|
Cisco IOS setup an heartbeat tunnel with dynamic IP
![[de]](/s/countries/de.gif) Shadow Hawkins on Monday, 06 April 2015 21:15:51
Hi,
i am testing currently an Cisco 886VA with IOS 15.3(3)M (advancedIP)
i downloaded the hearbeat.tar, modified the heartbeat.tcl as described here:
https://www.sixxs.net/wiki/Heartbeat_for_Cisco_IOS
afterwards i created the tunnel as forwarded from the above side here:
https://www.sixxs.net/faq/connectivity/?faq=ossetup&os=ciscoios
The tunnelinterface is up and line protocol is up, also when executing
tclsh flash:heartbeat6.tcl i don't get any errors beside no response to my ping.
also i am unable to transmit any data over the tunnel0, i even can't reach the remote tunnel endpoint.
also what i am wondering: in the second URL is noted:
"The manual methods described below only apply to static proto-41 tunnels. AYIYA and heartbeat tunnels require AICCU."
does this mean the heartbeat.tcl is outdated?
how can i make further testing for the heartbeat-tunnel with CiscoIOS?
best regards
thomas
Cisco IOS setup an heartbeat tunnel with dynamic IP
The tunnelinterface is up and line protocol is up,
There is no such thing as "line protocol is up" for tunnels. Unfortunately CIsco included that, but there is no "up" state for tunnels as there is no negotiation for that state.
Instead of stating "it is up", you might want to paste the output of your running configuration.
also i am unable to transmit any data over the tunnel0, i even can't reach the remote tunnel endpoint.
More details, like above, of your tunnel and setup would help a lot to help you.
The primary question always becomes: are you behind a NAT?
"The manual methods described below only apply to static proto-41 tunnels. AYIYA and heartbeat tunnels require AICCU."
That statement is only there as AICCU is the 'primary' implementation.
The various heartbeat scripts also work. The big problem with those scripts though is that when the heartbeat password changes one has to manually update it. AICCU uses TIC for retrieving the parameters.
According to the Live Tunnel Status for T83038 the tunnel pings sometimes at least.
But the primarily problem seen is:
Heartbeat Hash Fail : 749, last: 93.210.48.92 2015-04-07 09:06:00 (1428397560; 0 days 00:00:07 ago)
Hence, you seem to have configured something wrong there.
Cisco IOS setup an heartbeat tunnel with dynamic IP
Shadow Hawkins on Tuesday, 07 April 2015 15:37:39
Jeroen Massar wrote:
Instead of stating "it is up", you might want to paste the output of your running configuration.
interface Tunnel0
description IPv6 uplink to SixXS
no ip address
ipv6 address 2A01:1E8:E100:8::2/64
ipv6 enable
ipv6 mtu 1280
tunnel source Dialer2
tunnel mode ipv6ip
tunnel destination 85.236.202.138
!
ntp server de.pool.ntp.org
event manager applet RunHeartbeat6
event timer cron name RunHeartbeat6 cron-entry "* * * * *"
action 1.0 cli command "enable"
action 2.0 cli command "tclsh flash:heartbeat6.tcl"
> also i am unable to transmit any data over the tunnel0, i even can't reach the remote tunnel endpoint.
More details, like above, of your tunnel and setup would help a lot to help you.
tclsh flash:heartbeat6.tcl
HEARTBEAT TUNNEL 2a01:1e8:e100:8::2 sender xxxxx yyyyyyyyyyyy
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 2A01:1E8:E100:8::1, timeout is 2 seconds:
Packet sent with a source address of 2A01:1E8:E100:8::2
.
Success rate is 0 percent (0/1)
The primary question always becomes: are you behind a NAT?
no
Cisco IOS setup an heartbeat tunnel with dynamic IP
Note the last portion of the above reply:
According to the Live Tunnel Status for T83038 the tunnel pings sometimes at least.
But the primarily problem seen is:
Heartbeat Hash Fail : 749, last: 93.210.48.92 2015-04-07 09:06:00 (1428397560; 0 days 00:00:07 ago)
Hence, you seem to have configured something wrong there.
You likely have entered the wrong heartbeat password. Hence hashes are wrong and then the PoP is not going to bring up a tunnel for you.
Cisco IOS setup an heartbeat tunnel with dynamic IP
Shadow Hawkins on Tuesday, 07 April 2015 18:32:54
Jeroen Massar wrote:
You likely have entered the wrong heartbeat password. Hence hashes are wrong and then the PoP is not going to bring up a tunnel for you.
Hi Jeroen,
thank you for your reply. Just to be sure.
