Not able to ping6 my tunnel endpoint
Shadow Hawkins on Saturday, 25 May 2013 13:45:35
Hello all,
I am having a problem with a FresBSD 9.1-RELEASE-p3 system. I got a tunnel and a subnet and aiccu is enabled. Still I cannot use ipv6 and I cannot ping6 my side of the tunnel (the :2 address) or the pop side of the tune (the :1 address). ping6 on my ::1 localhost IP works so far.
The computer is attached to a router with the ports needed for aiccu forwarded through the NAT to this gateway. The sixxs-aiccu test fails when pinging the remote side of the tunnel.
Any help is appreciated!
Thanks
Thomas
My configuration
Here is my ifconfig:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 192.168.9.4 --> 85.236.202.138
inet6 fe80::3285:a9ff:fea6:50bf%gif0 prefixlen 64 tentative scopeid 0xa
inet6 2a01:1e8:e100:21e::2 --> 2a01:1e8:e100:21e::1 prefixlen 128 tentative
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
options=1<ACCEPT_REV_ETHIP_VER>
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 30:85:a9:a6:50:bf
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::3285:a9ff:fea6:50bf%lagg0 prefixlen 64 scopeid 0x9
inet6 2a01:1e8:bbbb:cccc::1 prefixlen 64
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
laggproto lacp lagghash l2,l3,l4
laggport: em1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: em0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
My netstat -rn -f inet6
Routing tables
Internet6:
Destination Gateway Flags Refs Use Mtu Netif Expire
::/96 ::1 UGRS 0 0 16384 lo0 =>
default 2a01:1e8:e100:21e::1 UGS 0 3 1280 gif0
::1 link#8 UH 0 0 16384 lo0
::ffff:0.0.0.0/96 ::1 UGRS 0 0 16384 lo0
2a01:1e8:e100:21e::1 link#10 UH 0 26 1280 gif0
2a01:1e8:e100:21e::2 link#10 UHS 0 19 16384 lo0
2a01:1e8:e100:821e::/64 link#9 U 0 856 1500 lagg0
2a01:1e8:e100:821e::1 link#9 UHS 0 0 16384 lo0
fe80::/10 ::1 UGRS 0 0 16384 lo0
fe80::%em0/64 link#2 U 0 0 1500 em0
fe80::3285:a9ff:fea6:50bf%em0 link#2 UHS 0 0 16384 lo0
fe80::%em1/64 link#3 U 0 0 1500 em1
fe80::3285:a9ff:fea6:50c0%em1 link#3 UHS 0 0 16384 lo0
fe80::%lo0/64 link#8 U 0 0 16384 lo0
fe80::1%lo0 link#8 UHS 0 0 16384 lo0
fe80::%lagg0/64 link#9 U 0 9 1500 lagg0
fe80::3285:a9ff:fea6:50bf%lagg0 link#9 UHS 0 0 16384 lo0
fe80::%gif0/64 link#10 U 0 0 1280 gif0
fe80::3285:a9ff:fea6:50bf%gif0 link#10 UHS 0 0 16384 lo0
ff01::%em0/32 fe80::3285:a9ff:fea6:50bf%em0 U 0 0 1500 em0
ff01::%em1/32 fe80::3285:a9ff:fea6:50c0%em1 U 0 0 1500 em1
ff01::%lo0/32 ::1 U 0 0 16384 lo0
ff01::%lagg0/32 fe80::3285:a9ff:fea6:50bf%lagg0 U 0 0 1500 lagg0
ff01::%gif0/32 fe80::3285:a9ff:fea6:50bf%gif0 U 0 0 1280 gif0
ff02::/16 ::1 UGRS 0 0 16384 lo0
ff02::%em0/32 fe80::3285:a9ff:fea6:50bf%em0 U 0 0 1500 em0
ff02::%em1/32 fe80::3285:a9ff:fea6:50c0%em1 U 0 0 1500 em1
ff02::%lo0/32 ::1 U 0 0 16384 lo0
ff02::%lagg0/32 fe80::3285:a9ff:fea6:50bf%lagg0 U 0 0 1500 lagg0
ff02::%gif0/32 fe80::3285:a9ff:fea6:50bf%gif0 U 0 0 1280 gif0
My tunnel ends on deleo1. The aiccu.conf is shown below
# Login information
username XXXX
password YYYY
verbose false
daemonize true
automatic true
behindnat true
requiretls true
My rc.conf looks like this:
hostname="router"
zfs_enable="YES"
# start networking with link aggregation
ifconfig_em0="up"
ifconfig_em1="up"
ifconfig_em2="dhcp" # interface to home network
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto lacp laggport em0 laggport em1 192.168.0.2/24 "
# enable ipv6 tunnel
ipv6_enable_all_interfaces="YES"
sixxs_aiccu_enable="YES"
gif_interfaces="gif0"
gifconfig_gif0="UP"
# add static ipv6 adresses for routers
ifconfig_lagg0_ipv6="2a01:1e8:bbbb:cccc::1/64" # first address in my assigned /64 subnet
# enable router advertisement
ipv6_gateway_enable="YES"
rtadvd_enable="YES"
rtadvd_interfaces="lagg0"
# start deamons
sshd_enable="YES"
dbus_enable="YES"
avahi_daemon_enable="YES"
netatalk_enable="YES"
cnid_metad_enable="YES"
afp_enable="YES"
ntpd_enable="YES"
Not able to ping6 my tunnel endpoint
Jeroen Massar on Saturday, 25 May 2013 14:11:29 The computer is attached to a router with the ports needed for aiccu forwarded through the NAT to this gateway.
