|
I don't understand the function of the tool
![[nl]](/s/countries/nl.gif) Carmen Sandiego on Thursday, 17 March 2016 08:14:34
Hi guys,
A couple of days ago I noticed my ipv6 connection was broken. The whole thing worked fine for over a year but suddenly stopped working. There might have been some Debian updates, I can't remember. It is a vanilla debian/aiccu setup. The firewall allows all outgoing traffic and incomping icmp.
I did some basic troubleshooting but now I seem to be stuck.
I can ping the local side of my tunnel, but not the remote side. 'sudo aiccu test' concluded the same.
Aiccu in verbose mode gives the following output:
maarten@macaroni:~$ sudo /usr/sbin/aiccu start /etc/aiccu.conf
sock_getline() : "200 SixXS TIC Service on nlhaa01.sixxs.net ready (https://www.sixxs.net)"
sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/4.3.0-1-amd64"
sock_getline() : "200 Client Identity accepted"
sock_printf() : "get unixtime"
sock_getline() : "200 1458199992"
sock_printf() : "starttls"
sock_getline() : "200 Go ahead, we are now talking securely"
TLS Handshake completed successfully
sock_printf() : "username MTY13-SIXXS"
sock_getline() : "200 MTY13-SIXXS choose your authentication challenge please"
sock_printf() : "challenge md5"
sock_getline() : "200 fc0fa0746f0dfb7eaa254dc495134fcf"
sock_printf() : "authenticate md5 6ac6ce793a695fa7969809dc418c0305"
sock_getline() : "200 Successfully logged in using md5 as MTY13-SIXXS (Maarten Tromp)"
sock_printf() : "tunnel show T163173"
sock_getline() : "201 Showing tunnel information for T163173"
sock_getline() : "TunnelId: T163173"
sock_getline() : "Type: 6in4-static"
sock_getline() : "IPv6 Endpoint: 2001:1af8:fe00:4f0::2"
sock_getline() : "IPv6 POP: 2001:1af8:fe00:4f0::1"
sock_getline() : "IPv6 PrefixLength: 64"
sock_getline() : "Tunnel MTU: 1280"
sock_getline() : "Tunnel Name: Home"
sock_getline() : "POP Id: nlhaa01"
sock_getline() : "IPv4 Endpoint: 77.173.85.103"
sock_getline() : "IPv4 POP: 94.75.219.73"
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "202 Done"
Successfully retrieved tunnel information for T163173
sock_printf() : "QUIT Better Off Dead"
Tunnel Information for T163173:
POP Id : nlhaa01
IPv6 Local : 2001:1af8:fe00:4f0::2/64
IPv6 Remote : 2001:1af8:fe00:4f0::1/64
Tunnel Type : 6in4-static
Adminstate : enabled
Userstate : enabled
It's the QUIT part that worries me. is it supposed to do that? The QUIT message is different every time. I expected the daemon to keep running on the foreground. Anyway, ping still doesn't work, but the sixxs interface is up.
Can anyone help me out?
Cheers,
Maarten
I don't understand the function of the tool
It's the QUIT part that worries me. is it supposed to do that?
It is a static tunnel, there is nothing more to do.
Actually, you should not be using AICCU at all in this situation. You can just configure the static tunnel details in /etc/network/interfaces. See the FAQ for the details.
The QUIT message is different every time.
Because it randomizes the message. It is the QUIT message it tells to the TIC server that it is exiting.
I expected the daemon to keep running on the foreground.
As there is nothing to do, why would it?
Anyway, ping still doesn't work, but the sixxs interface is up.
There can be many many reasons for that. Most likely though you are behind a NAT or some kind of firewall. As you are not providing any details, no real comment can be made about it though.
tunnel stopped working (debian, aiccu, NAT)
Carmen Sandiego on Thursday, 17 March 2016 08:36:03
Hi Jeroen,
It's the QUIT part that worries me. is it supposed to do that? It is a static tunnel, there is nothing more to do.
