Lost 5 credits, why?
Shadow Hawkins on Monday, 21 April 2003 10:08:47
According to the log:
Tunnel endpoint 2001:960:2:2e::2 didn't ping for 1 day
But really nothing was wrong with my endpoint.
The graphs show 100% packetloss, which isn't correct in my opinion.
The tunnel has been up and running all the time.
How are these tests performed? Ping6?
When I tcpdump at the sixx interface I don't see any pings coming in.
Can someone please explain why I lost 5 credits while my tunnel was alive?
I don't think this is really fair ;(
Lost 5 credits, why?
Jeroen Massar on Thursday, 24 April 2003 11:32:20
Apparently your tunnel doesn't respond at all as it doesn't even receive the packets, did you configure it correctly ?
See the FAQ.
And your opinion doesn't matter as long as you don't have any proof ;)
Lost 5 credits, why?
Shadow Hawkins on Thursday, 24 April 2003 19:30:38
Well, the only tunneldowntime I had was last tuesday, but that was because of my provider.
Now I'm down to 0 credits, when will the tunnel be disabled? I really want to continue to use sixxs. I am already pinging my tunnel endpoint for a few days and everything looks well, I don't see any packetloss.
And yes, I did setup the tunnel the way it should. I copied and pasted the lines and inserted it in a script with a few changes. I really don't know what is wrong :-( and I have no proof :-(
Lost 5 credits, why?
Jeroen Massar on Friday, 25 April 2003 02:39:39
The graphs don't lie. If they do many other people start complaining so we'll notice and fix it ;)
The credits are mainly a very nice way of stopping people from requesting new tunnels and subnets even though they don't use/maintain them properly.
If someone uses it they typically want to keep it working. Thus they keep credits ;) If they are too easy with the tunnel and don't maintain it it costs credits and they can't request new ones. That's the clue.
As for the 'shutdown my tunnel' that will only happen in cases of abuse or gross neglectance ;)
Lost 5 credits, why?
Shadow Hawkins on Friday, 25 April 2003 19:13:45
Well, the graph looks good for the last few days, so I think I just have to wait.
Lost 5 credits, why?
Shadow Hawkins on Friday, 09 May 2003 09:41:10
Ok, I'm getting fed up now.
My tunnel is always up and working but every day I get an email which says I was down. I am already down to -25 credits. I really don't trust the cybercomm endpoint anymore and I want to switch, but I cannot since the graphs do lie!
I am continuously ping6'ing the cybercomm endpoint, no packetloss.
Lost 5 credits, why?
Shadow Hawkins on Sunday, 29 August 2004 22:11:03
i have lost credits aswell from 'tunnel down time' but i have been connecting out of my tunnel and i have even tried pinging my tunnel from a remote webserver not on sixxs and it pings fine but i still get emails saying its down.
all i wanna do is get one subnet with reverse dns delegation and then i wont care about the credits cus i wont use them after that.
i'm connected to the london pop
Lost 5 credits, why?
Jeroen Massar on Saturday, 10 May 2003 14:11:20
Odd that the graphs only lie for you.
You are right that you don't have any packetloss now, which is something that the graphs also indicate.
Let me guess, you have a NAT on the same machine the tunnel is terminated?
Search: Connection Tracking
(Hmmm handy that search option, good that somebody requested it :)
Lost 5 credits, why?
Shadow Hawkins on Saturday, 10 May 2003 18:13:09
Yes Jeroen, you are right about that. Thank you for pointing me at that!
But i've read the treads that were found, but I can't figure out why that's a problem. I allow everything on the gif0 interface and I do keep state:
in /etc/pf.conf:
# Allow traffic on our tunnel device
pass in quick on gif0 keep state
pass out quick on gif0 keep state
I will make this tighter later, I first want to ensure everything is working correctly. Should I remove the keep state keywords?
You were also right on NAT, but NAT is not used on that interface.
I sure have more trust in SixXS now ,I had lost my faith in my endpoint, but I think I was wrong about that. Sorry.
Lost 5 credits, why?
Shadow Hawkins on Sunday, 11 May 2003 16:28:12
You don't need the 'keep state' keywords.
You are allowing all incoming/outgoing packets, so keeping track of the connections is useless because packets are always able to pass the interface.
Lost 5 credits, why?
Carmen Sandiego on Saturday, 17 May 2003 01:34:19
<offtopic>Funny to see everyone write English while we'r all Dutch >:)</offtopic>
language
Shadow Hawkins on Saturday, 17 May 2003 07:18:34
it's just because there are other people, which aren't dutch.
Lost 5 credits, why?
Shadow Hawkins on Tuesday, 10 June 2003 12:09:57
That's true, but if I recall correctly, your links will die when you restart the ipfilter, and that's when the keep state comes in handy. When I /etc/rc.d/ipfilter restart without keep state, the links to, for example irc, will timeout and immediately reconnect.
Posting is only allowed when you are logged in. |