tunnel not up after reconnect (ayiya with aiccu)
Shadow Hawkins on Tuesday, 22 September 2009 14:37:10
Hello,
I have an ayiya tunnel, running with aiccu on debian. The system is behind a nat firewall which is on a different machine. My ISP uses the glorious 24h disconnect.
After such a disconnect, my tunnel does not come back up. Only a manual restart of aiccu helps to have connectivity again.
I have no clue how to solve this issue. Is there anyone with an idea?
Any help would be appreciated.
Thanks in advance.
Greetings,
Leo
tunnel not up after reconnect (ayiya with aiccu)
Jeroen Massar on Tuesday, 22 September 2009 16:27:49
What platform, versions, interface and routing tables, NATs etc etc etc etc are involved?
Can't have an idea if you can't provide any details.
tunnel not up after reconnect (ayiya with aiccu)
Shadow Hawkins on Tuesday, 22 September 2009 16:48:08
Aiccu is running on Debian Lenny with 2.6.27.5 xen-kernel. The firewall is Endian Firewall 2.2 running with 2.6.18 xen-kernel. Both machines are located on a xen system (xen 3.2) where the debian system is the domain0 (host). Endian Firewall is a domainU (guest).
I have configured port forwarding (in- and outbound) on the firewall to the hostsystem for the ports specified in the FAQ (with destination nat, source nat would also be possible).
The ipv6 interface provided by aiccu is just a local interface, there are no other hosts in the network involved. So theres just the default route created by aiccu (ipv6 related, of course there is an ipv4 default route to the firewall).
I got aiccu directly from the debian repositories (version "AICCU 2007.01.15-console-linux by Jeroen Massar"). Is there any other software you need some version statement?
Other things that are missing?
tunnel not up after reconnect (ayiya with aiccu)
Shadow Hawkins on Tuesday, 22 September 2009 16:49:41
I forgot to add: ipv4 networking is up and running great on all hosts in the network. ipv6 is, for now, just used on the hostsystem I mentioned. It runs great except for the connectivity loss when there is a reconnect.
tunnel not up after reconnect (ayiya with aiccu)
Jeroen Massar on Tuesday, 22 September 2009 16:51:00 Other things that are missing?
See the big orange box with a reference to the contact page which has the full list.
Just summing up "So theres just the default route" doesn't mean anything, especially as IPv6 already has several other routes which should also be present.
Of course, you should also have looked already quite some time ago at firewall logs and tcpdumped the connection to see where packets go missing or not.
tunnel not up after reconnect (ayiya with aiccu)
Shadow Hawkins on Tuesday, 22 September 2009 16:59:46
I have a tunnel since 2 days so the first logical thing to ask for help with this problem was to write to this forum. Perhaps this is a known problem or it's not even possible for aiccu to restart the tunnel on its own.
I'm going to collect the data as stated on the reporting problems list, but if I include full firewall tables this might get a little bit long.
tunnel not up after reconnect (ayiya with aiccu)
Jeroen Massar on Tuesday, 22 September 2009 17:08:43 ... to ask for help with this problem was to write to this forum.
Which is the proper place. The list is just on the contact page as that is a central location.
Perhaps this is a known problem or it's not even possible for aiccu to restart the tunnel on its own.
There is no need for 'restarting' tunnels. Static tunnels are static, and thus would not change. Heartbeat tunnels are made for IP address changes and AYIYA even more so.
... but if I include full firewall tables this might get a little bit long.
Instead of using your huge firewall, why not try without a firewall at all?
Also, tcpdump should be able to give you quite a good view of what is happening.
Perhaps this is a known problem or it's not even possible for aiccu to restart the tunnel on its own.
If the local IP stays the same all should keep on working. If the IP changes, then there are a few situations where it will break depending on kernel.
If you firewall the wrong things it wil
Posting is only allowed when you are logged in. |