Okay, my bad.
Actually, you should not be using AICCU at all in this situation. You can just configure the static tunnel details in /etc/network/interfaces. See the FAQ for the details.
I tried that as well, but the result is the same. When everything is setup in /etc/network/interfaces the interface is up, the routing is there, but no traffic to the other side of the tunnel.
Anyway, ping still doesn't work, but the sixxs interface is up. There can be many many reasons for that. Most likely though you are behind a NAT or some kind of firewall. As you are not providing any details, no real comment can be made about it though.
Yes, my computer is connected to an ADSL modem/router (Zyxel P-2812HNU-F1, Telfort) running NAT. There is no firewall on the modem/router, but I use iptables/ip6tables on my computer. All outgoing traffic is allowed and incoming icmp.
The current setup has worked for over a year but suddenly stopped working a couple of days ago.
Are there some more things I can check? What kind of details do you need?
Cheers,
Maarten
tunnel stopped working (debian, aiccu, NAT)
I tried that as well, but the result is the same. When everything is setup in /etc/network/interfaces the interface is up, the routing is there, but no traffic to the other side of the tunnel.
Without details, like those requested by those big yellow/orange banners shown while posting (I am still wondering over all these years how the heck people miss those and do not provide the required information) there is little anyone can state about it.
Yes, my computer is connected to an ADSL modem/router (Zyxel P-2812HNU-F1, Telfort) running NAT.
If you are behind a NAT, a static tunnel will not work unless specific configuration on the NAT device happens.
There is no firewall on the modem/router,
NAT is a state/connection tracker that acts like (but is not) a firewall.
All outgoing traffic is allowed and incoming icmp.
As it is a NAT, per default only connections that are build up from the inside are allowed to be returned back. Most NAT boxes only do that for TCP and UDP and nothing else. You are only getting a little bit of the Internet.
The current setup has worked for over a year but suddenly stopped working a couple of days ago.
Maybe your ISP has decided to change something?
Are there some more things I can check? What kind of details do you need?
See those big yellow/orange boxes when posting, they are there for a reason...
tunnel stopped working (debian, aiccu, NAT)
Carmen Sandiego on Thursday, 17 March 2016 09:11:40
Hi Jeroen,
I tried that as well, but the result is the same. When everything is setup in /etc/network/interfaces the interface is up, the routing is there, but no traffic to the other side of the tunnel. Without details (...) there is little anyone can state about it. I added some more details further down.
Yes, my computer is connected to an ADSL modem/router (Zyxel P-2812HNU-F1, Telfort) running NAT. If you are behind a NAT, a static tunnel will not work unless specific configuration on the NAT device happens. What kind of special configuration? The router is a cheap consumer modem/router, provided by my ISP. Unfortunately there are not many configuration options.
There is no firewall on the modem/router NAT is a state/connection tracker that acts like (but is not) a firewall. Yes, I know what NAT is. The modem/routers also provides a firewall, which is disabled.
All outgoing traffic is allowed and incoming icmp. As it is a NAT, per default only connections that are build up from the inside are allowed to be returned back. Most NAT boxes only do that for TCP and UDP and nothing else. You are only getting a little bit of the Internet. The firewall I mentioned is on my computer, not on the modem/router. I just disabled the firewall on my computer (set iptables to allow everything), but it makes no difference.
The current setup has worked for over a year but suddenly stopped working a couple of days ago. Maybe your ISP has decided to change something? That is always a possibility. I would like to get the tunnel up and running again in the new situation though.
Are there some more things I can check? What kind of details do you need? See those big yellow/orange boxes when posting, they are there for a reason... Such a comment is not really helpful. I noticed the boxes and I would like to supply all kinds of details, but WHICH details exactly? Let me give it a try:
maarten@macaroni:~$ (0) cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
# bridge interface is used to connect a virtual machine
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_fd 0
bridge_maxwait 0
auto sixxs
iface sixxs inet6 v4tunnel
address 2001:1af8:fe00:4f0::2
netmask 64
endpoint 94.75.219.73
ttl 64
mtu 1280
gateway 2001:1af8:fe00:4f0::1
maarten@macaroni:~$ (0) ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::21e:8cff:fef2:5376 prefixlen 64 scopeid 0x20<link>
ether 00:1e:8c:f2:53:76 txqueuelen 1000 (Ethernet)
RX packets 14722509 bytes 16899205717 (15.7 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9617590 bytes 9263311298 (8.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:1e:8c:f2:53:76 txqueuelen 1000 (Ethernet)
RX packets 16432443 bytes 17881957272 (16.6 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14774031 bytes 9753559960 (9.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 20 memory 0xfe500000-fe520000
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 2095040 bytes 4525495062 (4.2 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2095040 bytes 4525495062 (4.2 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
sixxs: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1280
inet6 fe80::c0a8:148 prefixlen 64 scopeid 0x20<link>
inet6 2001:1af8:fe00:4f0::2 prefixlen 64 scopeid 0x0<global>
sit txqueuelen 0 (IPv6-in-IPv4)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3 bytes 312 (312.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
veth1KYNOV: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc79:a6ff:fe9a:1332 prefixlen 64 scopeid 0x20<link>
ether fe:79:a6:9a:13:32 txqueuelen 1000 (Ethernet)
RX packets 2091101 bytes 326733348 (311.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2674544 bytes 491048783 (468.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
maarten@macaroni:~$ (0) route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
maarten@macaroni:~$ (0) route -6n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:1af8:fe00:4f0::1/128 :: U 1024 1 4 sixxs
2001:1af8:fe00:4f0::/64 :: Un 256 0 0 sixxs
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 veth1KYNOV
fe80::/64 :: Un 256 0 0 sixxs
::/0 2001:1af8:fe00:4f0::1 UG 1024 1 4 sixxs
::/0 :: !n -1 1108184 lo
::1/128 :: Un 0 5 4937 lo
2001:1af8:fe00:4f0::2/128 :: Un 0 1 0 lo
fe80::c0a8:148/128 :: Un 0 1 0 lo
fe80::21e:8cff:fef2:5376/128 :: Un 0 1 0 lo
fe80::fc79:a6ff:fe9a:1332/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 4 98837 br0
ff00::/8 :: U 256 4 3898 veth1KYNOV
ff00::/8 :: U 256 0 0 sixxs
::/0 :: !n -1 1108184 lo
maarten@macaroni:~$ (0) sudo iptables -vnL
Chain INPUT (policy ACCEPT 4273 packets, 3618K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2116 packets, 187K bytes)
pkts bytes target prot opt in out source destination
maarten@macaroni:~$ (0) sudo ip6tables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3 packets, 312 bytes)
pkts bytes target prot opt in out source destination
maarten@macaroni:~$ (0) ping -c3 tic.sixxs.net
PING tic.sixxs.net (94.75.219.73) 56(84) bytes of data.
