OpenWRT Kamikaze routing problem
Carmen Sandiego on Wednesday, 23 January 2008 01:12:03
I got ipv6 working on my OpenWRT linksys WRT54G v3.1 (due to broadcom, I can only run the 2.4 kernel). I can ping6 ipv6 hosts from the OpenWRT device fine, however when I try to access ipv6 from my LAN I get "Destination unreachable: No route" errors.
My LAN machines are picking up the radvd announcements and are autoconfiguring their interfaces to have an IP in the /64 subnet I have allocated and they can ping6 the ipv6 interface on the OpenWRT box itself, it just appears as if the routes for the rest of the world are unknown.
I understand from reading other's threads here that there was a version of aiccu that was compiled without a proper flag (HAS_IFHEAD), so I compiled 2007.01.15 with that flag to be sure I had it properly (https://dev.openwrt/ticket/1971).
root@OpenWrt:/proc/net# aiccu test
Tunnel Information for T13944:
POP Id : uschi02
IPv6 Local : 2001:4978:f:6e::2/64
IPv6 Remote : 2001:4978:f:6e::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
The one odd thing I see in my logs on the OpenWRT is:
Jan 22 23:47:16 (none) user.debug kernel: aiccu: no IPv6 routers present
/proc/sys/net/ipv6/conf/all/forwarding has '1'
and all the /proc interfaces on my LAN machines have accept_ra with '1' and the forwarding is '0'.
root@OpenWrt:/etc/init.d# ip -6 route ls
2001:4978:f:6e::/64 dev aiccu metric 256 mtu 1280 advmss 1220
2001:4978:127:1234::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1440
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev aiccu metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1440
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev aiccu metric 256 mtu 1280 advmss 1220
default via 2001:4978:f:6e::1 dev aiccu metric 1024 mtu 1280 advmss 1220
unreachable default dev lo proto none metric -1 error -128
root@OpenWrt:/etc/init.d# ip -6 addr ls
1: lo: <LOOPBACK,UP>
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> qlen 1000
inet6 fe80::214:bfff:feb5:26eb/64 scope link
3: eth0.0: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::214:bfff:feb5:26eb/64 scope link
4: eth0.1: <BROADCAST,MULTICAST,UP>
inet6 fe80::214:bfff:feb5:26eb/64 scope link
5: br-lan: <BROADCAST,MULTICAST,UP>
inet6 fe80::200:ff:fe00:0/64 scope link
inet6 2001:4978:127:1234::1/64 scope global
7: wl0: <BROADCAST,MULTICAST,PROMISC,UP> qlen 1000
inet6 fe80::214:bfff:feb5:26ed/64 scope link
10: aiccu: <POINTOPOINT,MULTICAST,NOARP,UP> qlen 10
inet6 fe80::4878:f:6e:2/64 scope link
inet6 2001:4978:f:6e::2/64 scope global
my /etc/radvd.conf has:
interface br-lan
{
AdvSendAdvert on;
MinRtrAdvInterval 3;
MaxRtrAdvInterval 10;
AdvHomeAgentFlag off;
prefix 2001:4978:127:1234::/64 {
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
my /etc/aiccu.conf has:
username MA41-ARIN
password uh
protocol tic
server tic.sixxs.net
ipv6_interface aiccu
tunnel_id T13944
verbose true
daemonize true
automatic true
requiretls false
pidfile /var/run/aiccu.pid
defaultroute true
my /etc/config/firewall has:
accept:proto=41
my /etc/firewall.user has:
iptables -F input_rule
iptables -F output_rule
iptables -F forwarding_rule
iptables -t nat -F prerouting_rule
iptables -t nat -F postrouting_rule
iptables -F input_wan
iptables -F forwarding_wan
iptables -t nat -F prerouting_wan
iptables -A INPUT -p 41 -i eth0.1 -j ACCEPT
ip6tables -F INPUT
ip6tables -P INPUT DROP
ip6tables -A INPUT -p tcp --dport 22 -j ACCEPT
ip6tables -A INPUT -p icmpv6 -j ACCEPT
ip6tables -F FORWARD
ip6tables -A FORWARD -j ACCEPT
The LAN machine (Debian) has the following:
# ip -6 route ls
2001:4978:127:1234::/64 dev eth1 proto kernel metric 256 expires 2592156sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21333515sec mtu 1500 advmss 1440 hoplimit 4294967295
default via fe80::200:ff:fe00:0 dev eth1 proto kernel metric 1024 expires 24sec mtu 1500 advmss 1440 hoplimit 64
# ip -6 addr show eth1
5: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000
inet6 2001:4978:127:1234:20c:f1ff:fe45:4ed0/64 scope global dynamic
valid_lft 2591999sec preferred_lft 604799sec
inet6 fe80::20c:f1ff:fe45:4ed0/64 scope link
valid_lft forever preferred_lft forever
I must be missing something, but I haven't been able to figure out what exactly that something is. Thanks for any suggestions!
