SixXS::Sunset 2017-06-06

Tunnel does not ping from outside
[nl] Shadow Hawkins on Sunday, 19 December 2010 13:44:16
Last week I set up my first tunnel. Web browsing works fine, I can see the dancing turtle, I can access IPV6 only websites etc, etc. I can ping both tunnel ends from my side. The problem is that I can not be pinged from the outside. When someone tries to ping me, this is the typical result:
$ ping6 test6.vlist.eu PING test6.vlist.eu(cl-938.ede-01.nl.sixxs.net) 56 data bytes From nlede01.sixxs.net icmp_seq=1 Destination unreachable: No route From nlede01.sixxs.net icmp_seq=2 Destination unreachable: No route From nlede01.sixxs.net icmp_seq=3 Destination unreachable: No route From nlede01.sixxs.net icmp_seq=4 Destination unreachable: No route From nlede01.sixxs.net icmp_seq=5 Destination unreachable: No route ^C --- test6.vlist.eu ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4007ms $ traceroute6 test6.vlist.eu traceroute to test6.vlist.eu (2001:7b8:2ff:3a9::2), 30 hops max, 80 byte packets 1 xxxxxx (xxxxx) 0.513 ms 0.493 ms 0.504 ms 2 xxxxx-1.tunnel.tserv11.ams1.ipv6.he.net (xxxxxxxx::1) 30.616 ms 35.772 ms 40.637 ms 3 gige-g2-20.core1.ams1.he.net (2001:470:0:7d::1) 41.369 ms 41.447 ms 43.030 ms 4 amsix-501.xe-0-0-0.jun1.bit-1.network.bit.nl (2001:7f8:1::a501:2859:2) 43.031 ms 43.017 ms 43.165 ms 5 nlede01.sixxs.net (2001:7b8:3:4f:202:b3ff:fe46:bec) 43.827 ms !N 43.898 ms !N 43.512 ms !N
Frankly I do not even know if this is a problem or if this is normal behavior. Any ideas?
Tunnel does not ping from outside
[ch] Jeroen Massar SixXS Staff on Sunday, 19 December 2010 16:06:25
Did you see that big orange box with the exclamation mark? It points to a list of items that you should provide. It looks to me though that you are not using the SixXS tunnel at all. The "no route" part indicates that the tunnel is not active at the PoP. If you can provide all the local data as requested in the 'reporting problems' list then folks might be able to help you out.
Tunnel does not ping from outside
[nl] Shadow Hawkins on Sunday, 19 December 2010 20:46:45
Ok, here is relevant information: My name: Michiel van der Vlist My handle: MVDV4-SIXXS Tunnel ID: T48581 Tunnel Type: AYIYA POP: NLEDE01 Tunnel IP address: 2001:7b8:2ff:3a9::1, 2001:7b8:2ff:3a9::2 OS: Windows XP SP3, German version ISP: Ziggo NAT type: cone, IPv4 address 83.82.236.56 The tunnel is operational. When I surf to sixxs it tels me:
You've got IPv6! Check out Cool IPv6 Stuff! 2001:7b8:2ff:3a9::2
Same when I go to http://test-ipv6.com/
Tunnel does not ping from outside
[ch] Jeroen Massar SixXS Staff on Monday, 20 December 2010 21:34:07
And what does a full traceroute show?
Tunnel does not ping from outside
[nl] Shadow Hawkins on Tuesday, 21 December 2010 14:12:49
This:
$ traceroute6 test6.vlist.eu traceroute to test6.vlist.eu (2001:7b8:2ff:3a9::2), 30 hops max, 80 byte packets 1 xxxxxx (xxxxx) 0.513 ms 0.493 ms 0.504 ms 2 xxxxx-1.tunnel.tserv11.ams1.ipv6.he.net (xxxxxxxx::1) 30.616 ms 35.772 ms 40.637 ms 3 gige-g2-20.core1.ams1.he.net (2001:470:0:7d::1) 41.369 ms 41.447 ms 43.030 ms 4 amsix-501.xe-0-0-0.jun1.bit-1.network.bit.nl (2001:7f8:1::a501:2859:2) 43.031 ms 43.017 ms 43.165 ms 5 nlede01.sixxs.net (2001:7b8:3:4f:202:b3ff:fe46:bec) 43.827 ms !N 43.898 ms !N 43.512 ms !N
But it may not be a routing problem after all. The tunnel times out for incoming after 2 minutes. When I provoke some IPv6 activity, e.g. by running the test at test-ipv6.com, my end of the tunnel is pingable, among others from the leaseweb looking glass:
Router: SBP R1 Command: ping ipv6 2001:7b8:2ff:3a9::2 Sending 5, 100-byte ICMP Echos to 2001:7B8:2FF:3A9::2, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 16/16/16 ms
It remains pingable for as long as there is IPv6 activity. When there is no IPv6 activity for two minutes, the tunnel closes for incoming trafic and my end is no longer pingable until some outgoing IPv6 activity is initiated again.
Router: SBP R1 Command: ping ipv6 2001:7b8:2ff:3a9::2 Sending 5, 100-byte ICMP Echos to 2001:7B8:2FF:3A9::2, timeout is 2 seconds: ..... Success rate is 0 percent (0/5)
I tried: 1) Disabling the firewall. No success. 2) Bypassing my home router. No succes. ISP: Ziggo Cable modem: Motorola SBV5121E
Tunnel does not ping from outside
[ch] Jeroen Massar SixXS Staff on Tuesday, 21 December 2010 15:32:13
See the FAQ about NAT and connection tracking...
Tunnel does not ping from outside
[nl] Shadow Hawkins on Thursday, 23 December 2010 00:36:43
I went through the FAQ again, but found nothing relevant to my problem. In the meantime I have established that it is not a NAT problem - by physically bypassing it - and that it is not a firewall problem - by temporarely disabeling it. It is also not a clock sync problem. Clock is set to CET+1 and sync to nl.pool.ntp.org. The tunnel times out after two minutes of no activity. It is reproducible to the second. I would have thought the AYIYA heartbeat takes care of that, but it appears I am mistaken. So... I have found a workaround by setting up a robot that pings the sixxs end of my tunnel every minute, Now it stays open. I realise it is a kludge. But then the whole concept over IPv6 over IPv4 tunneling is a kludge isn't it. ;)
Tunnel does not ping from outside
[us] Shadow Hawkins on Monday, 20 December 2010 14:45:32
It almost looks like a routing issue...what sort of firewalling are you doing? C:\Users\cholzhauer>tracert 2001:7b8:2ff:3a9::2 Tracing route to cl-938.ede-01.nl.sixxs.net [2001:7b8:2ff:3a9::2] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:470:c27d:d000:2e0:81ff:fe79:f4c4 2 286 ms 298 ms 361 ms servicespring-1.tunnel.tserv9.chi1.ipv6.he.net [2001:470:1f10:2aa::1] 3 86 ms 127 ms 77 ms gige-g3-4.core1.chi1.he.net [2001:470:0:6e::1] 4 166 ms 156 ms 206 ms 10gigabitethernet2-4.core1.nyc4.he.net [2001:470:0:4e::2] 5 147 ms 149 ms 160 ms 10gigabitethernet1-2.core1.lon1.he.net [2001:470:0:3e::2] 6 143 ms 148 ms 147 ms 10gigabitethernet1-1.core1.ams1.he.net [2001:470:0:3f::2] 7 146 ms 145 ms 144 ms amsix-501.xe-0-0-0.jun1.bit-1.network.bit.nl [2001:7f8:1::a501:2859:2] 8 Destination net unreachable. Trace complete.
Tunnel does not ping from outside
[nl] Shadow Hawkins on Monday, 20 December 2010 21:33:15
It almost looks like a routing issue...what sort of firewalling are you doing?
Yes, it looks like a routing issue. I use Windows XP's internal firewall. I have ICMP PING enabled under the exceptions. When it would be a firewall problem, I would expect a "time out" rather than a "no route".

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker