SixXS::Sunset 2017-06-06

Linux, router and problem with IPv6
[fi] Carmen Sandiego on Friday, 17 October 2003 02:43:59
I don't seem to get the tunnel working, no matter what scripts I use. I've used Gentoo's scripts, the iproute2 scripts, the one that has been posted here and so on. Anyway, the problem isn't with those commands, but with something else. The Linux is working as a router/NAT for the W2K machine and that's working fine. But I don't get the IPv6 to work. I've replaced the home-IP with XXX.XXX.XX.101, rest is pretty much as it was. What's there still to add? I've compiled the kernel with IP tunnelin, advanced router, netfilter and IPv6 (etc). Something missing? Traceroute leads to nowhere, ping6 leads to nowhere. SIXXS's NOC claims tunnel is enabled, but certainly I don't get it to work ;) eth0 Link encap:Ethernet HWaddr 00:10:A7:02:FE:32 inet addr:XXX.XXX.XX.101 Bcast:XXX.XXX.XX.255 Mask:255.255.240.0 inet6 addr: fe80::210:a7ff:fe02:fe32/10 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17977089 errors:0 dropped:0 overruns:0 frame:0 TX packets:3145637 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:203861190 (194.4 Mb) TX bytes:2580585152 (2461.0 Mb) Interrupt:11 Base address:0x4000 eth0:0 Link encap:Ethernet HWaddr 00:10:A7:02:FE:32 inet addr:10.0.0.4 Bcast:10.255.255.255 Mask:255.0.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1449 errors:0 dropped:0 overruns:0 frame:0 TX packets:189 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:142968 (139.6 Kb) TX bytes:17388 (16.9 Kb) Interrupt:11 Base address:0x4000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:4055 errors:0 dropped:0 overruns:0 frame:0 TX packets:4055 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:445670 (435.2 Kb) TX bytes:445670 (435.2 Kb) sit0 Link encap:IPv6-in-IPv4 inet6 addr: ::127.0.0.1/96 Scope:Unknown inet6 addr: ::XXX.XXX.XX.101/96 Scope:Compat inet6 addr: ::10.0.0.4/96 Scope:Compat UP RUNNING NOARP MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) sit1 Link encap:IPv6-in-IPv4 inet6 addr: fe80::82e9:1565/10 Scope:Link inet6 addr: 2001:960::2/64 Scope:Global inet6 addr: fe80::a00:4/10 Scope:Link UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:327 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:39508 (38.5 Kb) - Yak
Linux, router and problem with IPv6
[nl] Carmen Sandiego on Friday, 17 October 2003 11:02:22
What commands / scripts are you using? What I cannot see here is if you set up the routes okay (ip -6 route show), or if the tunnel end-point is set okay. Are you sure you have 2001:960::2/64?? I assume you are trying IPv6 from your linux router and not (yet) from your win2k machine. First set up IPv6 for the router, then go to w2k (which can work with ipv6 as well). BTW, I am using Linux (RedHat 9).
Linux, router and problem with IPv6
[fi] Carmen Sandiego on Friday, 17 October 2003 19:17:10
Ouh, I'm not trying to get IPv6 to work with XP yet. First I would like the router to have it's connection working, before sharing anything ;). This is what the SIXXS emailed: SixXS IPv6 : 2001:960:2:87::1/64 Your IPv6 : 2001:960:2:87::2/64 This is the first script I've tried.. as adviced in the Gentoo's documentation: #!/bin/sh # Add a tunnel to the SIXXS IPv4 address ifconfig sit0 up ifconfig sit0 inet6 tunnel ::YYY.204.YYY.2 # Route all IPv6 traffic through the 'sit1' device ifconfig sit1 up ifconfig sit1 inet6 add 2001:960:2:87::1/64 route -A inet6 add ::/0 dev sit1 # Create a tunnel between the local IPv4 and SIXXS remote IPv4 address ip tunnel add sixbone mode sit remote YYY.204.YYY.2 local XXX.XXX.XX.101 ttl 255 # Bring the tunnel up, and assign the IPv6 address to it ip link set sixbone up ip addr add 2001:960:2:87::2/64 dev sixbone # Route all IPv6 address through our 'sixbone' tunnel device ip route add 2001:960:2:87::1 dev sixbone - Yak
Linux, router and problem with IPv6
[ch] Jeroen Massar SixXS Staff on Friday, 17 October 2003 21:31:17
SIXXS's NOC claims tunnel is enabled, but certainly I don't get it to work