OpenWRT Kamikaze routing problem
Shadow Hawkins on Wednesday, 23 January 2008 06:38:19
Have a look at this: I use Kamikaze routers in my setup and utilize the Quagga suite to handle route management and advertisement.
https://noc.sixxs.net/wiki/Quagga_routing_example
OpenWRT Kamikaze routing problem
Jeroen Massar on Wednesday, 23 January 2008 09:33:15 my /etc/config/firewall has: accept:proto=41 [..] iptables -A INPUT -p 41 -i eth0.1 -j ACCEPT
Not needed, as you have an AYIYA tunnel, which is UDP based. See FAQ: Firewalled.
Then again, it pings, thus at least the AYIYA tunnel is working:
64 bytes from 2001:4978:f:6e::2: icmp_seq=1 ttl=46 time=205 ms
traceroute to 2001:4978:127:1234:20c:f1ff:fe45:4ed0 (2001:4978:127:1234:20c:f1ff:fe45:4ed0) from 2001:838:1:1:210:dcff:fe20:7c7c, 30 hops max, 16 byte packets
1 ge-1-3-0.breda.ipv6.concepts-ict.net (2001:838:1:1::1) 0.427 ms 0.384 ms 0.348 ms
2 2001:838:0:10::1 (2001:838:0:10::1) 2.288 ms 2.613 ms 2.338 ms
3 ge-0.3.0.core1.ams.bb6.your.org (2001:7f8:1::a502:6943:1) 3.833 ms 3.747 ms 3.688 ms
4 gr-ams1.core1.chi.bb6.your.org (2001:4978:8000:1::1) 160.905 ms 166.74 ms 160.766 ms
5 sixxs.cx01.chi.bb6.your.org (2001:4978:1:400:202:b3ff:feb4:59cb) 160.842 ms 161.246 ms 160.749 ms
6 cl-111.chi-02.us.sixxs.net (2001:4978:f:6e::2) 204.746 ms 207.344 ms 203.998 ms
7 cl-111.chi-02.us.sixxs.net (2001:4978:f:6e::2) 288.213 ms !H
Check & Verify that you have all your interfaces set to allow forwarding. The 'all' toggle doesn't always work correctly. (sysctl -a |grep forward)
Then check:
- from WRT: ping6 2001:4978:127:1234:20c:f1ff:fe45:4ed0
- from Debian: ping6 2001:4978:127:1234::1
- from Debian: ping6 fe80::200:ff:fe00:0%eth1
If that works, at least connectivity between the two work. The odd thing is that your 2001:4978:127:1234::1 doesn't ping from the internet, as such, I can only assume that it is a forwarding issue.
tcpdumping the interfaces to see what is happening is the next (or actually the first ;) good step in debugging this.
