|
Ticket ID: SIXXS #3088173 Ticket Status: User PoP: frmrs01 - Jaguar Network SARL (Marseille)
No incoming packets from tunnel
![[fr]](/s/countries/fr.gif) Carmen Sandiego on Tuesday, 23 November 2010 20:35:31
Hi,
I've a tunnel (T35549) on POP frmrs01 who don't send me any packet since 2 days (can be see on the graph of the tunnel).
I've tried to disable my firewall and restarting the tunnel (using aiicu), no changes, this is my sixxs interface:
sixxs Link encap:IPv6-dans-IPv4
adr inet6: fe80::c0a8:102/64 Scope:Lien
adr inet6: fe80::c0a8:1/64 Scope:Lien
adr inet6: 2a01:240:fe00:103::2/64 Scope:Global
adr inet6: fe80::c0a8:6401/64 Scope:Lien
adr inet6: fe80::c0a8:201/64 Scope:Lien
adr inet6: fe80::c0a8:301/64 Scope:Lien
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:5475 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 B) TX bytes:454595 (443.9 KiB)
We can see bytes are sent so none received, this is my routes:
$ route -6
Table de routage IPv6 du noyau
Destination Next Hop Flag Met Ref Use If
2a01:240:fe00:103::/64 :: Un 256 0 4 sixxs
2a01:240:fe76:1::/64 :: U 256 0 0 eth1
2a01:240:fe76:2::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: Un 256 0 0 sixxs
::/0 2a01:240:fe00:103::1 UG 1024 0 4012 sixxs
::/0 :: !n -1 1139716 lo
::1/128 :: Un 0 1 6862 lo
2a01:240:fe00:103::/128 :: Un 0 1 0 lo
2a01:240:fe00:103::2/128 :: Un 0 1 0 lo
2a01:240:fe76:1::/128 :: Un 0 1 0 lo
2a01:240:fe76:1::1/128 :: Un 0 1 0 lo
2a01:240:fe76:2::/128 :: Un 0 1 0 lo
2a01:240:fe76:2::1/128 :: Un 0 1 5 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::c0a8:1/128 :: Un 0 1 0 lo
fe80::c0a8:102/128 :: Un 0 1 0 lo
fe80::c0a8:201/128 :: Un 0 1 0 lo
fe80::c0a8:301/128 :: Un 0 1 0 lo
fe80::c0a8:6401/128 :: Un 0 1 0 lo
fe80::20c:76ff:feed:9864/128 :: Un 0 1 0 lo
fe80::212:17ff:fe51:a4c4/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 sixxs
::/0 :: !n -1 1139716 lo
I don't really know if they are good.
I can't ping or traceroute the POP ipv6, so POP ipv4 can be "pingued" and "routed"
Thanks to have read my request
Cordialy,
DAGNEAUX Kevin (DKR4-SIXXS)
State change: user
The state of this ticket has been changed to user
No incoming packets from tunnel
Can you please provide a lot more details as requested from the 'Reporting Problems' section on the contact page, as refered to by that big orange box.
No incoming packets from tunnel
Carmen Sandiego on Wednesday, 24 November 2010 18:54:09
Hi,
Sorry for my bad resume, i restart, I'm DAGNEAUX Kevin (DKR4-SIXXS), owner of the tunel T35549 (2a01:240:fe00:103::2).
I'm running aiccu (from debian's respository) on debian squeeze:
$ aiccu version
AICCU 2007.01.15-console-linux by Jeroen Massar
This is what i get while starting aiccu with verbose enabled:
$ aiccu start
sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)"
sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.35-22-generic"
sock_getline() : "200 Client Identity accepted"
sock_printf() : "get unixtime"
sock_getline() : "200 1290620231"
sock_printf() : "starttls"
sock_getline() : "400 This service is not SSL enabled (yet)"
TIC Server does not support TLS but TLS is not required, continuing
sock_printf() : "username DKR4-SIXXS"
sock_getline() : "200 DKR4-SIXXS choose your authentication challenge please"
sock_printf() : "challenge md5"
sock_getline() : "200 2219e0e3b9ed51969680fc8c3758d45d"
sock_printf() : "authenticate md5 6412f350231ce469887d86c5c2bc08d0"
sock_getline() : "200 Successfully logged in using md5 as DKR4-SIXXS (DAGNEAUX Kevin)"
sock_printf() : "tunnel show T35549"
sock_getline() : "201 Showing tunnel information for T35549"
sock_getline() : "TunnelId: T35549"
sock_getline() : "Type: 6in4-heartbeat"
sock_getline() : "IPv6 Endpoint: 2a01:240:fe00:103::2"
sock_getline() : "IPv6 POP: 2a01:240:fe00:103::1"
sock_getline() : "IPv6 PrefixLength: 64"
sock_getline() : "Tunnel MTU: 1280"
sock_getline() : "Tunnel Name: illux network"
sock_getline() : "POP Id: frmrs01"
sock_getline() : "IPv4 Endpoint: heartbeat"
sock_getline() : "IPv4 POP: 78.153.240.201"
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "Password: XXXX"
sock_getline() : "Heartbeat_Interval: 60"
sock_getline() : "202 Done"
Successfully retrieved tunnel information for T35549
sock_printf() : "QUIT Thank you for the information"
Tunnel Information for T35549:
POP Id : frmrs01
IPv6 Local : 2a01:240:fe00:103::2/64
IPv6 Remote : 2a01:240:fe00:103::1/64
Tunnel Type : 6in4-heartbeat
Adminstate : enabled
Userstate : enabled
heartbeat_socket() - IPv4 : 192.168.1.2
[HB] HEARTBEAT TUNNEL 2a01:240:fe00:103::2 sender 1290620231 c2143fa64221458262b4bb618c9ed8e3
[HB] HEARTBEAT TUNNEL 2a01:240:fe00:103::2 sender 1290620231 c2143fa64221458262b4bb618c9ed8e3
If i run "aiccu test", i get:
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.1.2)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 192.168.1.2 (192.168.1.2) 56(84) bytes of data.
