Dear SixXS, I am having a connectivity problem with an ayiya tunnel that I am trying to set up. In short, I can establish the connection using aiccu, but I cannot ping the other side of my endpoint nor any other IPv6 host. Packets are leaving my machine but I am not getting anything in response. I am behind a NAT. Previously I have used a heartbeat tunnel (behind a different ISP and router) with success. Now, at my new location I have D-LINK router that does not support proto-41 so I switched my tunnel T14778 type to ayiya, and have been unable to get it working. Below, I am including all the information from your "Reporting Problems" page. First, the results of "aiccu test" (verbose mode, with XXXX replacing any authentication info): sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)" sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.27.5-117.fc10.x86_64" sock_getline() : "200 Client Identity accepted" sock_printf() : "get unixtime" sock_getline() : "200 1228696799" sock_printf() : "starttls" sock_getline() : "400 This service is not SSL enabled (yet)" TIC Server does not support TLS but TLS is not required, continuing sock_printf() : "username DCM2-SIXXS" sock_getline() : "200 Choose your authentication challenge please" sock_printf() : "challenge md5" sock_getline() : "200 [XXXXX]" sock_printf() : "authenticate md5 [XXXXXX]" sock_getline() : "200 Succesfully logged in using md5 as DCM2-SIXXS (David Christopher Moore) from 2001:7b8:3:4f:202:b3ff:fe46:bec" sock_printf() : "tunnel show T14778" sock_getline() : "201 Showing tunnel information for T14778" sock_getline() : "TunnelId: T14778" sock_getline() : "Type: ayiya" sock_getline() : "IPv6 Endpoint: 2001:4978:f:e5::2" sock_getline() : "IPv6 POP: 2001:4978:f:e5::1" sock_getline() : "IPv6 PrefixLength: 64" sock_getline() : "Tunnel MTU: 1280" sock_getline() : "Tunnel Name: My First Tunnel" sock_getline() : "POP Id: uschi02" sock_getline() : "IPv4 Endpoint: ayiya" sock_getline() : "IPv4 POP: 216.14.98.22" sock_getline() : "UserState: enabled" sock_getline() : "AdminState: enabled" sock_getline() : "Password: XXXXXXX" sock_getline() : "Heartbeat_Interval: 60" sock_getline() : "202 Done" Succesfully retrieved tunnel information for T14778 sock_printf() : "QUIT The Trick Is To Keep Breathing" Tunnel Information for T14778: POP Id : uschi02 IPv6 Local : 2001:4978:f:e5::2/64 IPv6 Remote : 2001:4978:f:e5::1/64 Tunnel Type : ayiya Adminstate : enabled Userstate : enabled [AYIYA-start] : Anything in Anything (draft-02) [AYIYA-tun->tundev] : (Socket to TUN) started heartbeat_socket() - IPv4 : 192.168.0.158 ####### ####### AICCU Quick Connectivity Test ####### ####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.0.158) ### This should return so called 'echo replies' ### If it doesn't then check your firewall settings ### Your local endpoint should always be pingable ### It could also indicate problems with your IPv4 stack PING 192.168.0.158 (192.168.0.158) 56(84) bytes of data. 64 bytes from 192.168.0.158: icmp_seq=1 ttl=64 time=0.043 ms 64 bytes from 192.168.0.158: icmp_seq=2 ttl=64 time=0.040 ms 64 bytes from 192.168.0.158: icmp_seq=3 ttl=64 time=0.049 ms --- 192.168.0.158 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.040/0.044/0.049/0.003 ms ###### Did this work? [Y/n] ####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (216.14.98.22) ### These pings should reach the PoP and come back to you ### In case there are problems along the route between your ### host and the PoP this could not return replies ### Check your firewall settings if problems occur PING 216.14.98.22 (216.14.98.22) 56(84) bytes of data. 64 bytes from 216.14.98.22: icmp_seq=1 ttl=54 time=65.5 ms 64 bytes from 216.14.98.22: icmp_seq=2 ttl=54 time=67.0 ms 64 bytes from 216.14.98.22: icmp_seq=3 ttl=54 time=67.4 ms --- 216.14.98.22 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2069ms rtt min/avg/max/mdev = 65.576/66.688/67.470/0.834 ms ###### Did this work? [Y/n] ####### [3/8] Traceroute to the PoP (216.14.98.22) over IPv4 ### This traceroute should reach the PoP ### In case this traceroute fails then you have no connectivity ### to the PoP and this is most probably the problem traceroute to 216.14.98.22 (216.14.98.22), 30 hops max, 60 byte packets 1 10.106.192.1 (10.106.192.1) 8.555 ms 8.531 ms 8.506 ms 2 71-80-190-173.static.lsan.ca.charter.com (71.80.190.173) 8.739 ms 8.720 ms 8.696 ms 3 97-93-37-41.static.mtpk.ca.charter.com (97.93.37.41) 9.201 ms 9.179 ms 9.160 ms 4 71-80-190-185.static.lsan.ca.charter.com (71.80.190.185) 9.113 ms 9.096 ms 12.753 ms 5 66-214-80-118.static.malb.ca.charter.com (66.214.80.118) 15.297 ms 15.278 ms 15.254 ms 6 66.186.192.5 (66.186.192.5) 17.194 ms 12.772 ms 12.748 ms 7 lv-ten1-1-la-ten1-4.wvfiber.net (66.186.192.193) 17.724 ms 21.488 ms 21.464 ms 8 ord-ten1-4-lva-ten1-3.wvfiber.net (66.186.192.202) 67.832 ms 67.819 ms 67.796 ms 9 ix.your.org (206.223.119.112) 154.968 ms 154.962 ms 154.940 ms 10 sixxs.cx01.chi.bb.your.org (216.14.98.22) 67.920 ms 67.887 ms 67.864 ms ###### Did this work? [Y/n] ###### [4/8] Checking if we can ping IPv6 localhost (::1) ### This confirms if your IPv6 is working ### If ::1 doesn't reply then something is wrong with your IPv6 stack PING ::1(::1) 56 data bytes 64 bytes from ::1: icmp_seq=1 ttl=64 time=0.043 ms 64 bytes from ::1: icmp_seq=2 ttl=64 time=0.044 ms 64 bytes from ::1: icmp_seq=3 ttl=64 time=0.043 ms --- ::1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1999ms rtt min/avg/max/mdev = 0.043/0.043/0.044/0.005 ms ###### Did this work? [Y/n] ###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:4978:f:e5::2) ### This confirms that your tunnel is configured ### If it doesn't reply then check your interface and routing tables PING 2001:4978:f:e5::2(2001:4978:f:e5::2) 56 data bytes 64 bytes from 2001:4978:f:e5::2: icmp_seq=1 ttl=64 time=0.044 ms 64 bytes from 2001:4978:f:e5::2: icmp_seq=2 ttl=64 time=0.046 ms 64 bytes from 2001:4978:f:e5::2: icmp_seq=3 ttl=64 time=0.044 ms --- 2001:4978:f:e5::2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.044/0.044/0.046/0.007 ms ###### Did this work? [Y/n] ###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:4978:f:e5::1) ### This confirms the reachability of the other side of the tunnel ### If it doesn't reply then check your interface and routing tables ### Don't forget to check your firewall of course ### If the previous test was succesful then this could be both ### a firewalling and a routing/interface problem PING 2001:4978:f:e5::1(2001:4978:f:e5::1) 56 data bytes --- 2001:4978:f:e5::1 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 12000ms ###### Did this work? [Y/n] n The output of "aiccu version": AICCU 2007.01.15-console-linux by Jeroen Massar This is aiccu that came with my installation of Fedora 10. I have also tried to compile aiccu from the tarball, and got the same results. My setup is a normal Linux box behind a D-LINK consumer-grade router. uname -a: Linux pisces.davemoore.org 2.6.27.5-117.fc10.x86_64 #1 SMP Tue Nov 18 11:58:53 EST 2008 x86_64 x86_64 x86_64 GNU/Linux ifconfig: eth0 Link encap:Ethernet HWaddr 00:1C:C0:70:25:52 inet addr:192.168.0.158 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: fe80::21c:c0ff:fe70:2552/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:495471 errors:0 dropped:0 overruns:0 frame:0 TX packets:472942 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:87852657 (83.7 MiB) TX bytes:63836858 (60.8 MiB) Memory:fc900000-fc920000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:246 errors:0 dropped:0 overruns:0 frame:0 TX packets:246 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:37966 (37.0 KiB) TX bytes:37966 (37.0 KiB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet6 addr: 2001:4978:f:e5::2/64 Scope:Global inet6 addr: fe80::4878:f:e5:2/64 Scope:Link UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:500 RX bytes:0 (0.0 b) TX bytes:352 (352.0 b) ip route: 192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.158 metric 1 default via 192.168.0.1 dev eth0 proto static ip6 route: 2001:4978:f:e5::/64 dev tun0 proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 4294967295 fe80::/64 dev tun0 proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 4294967295 default via 2001:4978:f:e5::1 dev tun0 metric 1024 mtu 1280 advmss 1220 hoplimit 4294967295 iptables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ip6tables -L: Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Beyond NAT, my router has no extra firewalled ports. I have verified that I can contact an outside host (that I control) using UDP port 5072 and get a response using the "nc" utility. traceroute to my PoP from another direct-connected host I control with a working IPv6 tunnel: traceroute to 2001:4978:f:e5::1 (2001:4978:f:e5::1), 30 hops max, 40 byte packets 1 dcm.tunnel.tserv2.fmt.ipv6.he.net (2001:470:1f03:24e::1) 89.992 ms 90.343 ms 90.998 ms 2 1g-3-9.core1.fmt1.ipv6.he.net (2001:470:0:44::3) 91.694 ms 91.679 ms 92.179 ms 3 10gigabitethernet1-2.core1.sjc2.he.net (2001:470:0:2f::2) 88.978 ms 88.968 ms 89.230 ms 4 10gigabitethernet1-1.core1.chi1.he.net (2001:470:0:3c::2) 150.658 ms 151.482 ms 151.469 ms 5 2001:470:0:7f::2 (2001:470:0:7f::2) 146.597 ms 146.755 ms 146.740 ms 6 gw-230.chi-02.us.sixxs.net (2001:4978:f:e5::1) 150.217 ms 161.254 ms 161.538 ms 7 gw-230.chi-02.us.sixxs.net (2001:4978:f:e5::1) 161.387 ms !H 165.583 ms !H 164.668 ms !H The results of "tcpdump -i eth0 -n -p -s 1500" as I run "aiccu start" and then ping6 the other end of my endpoint. The 148-byte packets are my pings. listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes 16:55:17.579196 IP 192.168.0.158.51693 > 192.168.0.1.domain: 33210+ A? tic.sixxs.net. (31) 16:55:17.929143 IP 192.168.0.1.domain > 192.168.0.158.51693: 33210 3/0/0 CNAME tic.m.sixxs.net., A 193.109.122.244, A 213.204.193.2 (83) 16:55:17.929438 IP 192.168.0.158.60548 > 192.168.0.1.domain: 41912+ A? tic.sixxs.net. (31) 16:55:17.947156 IP 192.168.0.1.domain > 192.168.0.158.60548: 41912 3/0/0 CNAME tic.m.sixxs.net., A 193.109.122.244, A 213.204.193.2 (83) 16:55:17.947376 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: S 74753682:74753682(0) win 5840 <mss 1460,sackOK,timestamp 58060285 0,nop,wscale 7> 16:55:18.127046 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: S 214208251:214208251(0) ack 74753683 win 5792 <mss 1460,sackOK,timestamp 1446315126 58060285,nop,wscale 10> 16:55:18.127105 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: . ack 1 win 46 <nop,nop,timestamp 58060464 1446315126> 16:55:18.471354 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 1:70(69) ack 1 win 6 <nop,nop,timestamp 1446315161 58060464> 16:55:18.471470 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: . ack 70 win 46 <nop,nop,timestamp 58060809 1446315161> 16:55:18.471556 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 1:83(82) ack 70 win 46 <nop,nop,timestamp 58060809 1446315161> 16:55:18.652073 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: . ack 83 win 6 <nop,nop,timestamp 1446315179 58060809> 16:55:18.661613 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 70:99(29) ack 83 win 6 <nop,nop,timestamp 1446315180 58060809> 16:55:18.661693 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 83:96(13) ack 99 win 46 <nop,nop,timestamp 58060999 1446315180> 16:55:18.846274 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 99:114(15) ack 96 win 6 <nop,nop,timestamp 1446315198 58060999> 16:55:18.846442 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 96:105(9) ack 114 win 46 <nop,nop,timestamp 58061184 1446315198> 16:55:19.033093 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 114:156(42) ack 105 win 6 <nop,nop,timestamp 1446315217 58061184> 16:55:19.033222 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 105:125(20) ack 156 win 46 <nop,nop,timestamp 58061370 1446315217> 16:55:19.219433 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 156:204(48) ack 125 win 6 <nop,nop,timestamp 1446315235 58061370> 16:55:19.219535 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 125:139(14) ack 204 win 46 <nop,nop,timestamp 58061557 1446315235> 16:55:19.404731 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 204:241(37) ack 139 win 6 <nop,nop,timestamp 1446315254 58061557> 16:55:19.404851 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 139:189(50) ack 241 win 46 <nop,nop,timestamp 58061742 1446315254> 16:55:19.592914 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 241:354(113) ack 189 win 6 <nop,nop,timestamp 1446315273 58061742> 16:55:19.593007 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 189:208(19) ack 354 win 46 <nop,nop,timestamp 58061930 1446315273> 16:55:19.800312 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 354:396(42) ack 208 win 6 <nop,nop,timestamp 1446315294 58061930> 16:55:19.805555 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: P 396:728(332) ack 208 win 6 <nop,nop,timestamp 1446315294 58061930> 16:55:19.805592 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: . ack 728 win 54 <nop,nop,timestamp 58062143 1446315294> 16:55:19.805728 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: P 208:241(33) ack 728 win 54 <nop,nop,timestamp 58062143 1446315294> 16:55:19.805750 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: F 241:241(0) ack 728 win 54 <nop,nop,timestamp 58062143 1446315294> 16:55:19.821450 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 92 16:55:19.827251 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 44 16:55:19.827374 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 44 16:55:19.827392 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 44 16:55:19.991771 IP 193.109.122.244.sixxsconfig > 192.168.0.158.34969: F 728:728(0) ack 242 win 6 <nop,nop,timestamp 1446315313 58062143> 16:55:19.991836 IP 192.168.0.158.34969 > 193.109.122.244.sixxsconfig: . ack 729 win 54 <nop,nop,timestamp 58062329 1446315313> 16:55:23.821417 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 92 16:55:23.905639 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 148 16:55:24.905415 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 148 16:55:25.905414 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 148 16:55:26.905419 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 148 16:55:27.821401 IP 192.168.0.158.37184 > 216.14.98.22.ayiya: UDP, length 92 Any help you can provide is greatly appreciated. Thanks, David