|
Ubuntu problems after reboot
![[de]](/s/countries/de.gif) Shadow Hawkins on Sunday, 26 July 2015 16:13:10
My configuration:
I have a Ubuntu server (14.4) acting as my tunnel endpoint. This server uses RADVD to announce IPv6 in my home network. My connection to the outside world is via a Cisco 886 router. The setup has been running for months (I have 96 tokens). I had to reboot the Ubuntu server yesterday and since then I'm having problems to bring up IPv6 connectivity. Some configs:
/etc/network/interfaces
auto sixxs
iface sixxs inet6 v4tunnel
address 2001:4dd0:ff00:1a58::2
netmask 64
endpoint 78.35.24.124
ttl 64
up ip link set mtu 1280 dev sixxs
up ip route add default via 2001:4dd0:ff00:1a58::1 dev sixxs
pre-up ip6tables-restore < /etc/network/ip6tables
post-down ip6tables-save > /etc/network/ip6tables
ifconfig sixxs
sixxs Link encap:IPv6-in-IPv4
inet6 addr: fe80::c0a8:155/64 Scope:Link
inet6 addr: 2001:4dd0:ff00:1a58::2/64 Scope:Global
inet6 addr: fe80::c0a8:7a01/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:2784 (2.7 KB)
/etc/aiccu.conf
username RSW16-SIXXS
password XXXXXXXX
protocol tic
server tic.sixxs.net
ipv6_interface sixxs
tunnel_id T154201
verbose false
daemonize true
automatic true
requiretls false
noconfigure true
And the iptables (ipv4)
rainer@microserver:~$ sudo iptables-save
# Generated by iptables-save v1.4.21 on Sun Jul 26 18:02:18 2015
*filter
:INPUT ACCEPT [139868:87409355]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [141307:83998962]
-A INPUT -s 78.35.24.124/32 -p ipv6 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
And ip6tables (ipv6)
rainer@microserver:~$ sudo ip6tables-save
# Generated by ip6tables-save v1.4.21 on Sun Jul 26 18:04:26 2015
*filter
:INPUT DROP [0:0]
:FORWARD DROP [532:45567]
:OUTPUT DROP [0:0]
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i sixxs -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i em1 -j ACCEPT
-A INPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A INPUT -s fe80::/10 -j ACCEPT
-A INPUT -d ff00::/8 -j ACCEPT
-A FORWARD -p ipv6-icmp -j ACCEPT
-A FORWARD -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A FORWARD -s 2001:4dd0:ff00:9a58::/64 -i br0 -o sixxs -m state --state NEW -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p ipv6-icmp -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o sixxs -j ACCEPT
-A OUTPUT -o em1 -j ACCEPT
-A OUTPUT -m rt --rt-type 0 --rt-segsleft 0 -j DROP
-A OUTPUT -s fe80::/10 -j ACCEPT
-A OUTPUT -d ff00::/8 -j ACCEPT
COMMIT
Some commands and responses:
rainer@microserver:~$ sudo aiccu tunnels
T154201 2001:4dd0:ff00:1a58::2 ayiya decgn01
rainer@microserver:~$ sudo aiccu test
rainer@microserver:~$ nothing happens
rainer@microserver:~$ sudo service aiccu restart
stop: Unknown instance:
aiccu start/running
rainer@microserver:~$
After the restart the /var/log/aiccu.log shows:
20152607 17:47:54 Starting SixXS Automatic IPv6 Connectivity Client Utility
20152607 17:47:54 Checking access to tic.sixxs.net:
20152607 17:47:54 OK
20152607 17:47:54 Command line: /usr/sbin/aiccu start
20152607 17:47:56 SixXS Automatic IPv6 Connectivity Client Utility started
/var/log/syslog shows:
Jul 26 17:47:55 microserver aiccu[13199]: Successfully retrieved tunnel information for T154201
Jul 26 17:47:56 microserver aiccu[13204]: AICCU running as PID 13204
Jul 26 17:47:56 microserver aiccu[13204]: [tun-start] Couldn't set interface name to sixxs: Invalid argument (22)
If I try:
rainer@microserver:~$ ping6 2001:4dd0:ff00:1a58::1
PING 2001:4dd0:ff00:1a58::1(2001:4dd0:ff00:1a58::1) 56 data bytes
From 2001:4dd0:ff00:1a58::2 icmp_seq=2 Destination unreachable: Address unreachable
From 2001:4dd0:ff00:1a58::2 icmp_seq=3 Destination unreachable: Address unreachable
^C
--- 2001:4dd0:ff00:1a58::1 ping statistics ---
3 packets transmitted, 0 received, +2 errors, 100% packet loss, time 2016ms
I'm now running into the TIC restart problem while debugging, and getting the
[SixXS] TIC client should not be auto-restarted (RSW16-SIXXS)
e.mail. So before continuing someone might have ideas on where to look for problems. Any ideas where to start?
Ubuntu problems after reboot
My connection to the outside world is via a Cisco 886 router
Why not terminate the tunnel there?
The setup has been running for months (I have 96 tokens)
96 is really not that much, that makes you poorer than the average of Chile and Argentina.
/etc/aiccu.conf
AICCU is totally irrelevant if you set up your tunnel with /etc/network/interfaces.
One either uses AICCU (for heartbeat or AYIYA tunnels) or define a static tunnel in /etc/network/interfaces.
rainer@microserver:~$ sudo aiccu tunnels T154201 2001:4dd0:ff00:1a58::2 ayiya decgn01
This shows you are using an AYIYA tunnel. As such those statements in /etc/network/interfaces are useless and likely only cause problems.
Note also that AYIYA != proto-41 and thus your "inet6 v4tunnel" won't work.
Jul 26 17:47:56 microserver aiccu[13204]: [tun-start] Couldn't set interface name to sixxs: Invalid argument (22)
Because the interfaces(5) version is already using it.
Nevertheless, why not let the Cisco do it's work?
Ubuntu problems after reboot
Shadow Hawkins on Monday, 27 July 2015 16:49:55
Hi,
sorry, my mistake. I was experimenting with a static sixxs on /etc/networks/interface and forgot to comment it out before the reboot. Bad to use the same names...
My connection to the outside world is via a Cisco 886 router Why not terminate the tunnel there? I have a dynamic IPv4. It changes every 24 hours. I need AYIYA/AICCU to keep it working. When I looked it a while ago, the Cisco IOS could only hold the static tunnels. I saw this:
Link to Heartbeat & IOS
to do this, I'd have to change the tunnel from AYIYA to heartbeat. This is fine, but I'd also have to do tcl scripting in IOS and use EEM. Never done it. Is there a simpler way?
Ubuntu problems after reboot
Bad to use the same names...
Bad to not clean an environment. Conflicting configurations is the number one cause of broken tunnels.
I need AYIYA/AICCU to keep it working.
Actually you need either the AYIYA or heartbeat protocols due to that.
AICCU is just a tool that implements them.
When I looked it a while ago, the Cisco IOS could only hold the static tunnels.
The heartbeat trick for IOS is as old as heartbeat itself, especially considering one can run a heartbeat tool on a host behind the NAT that the IOS box provides.
This is fine, but I'd also have to do tcl scripting in IOS and use EEM. Never done it.
Most people would state that it is something to learn. Actually given the wiki it is mostly just cut & paste.
Also there where people in these forums who used it.
Is there a simpler way?
* Native IPv6
* Fritz!Box -- just fill in username/tunnel-id + TIC password
* Not using a closed host as a Internet gateway: terminate connectivity directly on a Debian based host.
|
![[ch]](/s/countries/ch.gif)
on Sunday, 26 July 2015 17:23:24
Posting is only allowed when you are