AICCU only uses one port, the one for TIC; as that IS TCP and outbound only you really do not need to forward it as a default NAT should handle that (unless firewalled away).
What is important in your situation with sitting behind RFC1918 and using a prot-41 based tunnel, to "forward", is the protocol 41 traffic. Which is the actual tunneled traffic.
Typically that feature is called DMZ mode, typically it is also a big pain and hence AYIYA is the proper solution for those situations.
Btw: which ports have you 'forwarded' and why do you think that you had to do that? Is there incorrect or unclear info somewhere maybe?
Not able to ping6 my tunnel endpoint
Shadow Hawkins on Sunday, 26 May 2013 09:45:30
Jeroen Massar wrote:
Btw: which ports have you 'forwarded' and why do you think that you had to do that? Is there incorrect or unclear info somewhere maybe?
I looked at this URL: https://www.sixxs.net/faq/connectivity/?faq=firewalled but I misunderstood it. All traffic is outbound TCP traffic, which needs no port-forwarding, thanks for pointing me to this.
I am using an AirportExtreme base station with firmare 7.6.3 and interestingly I have been able to use a heartbeat tunnel to my FreeBSD box. However recently it does not work. This airport gets a public IPv4 address, but I am not sure how to set up a proto 41 forwarding.
Not able to ping6 my tunnel endpoint
Shadow Hawkins on Sunday, 26 May 2013 10:32:37
Thomas Westfeld wrote:
I am using an AirportExtreme base station with firmare 7.6.3 and interestingly I have been able to use a heartbeat tunnel to my FreeBSD box. However recently it does not work. This airport gets a public IPv4 address, but I am not sure how to set up a proto 41 forwarding.
I now switched my tunnel to AYIYA. It seems to work now. What puzzled me is that I was able to use a heartbeat 6 to 4 tunnel, but not anymore. Now my credits are also way below the water line. Are there rewards for using a non-static tunnel, too? Do I need to keep the tunnel up 24/7, which would be inconvenient when I am on the road and use the ipv6 tunnel on my notebook.
Not able to ping6 my tunnel endpoint
Jeroen Massar on Sunday, 26 May 2013 14:56:32
Thomas Westfeld wrote:
I am using an AirportExtreme base station with firmare 7.6.3 and interestingly I have been able to use a heartbeat tunnel to my FreeBSD box. However recently it does not work. This airport gets a public IPv4 address, but I am not sure how to set up a proto 41 forwarding.
(afaik) Airports do not support proto-41 forwarding.
I now switched my tunnel to AYIYA. It seems to work now. What puzzled me is that I was able to use a heartbeat 6 to 4 tunnel, but not anymore.
(You likely mean a heartbeat 6-in-4 tunnel. 6to4 is a different thing)
Now my credits are also way below the water line. Are there rewards for using a non-static tunnel, too? Do I need to keep the tunnel up 24/7, which would be inconvenient when I am on the road and use the ipv6 tunnel on my notebook.
As per the FAQ, Heartbeat and AYIYA tunnels, when up, receive credits every two weeks. Indeed, when it does not properly ping it would not count as 'up' though.
Not able to ping6 my tunnel endpoint
Shadow Hawkins on Sunday, 26 May 2013 18:30:05
Jeroen Massar wrote:
As per the FAQ, Heartbeat and AYIYA tunnels, when up, receive credits every two weeks. Indeed, when it does not properly ping it would not count as 'up' though.
The FAQ is not very precise in this respect. What does "properly ping" mean? Once a day is enough or 24/7 ? I do not really find it well documented.
Anyway I would like to thank you for your quick, patient and helpful replies.
Not able to ping6 my tunnel endpoint
Jeroen Massar on Tuesday, 28 May 2013 02:07:46 The FAQ is not very precise in this respect. What does "properly ping" mean? Once a day is enough or 24/7 ? I do not really find it well documented.
As stated in the FAQ, it needs to answer when a request is sent, you miss out too many of them, there will be a gap in the graph and thus that will be recorded as down time.
Posting is only allowed when you are logged in. |