64 bytes from 192.168.1.2: icmp_req=1 ttl=64 time=0.183 ms
64 bytes from 192.168.1.2: icmp_req=2 ttl=64 time=0.123 ms
64 bytes from 192.168.1.2: icmp_req=3 ttl=64 time=0.132 ms
--- 192.168.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.123/0.146/0.183/0.026 ms
######
Did this work? [Y/n] Y
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (78.153.240.201)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 78.153.240.201 (78.153.240.201) 56(84) bytes of data.
64 bytes from 78.153.240.201: icmp_req=1 ttl=57 time=45.5 ms
64 bytes from 78.153.240.201: icmp_req=2 ttl=57 time=45.7 ms
64 bytes from 78.153.240.201: icmp_req=3 ttl=57 time=45.8 ms
--- 78.153.240.201 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 45.566/45.738/45.877/0.217 ms
######
Did this work? [Y/n] Y
####### [3/8] Traceroute to the PoP (78.153.240.201) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 78.153.240.201 (78.153.240.201), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 0.552 ms 0.648 ms 0.788 ms
2 93.94.66-86.rev.gaoland.net (86.66.94.93) 25.029 ms 26.471 ms 27.441 ms
3 189.87.66-86.rev.gaoland.net (86.66.87.189) 28.243 ms 28.870 ms 29.470 ms
4 193.87.66-86.rev.gaoland.net (86.66.87.193) 32.591 ms 33.170 ms 34.753 ms
5 jaguar-network.sfinx.tm.fr (194.68.129.128) 42.950 ms 45.119 ms 45.089 ms
6 sixxs.cust.jaguar-network.net (78.153.224.50) 58.815 ms 44.085 ms 45.608 ms
7 78.153.240.201 (78.153.240.201) 47.423 ms 45.394 ms 46.671 ms
######
Did this work? [Y/n] Y
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.075 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.073 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.073 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.073/0.073/0.075/0.009 ms
######
Did this work? [Y/n] Y
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2a01:240:fe00:103::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2a01:240:fe00:103::2(2a01:240:fe00:103::2) 56 data bytes
64 bytes from 2a01:240:fe00:103::2: icmp_seq=1 ttl=64 time=0.090 ms
64 bytes from 2a01:240:fe00:103::2: icmp_seq=2 ttl=64 time=0.080 ms
64 bytes from 2a01:240:fe00:103::2: icmp_seq=3 ttl=64 time=0.085 ms
--- 2a01:240:fe00:103::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.080/0.085/0.090/0.004 ms
######
Did this work? [Y/n] Y
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2a01:240:fe00:103::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was successful then this could be both
### a firewalling and a routing/interface problem
PING 2a01:240:fe00:103::1(2a01:240:fe00:103::1) 56 data bytes
--- 2a01:240:fe00:103::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2014ms
######
Did this work? [Y/n] n
I'm behind a nat (neufbox/sfrbox) who has a DMZ (working) enabled to the machine who run the tunel. The machine is a debian squeeze with kernel 2.6.35 (i386), the aiccu version distributed by debian seems to be the last version (2007.01.15).