64 bytes from nlhaa01.sixxs.net (94.75.219.73): icmp_seq=1 ttl=54 time=23.8 ms
64 bytes from nlhaa01.sixxs.net (94.75.219.73): icmp_seq=2 ttl=54 time=22.9 ms
64 bytes from nlhaa01.sixxs.net (94.75.219.73): icmp_seq=3 ttl=54 time=23.6 ms
--- tic.sixxs.net ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 22.991/23.500/23.889/0.416 ms
maarten@macaroni:~$ (0) ping -c3 2001:1af8:fe00:4f0::2
PING 2001:1af8:fe00:4f0::2(2001:1af8:fe00:4f0::2) 56 data bytes
64 bytes from 2001:1af8:fe00:4f0::2: icmp_seq=1 ttl=64 time=0.080 ms
64 bytes from 2001:1af8:fe00:4f0::2: icmp_seq=2 ttl=64 time=0.058 ms
64 bytes from 2001:1af8:fe00:4f0::2: icmp_seq=3 ttl=64 time=0.060 ms
--- 2001:1af8:fe00:4f0::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.058/0.066/0.080/0.009 ms
maarten@macaroni:~$ (0) ping -c3 2001:1af8:fe00:4f0::1
PING 2001:1af8:fe00:4f0::1(2001:1af8:fe00:4f0::1) 56 data bytes
--- 2001:1af8:fe00:4f0::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms
maarten@macaroni:~$ (0) sudo cat /etc/aiccu.conf
# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
# AICCU Configuration
# Login information (defaults: none)
username MTY13-SIXXS
password xxxxxxxx
# Protocol and server to use for setting up the tunnel (defaults: none)
protocol tic
server tic.sixxs.net
# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface sixxs
# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
tunnel_id T163173
# Be verbose? (default: false)
#verbose false
verbose true
# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
#
# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
#daemonize true
daemonize false
# Automatic Login and Tunnel activation?
automatic true
# Require TLS?
# When set to true, if TLS is not supported on the server
# the TIC transaction will fail.
# When set to false, it will try a starttls, when that is
# not supported it will continue.
# In any case if AICCU is build with TLS support it will
# try to do a 'starttls' to the TIC server to see if that
# is supported.
requiretls false
# PID File
#pidfile /var/run/aiccu.pid
# Add a default route (default: true)
defaultroute true
# Script to run after setting up the interfaces (default: none)
#setupscript /usr/local/etc/aiccu-subnets.sh
# Make heartbeats (default true)
# In general you don't want to turn this off
# Of course only applies to AYIYA and heartbeat tunnels not to static ones
makebeats true
# Don't configure anything (default: false)
#noconfigure true
# Behind NAT (default: false)
# Notify the user that a NAT-kind network is detected
behindnat true
# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
#
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
#local_ipv4_override
maarten@macaroni:~$ (0) sudo /usr/sbin/aiccu start /etc/aiccu.conf
sock_getline() : "200 SixXS TIC Service on nlhaa01.sixxs.net ready (https://www.sixxs.net)"
sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/4.3.0-1-amd64"
sock_getline() : "200 Client Identity accepted"
sock_printf() : "get unixtime"
sock_getline() : "200 1458205707"
sock_printf() : "starttls"
sock_getline() : "200 Go ahead, we are now talking securely"
TLS Handshake completed successfully
sock_printf() : "username MTY13-SIXXS"
sock_getline() : "200 MTY13-SIXXS choose your authentication challenge please"
sock_printf() : "challenge md5"
sock_getline() : "200 bb8da0e0828268a1bd2ea441d89c4eb0"
sock_printf() : "authenticate md5 86e0b177870d864d0fc0982a8e1ec1ba"
sock_getline() : "200 Successfully logged in using md5 as MTY13-SIXXS (Maarten Tromp)"
sock_printf() : "tunnel show T163173"
sock_getline() : "201 Showing tunnel information for T163173"
sock_getline() : "TunnelId: T163173"
sock_getline() : "Type: 6in4-static"
sock_getline() : "IPv6 Endpoint: 2001:1af8:fe00:4f0::2"
sock_getline() : "IPv6 POP: 2001:1af8:fe00:4f0::1"
sock_getline() : "IPv6 PrefixLength: 64"
sock_getline() : "Tunnel MTU: 1280"
sock_getline() : "Tunnel Name: Home"
sock_getline() : "POP Id: nlhaa01"
sock_getline() : "IPv4 Endpoint: 77.173.85.103"
sock_getline() : "IPv4 POP: 94.75.219.73"
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "202 Done"
Successfully retrieved tunnel information for T163173
sock_printf() : "QUIT Solitary"
Tunnel Information for T163173:
POP Id : nlhaa01
IPv6 Local : 2001:1af8:fe00:4f0::2/64
IPv6 Remote : 2001:1af8:fe00:4f0::1/64
Tunnel Type : 6in4-static
Adminstate : enabled
Userstate : enabled
maarten@macaroni:~$ (0) curl --silent http://watismijnip.nl/ | grep 'title'
<title>www.WatIsMijnIP.nl -> 77.173.85.103</title>
Is there more information you need?