OpenWRT Kamikaze routing problem
Carmen Sandiego on Wednesday, 23 January 2008 17:40:11 Check & Verify that you have all your interfaces set to allow forwarding. The 'all' toggle doesn't always work correctly. (sysctl -a |grep forward)
net.ipv6.conf.aiccu.forwarding = 1
net.ipv6.conf.wl0.forwarding = 1
net.ipv6.conf.br-lan.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
net.ipv4.conf.br-lan.mc_forwarding = 0
net.ipv4.conf.br-lan.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
I dont think the ipv4 br-lan.mc_forwarding needs to be on (thats multicast if I am not mistaken).
- from WRT: ping6 2001:4978:127:1234:20c:f1ff:fe45:4ed0 root@OpenWrt:/etc/init.d# ping6 -c 3 2001:4978:127:1234:20c:f1ff:fe45:4ed0
PING 2001:4978:127:1234:20c:f1ff:fe45:4ed0 (2001:4978:127:1234:20c:f1ff:fe45:4ed0): 56 data bytes
64 bytes from 2001:4978:127:1234:20c:f1ff:fe45:4ed0: icmp6_seq=0 ttl=64 time=3.5 ms
64 bytes from 2001:4978:127:1234:20c:f1ff:fe45:4ed0: icmp6_seq=1 ttl=64 time=2.5 ms
64 bytes from 2001:4978:127:1234:20c:f1ff:fe45:4ed0: icmp6_seq=2 ttl=64 time=3.2 ms
--- 2001:4978:127:1234:20c:f1ff:fe45:4ed0 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 2.5/3.0/3.5 ms
- from Debian: ping6 2001:4978:127:1234::1
micah@lillypad> ping6 -c 3 2001:4978:127:1234::1 ~
PING 2001:4978:127:1234::1(2001:4978:127:1234::1) 56 data bytes
64 bytes from 2001:4978:127:1234::1: icmp_seq=1 ttl=64 time=1.93 ms
64 bytes from 2001:4978:127:1234::1: icmp_seq=2 ttl=64 time=2.58 ms
64 bytes from 2001:4978:127:1234::1: icmp_seq=3 ttl=64 time=3.54 ms
--- 2001:4978:127:1234::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 1.939/2.691/3.547/0.663 ms
- from Debian: ping6 fe80::200:ff:fe00:0%eth1
micah@lillypad> ping6 -c 3 fe80::200:ff:fe00:0%eth1 ~
PING fe80::200:ff:fe00:0%eth1(fe80::200:ff:fe00:0) 56 data bytes
64 bytes from fe80::200:ff:fe00:0: icmp_seq=1 ttl=64 time=2.31 ms
64 bytes from fe80::200:ff:fe00:0: icmp_seq=2 ttl=64 time=4.22 ms
64 bytes from fe80::200:ff:fe00:0: icmp_seq=3 ttl=64 time=2.44 ms
--- fe80::200:ff:fe00:0%eth1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 2.315/2.996/4.229/0.874 ms
Bjorn Mork wrote:
Don't know if this matters, but your br-lan interface seems to have a very odd > mac address: 00:00:00:00:00:00
I dont really see that if I do a ifconfig br-lan:
br-lan Link encap:Ethernet HWaddr 00:14:BF:B5:26:EB
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
I'll work on getting tcpdump on the openwrt box, i need to free up some space first.
OpenWRT Kamikaze routing problem
Shadow Hawkins on Wednesday, 23 January 2008 13:46:10 5: br-lan: <BROADCAST,MULTICAST,UP>
inet6 fe80::200:ff:fe00:0/64 scope link
inet6 2001:4978:127:1234::1/64 scope global
Don't know if this matters, but your br-lan interface seems to have a very odd mac address:
00:00:00:00:00:00
It might work, but I would have tried to change it to change it when experiencing unexplainable problems...
Normally I believe the brigde will use the lowest mac of all the bridged interfaces.
Otherwise your routing looks good.