No, that the tunnel is enabled and configured, not that you got it to work. When it pings and the graphs show it, then it works. Who gave you the idea of using sit0, sit1 and then also 'sixbone' :) You know have configured a prefix on sit1 but the tunnel on sit0.... Next to that x-ing out your IP is useless as anybody can look it up using whois. Read the FAQ and use that script as the above is totally wrong. You might want to understand what the scripts do instead of just running them :)
Linux, router and problem with IPv6
[fi] Carmen Sandiego on Saturday, 18 October 2003 07:42:48
Anyway, using the FAQs scripts give me the same results. The tunnel just doesn't work. And yes, they can whois my IPv6, but not IPv4. Anyway, if someone really wants to find out my IP, that's their problem and shouldn't be too difficult, but I don't like posting it to open forums. However, here's two another scripts I've tried and neither one works. So, while I might have little bit fucked up scripting in the first one (which I did based on a sample), the others give me a non-working tunnel also. #!/bin/sh ip tunnel add sixxs mode sit local XXX.XXX.XX.101 remote YYY.YYY.YYY.2 ip link set sixxs up ip link set mtu 1280 dev sixxs ip tunnel change sixxs ttl 64 ip -6 addr add 2001:960:2:87::2/64 dev sixxs ip -6 ro add default via 2001:960:2:87::1 dev sixxs Or the one mentioned earlier in this forum: #!/bin/sh # Please fill in the following variable # ### BROKER="SIXXS" # Name of your broker (cosmetic purpose) Loc_IPv4="XXX.XXX.XX.101" # Local IPv4 address. PoP_IPv4="YYY.YYY.YYY.2" # PoP's IPv4 address. Loc_IPv6="2001:960::2/64" # Local IPv6 endpoint address. PoP_IPv6="2001:960::1" # PoP's IPv6 endpoint address. Not_local="2000::/3" # Ipv6 address ~= ipv4 0.0.0.0 Interface_local="sit0" # which sit devices to use Interface_remote="sit1" # MTU="1280" # Tunnel's MTU size IFCONFIG="/sbin/ifconfig" # Binary locations ROUTE="/sbin/route" # IPTUNNEL="/sbin/iptunnel" # ############################################################################### # # DO NOT CHANGE ANYTHING BEYOND HERE !!! # ### case "$1" in start) # Test if we really got IPv6 support in the kernel. If not present, # this script tries to load the kernel module else it bails out with a # warning. # ### if ! [ -f /proc/net/if_inet6 ] then echo "ERROR: No IPv6 support in you kernel. Trying to load kernel module." 1>&2; modprobe ipv6; fi if ! [ -f /proc/net/if_inet6 ] then echo "ERROR: No IPv6 support. Sorry I can't continue." 1>&2; exit 1; fi # Test if tunnel is not already up # ### up=`(set \`"$IFCONFIG" | grep "$Interface_remote"\`;echo $1)` 1>&2 if [ "$up" = "$Interface_remote" ] then echo "ERROR: Tunnel already up using: $Interface_remote" 1>&2; exit 1; fi # Setting up the tunnel. # ### $IFCONFIG sit0 tunnel ::$PoP_IPv4 mtu 1280 up && \ $IFCONFIG sit1 add $Loc_IPv6 mtu 1280 up && \ $ROUTE -A inet6 add $Not_local gw $PoP_IPv6 dev sit1 && \ echo "Tunnel to $BROKER establised." || \ { echo "ERROR: Failed to establise a tunnel to $BROKER." 1>&2; $0 stop; exit 1; } ;; stop) # Bringing the tunnel down. # ### $IFCONFIG sit1 down $IFCONFIG sit0 down && \ echo "IPv6 tunnel deleted." || \ { echo "ERROR: Failed to bring IPv6 tunnel with $Interface_remote down." 1>&2; exit 1; } ;; restart|reload) $0 stop && $0 start ;; *) echo "GNU (C)2003 Robert Nagtegaal.";echo echo "Usage: $0 {start|stop|restart|reload}" exit 1 esac exit 0 - Yak
Linux, router and problem with IPv6
[ch] Jeroen Massar SixXS Staff on Saturday, 18 October 2003 11:28:28
Trust me... it is all your fault, using stupid scripts without showing what the output is doesn't work. For arguments sake, this one works, after you have cleansed your machine from old tunnels and routes ofcourse: # ip tunnel add sixxs mode sit local 130.233.21.101 remote 213.204.193.2 # ip link set sixxs up # ip link set mtu 1280 dev sixxs # ip tunnel change sixxs ttl 64 # ip -6 addr add 2001:960:2:87::2/64 dev sixxs # ip -6 ro add default via 2001:960:2:87::1 dev sixxs If it doesn't, check and verify the settings: # ip tun sho # ip -6 ro sho # ip -6 addr sho and ofcourse use the rest of the forum to do some diagnosis. Also it might just be that your IPv4 path is broken ofcourse :) You might also have read that the second script is using the old sit0/sit1 setup which is wrong
And yes, they can whois my IPv6, but not IPv4.