Cheers,
Maarten
tunnel stopped working (debian, aiccu, NAT)
Maarten Tromp wrote:
>> Yes, my computer is connected to an ADSL modem/router (Zyxel P-2812HNU-F1, Telfort) running NAT. >If you are behind a NAT, a static tunnel will not work unless specific configuration on the NAT device happens. What kind of special configuration? The router is a cheap consumer modem/router, provided by my ISP. > Unfortunately there are not many configuration options.
One can check for DMZ mode, but that typically fails also in mysterious ways and actually makes the NAT part of your connection more magic than what you want, next to exposing your internal host completely.
>> There is no firewall on the modem/router >NAT is a state/connection tracker that acts like (but is not) a firewall. Yes, I know what NAT is. The modem/routers also provides a firewall, which is disabled.
You might know what it is, but you clearly do not know how it works (but then again, not many folks actually do).
>> All outgoing traffic is allowed and incoming icmp. >As it is a NAT, per default only connections that are build up from the inside are allowed to be returned back. Most NAT boxes only do that for TCP and UDP and nothing else. You are only getting a little bit of the Internet. The firewall I mentioned is on my computer, not on the modem/router. I just disabled the firewall on my > computer (set iptables to allow everything), but it makes no difference.
There is a point in the big list noting using Wireshark which would show you why.
Of course the counters in iptables would tell you a similar story; your NAT box is not passing proto-41 packets.
>> The current setup has worked for over a year but suddenly stopped working a couple of days ago. > Maybe your ISP has decided to change something? That is always a possibility. I would like to get the tunnel up and running again in the new situation though.
If your ISP is blocking or otherwise doing naughty things, that will be hard if you insist on using a static tunnel which is not meant for usage over a NAT. See the FAQ for more details.
>> Are there some more things I can check? What kind of details do you need? >See those big yellow/orange boxes when posting, they are there for a reason... Such a comment is not really helpful. I noticed the boxes and I would like to supply all kinds of details, but WHICH details exactly? Let me give it a try:
What about ALL of the details as clearly stated in several places?
auto sixxs iface sixxs inet6 v4tunnel
Why do you have this there, and also trying to use AICCU?
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255 [..]
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255
You really cannot configure the same IP address on multiple interfaces.
sixxs: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1280 inet6 fe80::c0a8:148 prefixlen 64 scopeid 0x20<link> inet6 2001:1af8:fe00:4f0::2 prefixlen 64 scopeid 0x0<global> sit txqueuelen 0 (IPv6-in-IPv4) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3 bytes 312 (312.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
maarten@macaroni:~$ (0) ping -c3 tic.sixxs.net PING tic.sixxs.net (94.75.219.73) 56(84) bytes of data.
Why are you pinging that host? It is not involved in your tunnel.
You have a static tunnel, configured in /etc/network/interfaces, hence TIC is not involved in your tunnel.
maarten@macaroni:~$ (0) ping -c3 2001:1af8:fe00:4f0::1 PING 2001:1af8:fe00:4f0::1(2001:1af8:fe00:4f0::1) 56 data bytes
That is not going to work as you are behind a NAT. See the FAQ for the details.
maarten@macaroni:~$ (0) sudo cat /etc/aiccu.conf
As you have a static tunnel, AICCU is not needed.
Another note: ifconfig & route are 'old' unix commands, please actually start using 'ip' which contains so much more details. Those things do not matter though: you are behind a NAT and are trying to use a static tunnel, thus whatever you configure locally is invalid till you fix your NAT box.
tunnel stopped working (debian, aiccu, NAT)
Carmen Sandiego on Thursday, 17 March 2016 20:06:09
Hi Jeroen,
Thanks for your, once again, quick response.
One can check for DMZ mode, but that typically fails also in mysterious ways and actually makes the NAT part of your connection more magic than what you want, next to exposing your internal host completely. DMZ mode indeed did not fix this problem.
Of course the counters in iptables would tell you a similar story; your NAT box is not passing proto-41 packets. Ah, I'm not too familiar with tunnels and didn't realize I was looking for protocol 41. There is a lot of information on the sixxs website, but it's a bit of a puzzle for me.
If your ISP is blocking or otherwise doing naughty things, that will be hard if you insist on using a static tunnel which is not meant for usage over a NAT. See the FAQ for more details. Maybe I'd better switch to a dynamic tunnel then. My ISP is not very supportive of anything but standard use.
auto sixxs iface sixxs inet6 v4tunnel Why do you have this there, and also trying to use AICCU? It is probably a leftover from the last time I was working on the tunnel. I will remove it.
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255 [..] eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.1.72 netmask 255.255.255.0 broadcast 192.168.1.255 You really cannot configure the same IP address on multiple interfaces. This bridge configuration also puzzles me. I didn't notice it before.
Another note: ifconfig & route are 'old' unix commands, please actually start using 'ip' which contains so much more details. Those things do not matter though: you are behind a NAT and are trying to use a static tunnel, thus whatever you configure locally is invalid till you fix your NAT box. You're right, I should look into the new 'ip' command.
I guess I'd better swich to a dynamic tunnel to get my ipv6 connectivity up again.
Cheers,
Maarten
tunnel stopped working (debian, aiccu, NAT)
> Of course the counters in iptables would tell you a similar story; your NAT box is not passing proto-41 packets. Ah, I'm not too familiar with tunnels and didn't realize I was looking for protocol 41. There is a lot of information on the sixxs website, but it's a bit of a puzzle for me.
The Tunnel Comparison FAQ should be all you need as it explains which tunnel type to use for which situation.
If your ISP is blocking or otherwise doing naughty things, that will be hard if you insist on using a static tunnel which is not meant for usage over a NAT. See the FAQ for more details. Maybe I'd better switch to a dynamic tunnel then. My ISP is not very supportive of anything but standard use.
Depends on the type of dynamic tunnel, and also what equipment one uses.
Also have you instead asked your ISP if they support native IPv6?
auto sixxs iface sixxs inet6 v4tunnel Why do you have this there, and also trying to use AICCU? It is probably a leftover from the last time I was working on the tunnel. I will remove it.
For static tunnels configuring it that manner is the correct way.
While AICCU can configure them, it is better to just let the system do it.
tunnel stopped working (debian, aiccu, NAT)
Carmen Sandiego on Friday, 18 March 2016 13:31:40
Hi Jeroen,
The Tunnel Comparison FAQ should be all you need as it explains which tunnel type to use for which situation. Found it. It's easy to pick a tunnel that doesn't rely on proto 41 now.
Maybe I'd better switch to a dynamic tunnel then. My ISP is not very supportive of anything but standard use. Depends on the type of dynamic tunnel, and also what equipment one uses. I switched from static to AYIYA and now it works again! Thanks for the tip.
Also have you instead asked your ISP if they support native IPv6? Yes I have. Unfortunately they have no native ipv6, no tunnel options and recently cancelled their ipv6 pilot. I got a new modem a couple of years ago because it was ipv6 ready. Apparently the modem is more ready than the ISP. :-(
auto sixxs iface sixxs inet6 v4tunnel Why do you have this there, and also trying to use AICCU? It is probably a leftover from the last time I was working on the tunnel. I will remove it. For static tunnels configuring it that manner is the correct way. One day, when my ISP stops blocking proto 41, I will switch back to a static tunnel again.
Cheers,
Maarten
|
![[ch]](/s/countries/ch.gif)
on Thursday, 17 March 2016 08:14:46
Posting is only allowed when you are