OpenWRT Kamikaze routing problem
Carmen Sandiego on Thursday, 24 January 2008 23:29:54
It turns out the problem was that my bridge interface (br-lan) was configured as:
inet6 2001:4978:127:1234::1/64
when that isn't correct as that is a bridged interface. Changing that to ::/64 (removing the ::1) and restarting the tunnel and radvd makes things work.
OpenWRT Kamikaze routing problem
Shadow Hawkins on Wednesday, 06 February 2008 16:47:01
OK, I'm seeing the same problem, and the same resolution, but I don't understand why removing the host portion of the address would resolve this. The br-lan is a virtual layer 3 interface, same as a vlan interface of a Cisco, right? Why shouldn't it get a fixed v6 address?
OpenWRT Kamikaze routing problem
Shadow Hawkins on Sunday, 20 April 2008 11:53:34
I just came to the point that you guys all encountered but i think the solution has to do with routing.
I was struggling around with ::1/64 subnet, tried your solution with ::/64 and everything worked fine. But after restarting the router, the problem came again and i inspected the routing table more distinctly. Everything seemed to look as before but in the end of the table, there was that line:
unreachable default dev lo proto none metric -1 error -128 advmss 1220
Just after dumping the routing table with ip -6 route, i stopped and started aiccu-service again and suddenly it worked. So i looked up the routing-table again and the entry mentioned above was gone. Obviously, this default-rule leads all internal traffic that needs to be routed as subnet over the tunnel into the localhost-loopback-device and so it all ends up in data-nirvana.
Restarting aiccu was the trick for me, maybe thats the solution since it cleans up the routing table in the appropriate way by killing the sixxs-device.
OpenWRT Kamikaze routing problem
Shadow Hawkins on Saturday, 17 May 2008 09:11:30
I have the same issue:
unreachable default dev lo proto none metric -1 error -101 metric 10 255
But when i flush the table this route stays.
Any ideas?
OpenWRT Kamikaze routing problem
Shadow Hawkins on Monday, 19 May 2008 13:38:01
Argh, I have the same problem (clients can ping only the tunnel endpoint, everything else gives "Destination net unreachable."; the router running aiccu can ping everything).
I will open a ticket to resolve this.
You can try to stop and restart aiccu. That reportedly helps.
Regards,
David
OpenWRT Kamikaze routing problem
Shadow Hawkins on Tuesday, 20 May 2008 18:45:40
Any progress here ?
(the stuff did not answer my ticket yet)
OpenWRT Kamikaze routing problem
Shadow Hawkins on Tuesday, 20 May 2008 18:45:57
stuff=staff
OpenWRT Kamikaze routing problem - my solution
Shadow Hawkins on Monday, 09 June 2008 17:40:43
Hello,
I, surprise!, experienced the same problem.
Solution for me: Put aiccu after radvd in /etc/rc.d.
I let radvd start as S51radvd and aiccu as S55aiccu.
Here my config files:
----- /etc/init.d/radvd -------
#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
START=51
start() {
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
mkdir -p /var/log
mkdir -p /var/run
/usr/sbin/radvd
}
stop() {
killall radvd
echo 0 > /proc/sys/net/ipv6/conf/all/forwarding
}
----- /etc/init.d/aiccu -------
#!/bin/sh /etc/rc.common
# Copyright (C) 2006 OpenWrt.org
START=55
start() {
aiccu start
ip -6 addr add 2a01:xxx:xxx::1/64 dev br-lan
ip -6 route add 2a01:xxx:xxx::1/64 dev br-lan
}
stop() {
aiccu stop
}
--------------------------------
-------- /etc/radvd.conf -----------
# For more examples, see the radvd documentation.
interface br-lan
{
AdvSendAdvert on;
prefix 2a01:xxx:mysubnet::/64 {
AdvOnLink on;
AdvAutonomous on;
};
};
------------------------------
i guess aiccu.conf is uncritical
------ IPv6 addresses and routes ---------
root@mux:~# ip -6 addr
1: lo: <LOOPBACK,UP>
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> qlen 1000
inet6 fe80::211:d8ff:fe70:1f9d/64 scope link
3: eth0.0: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::211:d8ff:fe70:1f9d/64 scope link
4: eth0.1: <BROADCAST,MULTICAST,UP>
inet6 fe80::211:d8ff:fe70:1f9d/64 scope link
6: br-lan: <BROADCAST,MULTICAST,UP>
inet6 2a01:xxx:mysubnet::1/64 scope global
inet6 fe80::200:ff:fe00:0/64 scope link
7: wl0: <BROADCAST,MULTICAST,PROMISC,UP> qlen 1000
inet6 fe80::211:d8ff:fe70:1f9d/64 scope link
8: sixxs: <POINTOPOINT,NOARP,UP>
inet6 2a01:xxx:mytunnel:e4::2/64 scope global
inet6 fe80::5b59:74b9/64 scope link
inet6 fe80::a01:501/64 scope link
root@mux:~# ip -6 route
2a01:xxx:mytunnel:xx::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220
2a01:xxx:mysubnet::/64 dev br-lan metric 256 mtu 1500 advmss 1220
2a01:xxx:mysubnet::/64 dev br-lan metric 1024 mtu 1500 advmss 1220
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1220
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1220
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1220
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1220
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1220
fe80::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1220
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1220
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220
default via 2a01:xxx:mytunnel:xx::1 dev sixxs metric 1024 mtu 1280 advmss 1220
root@mux:~# uname -a
Linux mux 2.4.34 #121 Fri May 16 22:06:09 CDT 2008 mips unknown
root@mux:~# lsmod
Module Size Used by Tainted: P
wlcompat 14944 0 (unused)
ip_conntrack_tftp 1712 0 (unused)
ip_nat_irc 2336 0 (unused)
ip_conntrack_irc 3128 1
ip_nat_ftp 2960 0 (unused)
ip_conntrack_ftp 4272 1
ip6t_owner 1020 0 (unused)
ip6t_multiport 556 0 (unused)
ip6t_mark 316 0 (unused)
ip6t_mac 556 0 (unused)
ip6t_limit 892 0 (unused)
ip6t_length 348 0 (unused)
ip6t_eui64 684 0 (unused)
ip6t_MARK 668 0 (unused)
ip6t_LOG 4556 0 (unused)
ip6t_IMQ 684 0 (unused)
ip6table_mangle 2284 0 (unused)
ip6table_filter 1740 0 (unused)
ip6_tables 17440 12 [ip6t_owner ip6t_multiport ip6t_mark ip6t_mac ip6t_limit ip6t_length ip6t_eui64 ip6t_MARK ip6t_LOG ip6t_IMQ ip6table_mangle ip6table_filter]
wl 630776 0 (unused)
ipv6 197376 -1
switch-robo 4540 0 (unused)
switch-core 4864 0 [switch-robo]
diag 25520 0 (unused)
root@mux:~#
-----------------------
Hardware is an ASUS WL500 deluxe
cheers
Stephan
OpenWRT Kamikaze routing problem
Jeroen Massar on Tuesday, 10 June 2008 08:42:21
The answer is simply that there is a broken Linux kernel coming with Kamikaze, as such there is also a simple solution:
ip -6 ro add 2000::/3 via <tunnel>::1
And suddenly you will have connectivity...
See here which references here for the people that you can blame for this ;)
OpenWRT Kamikaze routing problem
Shadow Hawkins on Tuesday, 10 June 2008 15:04:57
Hello Jeroen,
Thanks for your reply, but everything is already working fine for me.
Just starting aiccu after radvd solved the issue. Otherwise all config files are as in the OpenWRT IPv6-HowTo.
hand,
Stephan
OpenWRT Kamikaze routing problem
Shadow Hawkins on Wednesday, 11 June 2008 10:29:35
I guess either works:
- the route entry above (jut tried it and it solves the problem)
or
- start aiccu after radvd (I used this before)
Posting is only allowed when you are logged in. |