conversion from dynamic to static tunnel issues
Shadow Hawkins on Saturday, 22 October 2005 12:51:04
Hello all,
Because i have a static ip at my isp for a while now i considered to change my tunnel from dynamic to a static one.
I removed aiccu and configured a static tunnel, that i have not been able to get up and running. :)
My setup is that i have a speedtouch routing ipv4 (my internet connection) and a linksys which is on my internal network (private v4 range) routing ipv6.
With aiccu everything worked perfect.
I have changed the speedtouch's configuration to point to a default server (the linksys on my internal network) and this works fine. Tested it with an ssh connection.
The changes that i made are active for 3 hours now.
What i find strange is that is get carrier errors on my tunnel interface:
root@OpenWrt:/etc# ifconfig sixxs
sixxs Link encap:UNSPEC HWaddr 56-50-3C-0D-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::5650:3c0d/128 Scope:Link
inet6 addr: 2001:838:300:2b9::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:900 dropped:0 overruns:0 carrier:900
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@OpenWrt:/etc#
root@OpenWrt:/etc# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0f:66:da:04:a3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:feda:4a3/64 scope link
3: eth1: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0f:66:da:04:a5 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:feda:4a5/64 scope link
4: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: br0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:0f:66:da:04:a3 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.1/24 brd 10.0.0.255 scope global br0
inet6 fe80::20f:66ff:feda:4a3/64 scope link
7: vlan0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc noqueue
link/ether 00:0f:66:da:04:a3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:feda:4a3/64 scope link
9: sixxs@NONE: <POINTOPOINT,NOARP,UP> mtu 1280 qdisc noqueue
link/sit 86.80.60.13 peer 213.197.27.252
inet6 fe80::5650:3c0d/128 scope link
inet6 2001:838:300:2b9::2/64 scope global
root@OpenWrt:/etc#
root@OpenWrt:/etc# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 2 0 lo
2001:838:300:2b9::/128 :: U 0 0 0 lo
2001:838:300:2b9::2/128 :: U 0 917 1 lo
2001:838:300:2b9::/64 :: U 256 862 1 sixxs
fe80::/128 :: U 0 0 0 lo
fe80::5650:3c0d/128 :: U 0 0 0 lo
fe80::20f:66ff:feda:4a3/128 :: U 0 23 0 lo
fe80::20f:66ff:feda:4a5/128 :: U 0 0 0 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 vlan0
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 sixxs
ff02::1/128 ff02::1 UC 0 1 1 br0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 vlan0
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 br0
ff00::/8 :: U 256 0 0 sixxs
::/0 2001:838:300:2b9::1 UG 1024 178 0 sixxs
root@OpenWrt:/etc#
When i run a tcpdump i see it's routed correctly over the tunnel interface, however i dont get anything back.
The tunnel is enabled in my profile. :)
Anyone knows what's going on? Do i just have to wait or.. ? :)
Regards,
Wouter
conversion from dynamic to static tunnel issues
Shadow Hawkins on Sunday, 23 October 2005 17:31:14
Ok i tracked down the problem, but i dont understand it unless aiccu does something else then updating the ipv4 endpoint address.
tcpdump shows the following message on int br0:
14:19:57.033193 IP tunnelserver.concepts-ict.net > 10.0.0.1: fe80::d5c5:1bfc > ff02::1: HBH icmp6: multicast listener query [hlim 1]
14:19:57.033660 IP 10.0.0.1 > tunnelserver.concepts-ict.net: icmp 104: 10.0.0.1 protocol 41 unreachable
That probably means that the speedtouch does not forward protocol 41.
I have unbinded the 6TO4 application already. This worked fine when using aiccu also.
Speedtouch output:
=>nat bindlist
There is no NAT/PAT helper-port binding.
=>
Is aiccu doing more then updating the ipv4 endpoint?
Is it my endpoint that didnt update things correctly?
Is anyone else using a static tunnel with a speedtouch in between? :)
Wouter
conversion from dynamic to static tunnel issues
Jeroen Massar on Sunday, 23 October 2005 17:22:52
The trick is that when using AICCU with a dynamic (thus heartbeat) tunnel, AICCU sends a heartbeat every now and then to the PoP, this thus creates state in most NAT devices and thus allows the traffic to flow properly.
But this is not what is really your problem. As you can see from the tcpdump the PoP is sending you packets and they are reaching your 10.0.0.1 address as intended. But your endpoint seems to not want them.
Most likely you configured the source of the tunnel wrongly and thus your endpoint rejects it. Use something like:
ip tun change sixxs local 10.0.0.1
Where 'sixxs' is the tunnel device (could be sit0 for instance). This should fix your issue.
conversion from dynamic to static tunnel issues
Shadow Hawkins on Sunday, 23 October 2005 17:33:33
That worked Jeroen!
Thank you very much, i hope this works for someone else digging stuff up. :)
Wouter
Posting is only allowed when you are logged in. |