$ whois -h whois.sixxs.net 2001:960:2:87::2 inet6num: 2001:960:2:87::/64 netname: SIXXS-NLAMS04-TUN136 descr: IPv6 in IPv4 tunnel from 213.204.193.2 to 130.233.21.101 descr: Tunnel T1388 goes to an endpoint of MB18-6BONE. country: FI "You can run, but you can't hide from us...." Everything is public, we made sure that people can find you thus making abuse faster to solve. Many network administrators like and use this to check if someone isn't suddenly hiding in IPv6. If you do have something to hide you are at the wrong place.
Linux, router and problem with IPv6
[fi] Carmen Sandiego on Sunday, 19 October 2003 10:51:09
For arguments sake, this one works, after you have cleansed your machine from old tunnels and routes ofcourse:
Or then it won't ;), I rebooted the whole machine just to check it's not fucked up, and without initializing NAT-routing. Ran the script.. and root@amidala router # ip tun sho tunl0: ip/ip remote any local any ttl inherit nopmtudisc sit0: ipv6/ip remote any local any ttl 64 nopmtudisc sixxs: ipv6/ip remote 213.204.193.2 local 130.233.21.101 ttl 64 root@amidala router # ip -6 ro sho 2001:960:2:87::/64 via :: dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 fe80::/10 dev eth0 proto kernel metric 256 mtu 1500 advmss 1220 fe80::/10 via :: dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 ff00::/8 dev eth0 proto kernel metric 256 mtu 1500 advmss 1220 ff00::/8 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 default dev eth0 proto kernel metric 256 mtu 1500 advmss 1220 default via 2001:960:2:87::1 dev sixxs metric 1024 mtu 1280 advmss 1220 unreachable default dev lo metric -1 error -101 advmss 1220 root@amidala router # ip6 -6 addr sho bash: ip6: command not found root@amidala router # ip -6 addr sho 1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue inet6 ::1/128 scope host 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 inet6 fe80::210:a7ff:fe02:fe32/10 scope link 5: sixxs@NONE: <POINTOPOINT,NOARP,UP> mtu 1280 qdisc noqueue inet6 fe80::82e9:1565/128 scope link inet6 2001:960:2:87::2/64 scope global And here we are again. Nothing apparently works for me.. puuh ;)
Also it might just be that your IPv4 path is broken ofcourse :)
Unlikely, at least I can ping the POP.
Everything is public, we made sure that people can find you thus making abuse faster to solve.
I don't see how finding out IPv4 makes it easier to resolve abuse. Perhaps this is for IRC-only-users to prevent them from hiding behind IPv6-address and that kiddos flood their IPv4 address instead of your IPv4-POP. For any other reason, I don't know. Gotta do a kernel recompile, maybe there's something wrong ;) - Yak
Linux, router and problem with IPv6
[ch] Jeroen Massar SixXS Staff on Sunday, 19 October 2003 11:48:03
default dev eth0 proto kernel metric 256 mtu 1500 advmss 1220
Remove that one, it will help.
> Everything is public, we made sure that people can find you thus making abuse faster to solve.
I don't see how finding out IPv4 makes it easier to resolve abuse.
Perhaps this is for IRC-only-users to prevent them from hiding behind
IPv6-address and that kiddos flood their IPv4 address instead of your
IPv4-POP. For any other reason, I don't know.
That is indeed one of the main reasons, next to that tunnels should be documented in this way in either one of the various registries. It also allows people to find abusers of eg web and other services.
Gotta do a kernel recompile, maybe there's something wrong
And after that do some tcpdumping, setup the tunnel and start in this order: One shell: # tcpdump -i eth0 -Xns 1500 not port <ssh/web/other common things> Other shell: # ping6 <your IPv6 endpoint> # ping6 <POP IPv6 endpoint> # ping6 noc.sixxs.net And you should see the packets going out and coming back. Or at least see some errors etc :) Btw it is quite funny to see that your tunnel nicely pings over IPv6 and that the graphs also show that. Check your userhome and then check the tunnel information. 64 bytes from 2001:960:2:87::2: icmp_seq=1 ttl=60 time=44.5 ms :)

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker