|
AYIYA tunnel not passing traffic
![[us]](/s/countries/us.gif) Shadow Hawkins on Sunday, 18 October 2009 21:48:55
Background:
* I'm behind ISP-provided NAT.
* I'm using OpenWRT 8.09.1 (aiccu config listed at the end)
Symptoms:
* aiccu test fails on step 6/8, pinging through the tunnel.
* tcpdump shows that udp packets to the POP port 5072 are going out, but no replies or ICMP errors are coming back.
* I can exchange UDP traffic on port 5072 with a host I control on the outside using netcat, so I doubt firewalls are the issues, unless the ISP is being really unpleasant and doing DPI for AYIYA packets.
/etc/config/aiccu:
config aiccu
option username'****'
option password'****'
option protocol''
option server''
option interface''
option tunnel_id'****'
option requiretls'1'
option defaultroute'1'
option nat'1'
option heartbeat'1'
The generated /var/run/aiccu-cfg02d164.conf:
username ****
password ****
tunnel_id ****
requiretls true
daemonize true
pidfile /var/run/aiccu-cfg02d164.pid
Any ideas where to look next?
AYIYA tunnel not passing traffic
Try the big orange box when posting to the forum, it points to the "Reporting Problems" section of the contact page...
AYIYA tunnel not passing traffic
Shadow Hawkins on Monday, 19 October 2009 00:36:43
Ok, contacted info@sixxs.net. Since it's probably on my end, I didn't want to bother the staff before the forums. For completeness, here's the additional info I sent there:
* Version AICCU 2007.01.15-console-linux from the OpenWRT repository
* Verbose output:
Tunnel Information for T15691:
POP Id : usqas01
IPv6 Local : 2001:4830:1600:155::2/64
IPv6 Remote : 2001:4830:1600:155::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
* As above, the box is behind a single layer of NAT that I can't control.
* OpenWRT 8.09.1, linux kernel 2.6.25.20
* `ip addr' output with tunnel up:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0f:66:bc:47:e0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:febc:47e0/64 scope link
valid_lft forever preferred_lft forever
3: eth0.0@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:0f:66:bc:47:e0 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:febc:47e0/64 scope link
valid_lft forever preferred_lft forever
4: eth0.1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
link/ether 00:0f:66:bc:47:e0 brd ff:ff:ff:ff:ff:ff
inet 10.2.24.19/24 brd 10.2.24.255 scope global eth0.1
inet6 fe80::20f:66ff:febc:47e0/64 scope link
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
link/ether 00:0f:66:bc:47:e0 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
inet6 2001:4830:169c:1::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::e81b:daff:fea6:4697/64 scope link
valid_lft forever preferred_lft forever
6: sit0: <NOARP> mtu 1480 qdisc noop state DOWN
link/sit 0.0.0.0 brd 0.0.0.0
13: aiccu: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1428 qdisc pfifo_fast state UNKNOWN qlen 500
link/[65534]
inet6 2001:4830:1600:155::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4830:1600:155:2/64 scope link
valid_lft forever preferred_lft forever
The external interface is eth0.1.
* The iptables ruleset is really long, but it specifically allows udp packets from 66.117.47.228 port 5072.
* v4 routing table:
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
10.2.24.0/24 dev eth0.1 proto kernel scope link src 10.2.24.19
default via 10.2.24.1 dev eth0.1
* v6 routing table:
2001:4830:1600:155::/64 dev aiccu metric 256 expires 21334204sec mtu 1428 advmss 1368 hoplimit 4294967295
2001:4830:169c:1::/64 dev br-lan metric 256 expires 19519542sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 19519535sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.0 metric 256 expires 19519535sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev br-lan metric 256 expires 19519536sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth0.1 metric 256 expires 19519538sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev aiccu metric 256 expires 21334204sec mtu 1428 advmss 1368 hoplimit 4294967295
default via 2001:4830:1600:155::1 dev aiccu metric 1024 expires 21334204sec mtu 1428 advmss 1368 hoplimit 4294967295
* Traceroute:
traceroute to 66.117.47.228 (66.117.47.228), 30 hops max, 38 byte packets
1 10.2.24.1 (10.2.24.1) 2.520 ms 3.104 ms 2.946 ms
2 67.233.102.129 (67.233.102.129) 39.951 ms 44.409 ms 40.140 ms
3 65.173.90.17 (65.173.90.17) 40.324 ms 40.673 ms 41.835 ms
4 4.79.18.209 (4.79.18.209) 53.723 ms 52.475 ms 51.082 ms
5 4.68.17.5 (4.68.17.5) 236.776 ms 207.423 ms 203.059 ms
6 4.79.169.26 (4.79.169.26) 86.018 ms 212.713 ms 245.140 ms
7 209.222.144.164 (209.222.144.164) 54.783 ms 54.144 ms 52.495 ms
8 66.117.47.228 (66.117.47.228) 54.199 ms 53.676 ms 53.188 ms
|
![[ch]](/s/countries/ch.gif)
on Sunday, 18 October 2009 23:21:29
Posting is only allowed when you are