r5402 have firmware customized by provider, so most of its options are cut out. It can forward ports, route packets to DMZ host(that is my choice), have NAT that i can't disable. So it is very poor device. Here is 192.168.0.0/24 covered with unstoppable NAT.
My Zyxel have 192.168.0.2 address in that subnet. From there it successfully takes internet connection, and, as soon as it configured as DMZ host, every single packet. It have its own 192.168.1.0/24 subnet which is my home network, so i can use all of my Zyxel services and i almost forget my provider for such a circumcision that they made to D-Link.
What do you mean with 'local ping6 requests' and what with 'regular ping'?
By local ping6 i mean ping to addresses like fd04:8c2d:6ab9:0:ee43:f6ff:fe04:ebc8, that Zyxel made without my permission. As i know, it is not public address, so i said it is local. And interface TunnelSixInFour0 successfully responding at ping6 as 2a02:578:5002:1ba::2
Proto-41 behind NAT is asking for problems. See the FAQ for the details. AYIYA exists for a reason.
I'm not sure i can configure AYIYA at Zyxel. There is only 6in4 option.
No ping response from PoP
Zyxel have NDMS v2 firmware based on linux, but unfortunately that linux isn't editable, i can only select from vendor approved packages, there is not so many of them.
If it contains any form of Linux then they have to comply with the GPL and provide it all...
Hence, ask with a lawyer tone where the source is.
Here is 192.168.0.0/24 covered with unstoppable NAT.
As you are behind a NAT you cannot control, your better option is to use AYIYA.
as soon as it configured as DMZ host, every single packet.
DMZ kind of setups typically fail at one point or another.
By local ping6 i mean ping to addresses like fd04:8c2d:6ab9:0:ee43:f6ff:fe04:ebc8, that Zyxel made without my permission.
That is a ULA address, some providers like to turn that on. Try finding a ULA option somewhere and turn it off.
I'm not sure i can configure AYIYA at Zyxel. There is only 6in4 option.
There are ZyXELs out there that have a AICCU client built-in...
|
![[ch]](/s/countries/ch.gif)
on Monday, 29 December 2014 15:17:25
Posting is only allowed when you are