The hearbeat password is the "TIC Password for this tunnel" in the page "Tunnel Information for T83038"?
best regards
Thomas
Cisco IOS setup an heartbeat tunnel with dynamic IP
Shadow Hawkins on Tuesday, 07 April 2015 18:47:14
Thomas Stegbauer wrote:
Hi,
the tunnel is up:
Heartbeat-password != Tic-password
How is the heartbeat password generated?
can i change the heartbeat password?
just for other readers:
the heartbeat password can be readout in "Live Tunnel Status on the PoP" at the "Tunnel Information" page.
thank you
Thomas
Cisco IOS setup an heartbeat tunnel with dynamic IP
The hearbeat password is the "TIC Password for this tunnel" in the page "Tunnel Information for T83038"?
As per the wiki page, no.
See also our FAQ - Which password to use?
Cisco IOS setup an heartbeat tunnel with dynamic IP
![[fi]](/s/countries/fi.gif) Shadow Hawkins on Wednesday, 13 May 2015 20:24:57
Hello!
I have a working tunnel configuration with Cisco 891 with 154-3.M2 (Advanced IP services).
router#more flash:heartbeat6.tcl
# Written by Jakob Pfeiffer <code@pfeiffer.ws>
# Version 0.2 (2010-06-10)
package require md5
set localv6 "2001:xxxx:xxxx:xxxx::2"; # Your IPv6 (e.g. 2001:a60:ffff:1a2b::2
set password "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"; # Tunnel passphrase (see below)
set remotev4 "xx.xx.xx.xx"; # PoP IPv4 (e.g. 62.245.150.2)
set remotev6 "2001:xxxx:xxxx:xxxx::1"; # PoP IPv6 (e.g. 2001:a60:ffff:1a2b::1
# Sending heartbeat and IPv6 ping every 60 seconds.
set hb "HEARTBEAT TUNNEL $localv6 sender [clock second]"
set hbhash "$hb [string tolower [md5::md5 -hex "$hb $password"]]"
puts $hbhash; # Write to std out (debug only).
# Open new udp socket.
set sock1 [udp_open]
fconfigure $sock1 -remote [list $remotev4 3740]
puts $sock1 $hbhash; # Write to udp socket.
close $sock1
ping ipv6 $remotev6 repeat 1 source $localv6
#### END OF hearthbeat6.tcl
For the password, check that you have exactly the same password at Live Tunnel status at Txxxx -page:
Heartbeat Information (Heartbeat and AYIYA protocols only)
Last Heartbeat2015-05-13 20:17:00 (1431548220; 0 days 00:00:00 ago)
Heartbeat Passwordxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Before the TCL configuration, make sure you can actually ping the tunnel:
router#ping ipv6 2001:xxxx:xxxx:xxxx::1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:xxxx:xxxx:xxxx::1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/14/16 ms
Check that your tunnel is up from both IPv4 and IPv6 side:
router#show int tunnel 61
Tunnel61 is up, line protocol is up
Hardware is Tunnel
Description: 6in4 tunnel to SixXS
MTU 17920 bytes, BW 100000 Kbit/sec, RxBW 5000 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 13/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel linestate evaluation up
Tunnel source "My local IPv6 DHCP address from ISP" (GigabitEthernet0), destination Sixx's POP
router#show ipv6 int tunnel 61
Tunnel61 is up, line protocol is up
IPv6 is enabled, link-local address is FE80::xxxxxxxxxxxx
No Virtual link-local address(es):
Description: 6in4 tunnel to SixXS
Global unicast address(es):
2001:xxxx:xxxx:xxxx::2, subnet is 2001:xxxx:xxxx:xxxx::/64
Sami
Cisco IOS setup an heartbeat tunnel with dynamic IP
Shadow Hawkins on Wednesday, 13 May 2015 20:33:42
Also running heartbeat6.tcl (the version in the previous forum post) manually providers following output:
router#tclsh flash:heartbeat6.tcl
HEARTBEAT TUNNEL 2001:xxxx:xxxx:xxxx::2 sender 1234567890 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Type escape sequence to abort.
Sending 1, 100-byte ICMP Echos to 2001:xxxx:xxxx:xxxx::1, timeout is 2 seconds:
Packet sent with a source address of 2001:xxxx:xxxx:xxxx::2
!
Success rate is 100 percent (1/1), round-trip min/avg/max = 16/16/16 ms
Sami
PS: I'm having 1 public IPv4 IP from ISP via DHCP on Gigabit0 interface (WAN). I have private IPv4 network in the LAN interface and IPv4 NAT configured to the Gigabit0 interface.
Cisco IOS setup an heartbeat tunnel with dynamic IP
Shadow Hawkins on Wednesday, 13 May 2015 20:53:06
And if you're having access lists on your Cisco, permit protocol 41 from your pop and also ICMPv4. Here how I've done this.
interface GigabitEthernet0
description Cable Modem WAN
ip address dhcp hostname router
ip access-group inboundfilters in
ip access-list extended inboundfilters
<stuff removed>
permit 41 host <POP IP> any
permit icmp host <POP IP> any
<stuff removed>
Sami
|
![[ch]](/s/countries/ch.gif)
on Tuesday, 07 April 2015 09:06:37
Posting is only allowed when you are