I can see with ifconfig my machine still send packets so never have any reply:
$ ifconfig sixxs
sixxs Link encap:IPv6-dans-IPv4
adr inet6: fe80::c0a8:102/64 Scope:Lien
adr inet6: fe80::c0a8:1/64 Scope:Lien
adr inet6: 2a01:240:fe00:103::2/64 Scope:Global
adr inet6: fe80::c0a8:6401/64 Scope:Lien
adr inet6: fe80::c0a8:201/64 Scope:Lien
adr inet6: fe80::c0a8:301/64 Scope:Lien
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 lg file transmission:0
RX bytes:0 (0.0 B) TX bytes:1072 (1.0 KiB)
My routes seems correct (i think):
$ route -6
Table de routage IPv6 du noyau
Destination Next Hop Flag Met Ref Use If
2a01:240:fe00:103::/64 :: Un 256 0 1 sixxs
2a01:240:fe76:1::/64 :: U 256 0 0 eth1
2a01:240:fe76:2::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: Un 256 0 0 sixxs
::/0 2a01:240:fe00:103::1 UG 1024 1 23 sixxs
::/0 :: !n -1 1219534 lo
::1/128 :: Un 0 1 10506 lo
2a01:240:fe00:103::/128 :: Un 0 1 0 lo
2a01:240:fe00:103::2/128 :: Un 0 1 0 lo
2a01:240:fe76:1::/128 :: Un 0 1 0 lo
2a01:240:fe76:1::1/128 :: Un 0 1 6 lo
2a01:240:fe76:2::/128 :: Un 0 1 0 lo
2a01:240:fe76:2::1/128 :: Un 0 1 5 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::c0a8:1/128 :: Un 0 1 0 lo
fe80::c0a8:102/128 :: Un 0 1 0 lo
fe80::c0a8:201/128 :: Un 0 1 0 lo
fe80::c0a8:301/128 :: Un 0 1 0 lo
fe80::c0a8:6401/128 :: Un 0 1 0 lo
fe80::20c:76ff:feed:9864/128 :: Un 0 1 1 lo
fe80::212:17ff:fe51:a4c4/128 :: Un 0 1 2068 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 sixxs
::/0 :: !n -1 1219534 lo
And i make my test without firewall:
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain INTER_NET (0 references)
target prot opt source destination
Chain LOCAL_NET (0 references)
target prot opt source destination
Chain fail2ban-ssh (0 references)
target prot opt source destination
$ iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
$ iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
forwarding is set to 1 on all interfaces:
$ sysctl net.ipv6.conf.all.forwarding
net.ipv6.conf.all.forwarding = 1
If you need additionnal informations, i'm at your disposition
Thanks to have read my request
Cordialy,
DAGNEAUX Kevin
No incoming packets from tunnel
sock_getline() : "Type: 6in4-heartbeat" [..]
heartbeat_socket() - IPv4 : 192.168.1.2
Proto-41 tunnel behind a NAT, that generally does not work properly. Use AYIYA instead which is made for this situation.
No incoming packets from tunnel
Carmen Sandiego on Wednesday, 24 November 2010 20:57:27
Hi,
I tryed with AYIYA and the result is the same:
$ aiccu start
sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)"
sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.35-22-generic"
sock_getline() : "200 Client Identity accepted"
sock_printf() : "get unixtime"
sock_getline() : "200 1290626293"
sock_printf() : "starttls"
sock_getline() : "400 This service is not SSL enabled (yet)"
TIC Server does not support TLS but TLS is not required, continuing
sock_printf() : "username DKR4-SIXXS"
sock_getline() : "200 DKR4-SIXXS choose your authentication challenge please"
sock_printf() : "challenge md5"
sock_getline() : "200 be2c56bc84ebba3a607f5ef6ec5a1d31"
sock_printf() : "authenticate md5 d5d98ece9dc74d6f27151d5c35386099"
sock_getline() : "200 Successfully logged in using md5 as DKR4-SIXXS (DAGNEAUX Kevin)"
sock_printf() : "tunnel show T35549"
sock_getline() : "201 Showing tunnel information for T35549"
sock_getline() : "TunnelId: T35549"
sock_getline() : "Type: ayiya"
sock_getline() : "IPv6 Endpoint: 2a01:240:fe00:103::2"
sock_getline() : "IPv6 POP: 2a01:240:fe00:103::1"
sock_getline() : "IPv6 PrefixLength: 64"
sock_getline() : "Tunnel MTU: 1280"
sock_getline() : "Tunnel Name: illux network"
sock_getline() : "POP Id: frmrs01"
sock_getline() : "IPv4 Endpoint: ayiya"
sock_getline() : "IPv4 POP: 78.153.240.201"
sock_getline() : "UserState: enabled"
sock_getline() : "AdminState: enabled"
sock_getline() : "Password: [xx]"
sock_getline() : "Heartbeat_Interval: 60"
sock_getline() : "202 Done"
Successfully retrieved tunnel information for T35549
sock_printf() : "QUIT It was lovely talking to you again"
Tunnel Information for T35549:
POP Id : frmrs01
IPv6 Local : 2a01:240:fe00:103::2/64
IPv6 Remote : 2a01:240:fe00:103::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
[AYIYA-start] : Anything in Anything (draft-02)
[AYIYA-tun->tundev] : (Socket to TUN) started
No incoming packets from tunnel
Carmen Sandiego on Wednesday, 24 November 2010 20:33:59
Hi,
Rebooting server + router solved the problem, it now working fine with both method (heartbeat & ayiya).
Thanks a lot for your help
|
![[ch]](/s/countries/ch.gif)
on Wednesday, 24 November 2010 13:34:47
Posting is only allowed when you are