Subnet setup needs help
Shadow Hawkins on Tuesday, 18 January 2011 17:14:07
I always hate asking for help, but this time I could really use it. I know a couple of areas I might have screwed up, but need confirmation.
Network Setup (PNG)
The fedora machine host AICCU, which is letting me ping and access IPv6 sites correctly.
I then requested a subnet, and added radvd to the system according to these directions: http://www.sixxs.net/wiki/Installing_a_Subnet (#2,3,4) and https://www.sixxs.net/faq/connectivity/?faq=usingsubnet&os=linux.router
My sixxs interface has an IP address of:
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:4830:1600:26b::2/64 Scope:Global
inet6 addr: fe80::4830:1600:26b:2/64 Scope:Link
My eth0 interface has a IP address of:
inet addr:192.168.2.10 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0f:8d52/64 Scope:Link
inet6 addr: 2001:4830:1600:26b::3/48 Scope:Global
radvd is set as:
interface eth0
{
AdvSendAdvert on;
prefix 2001:4830:1692::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
Now, my PCs have IPv6 addresses, but no connectivity to access IPv6 sites.
Here is one ipconfig /all from my laptop:
IPv6 Address. . . . . . . . . . . : 2001:4830:1692:0:d41b:3827:22cb:5ef9(Preferred)
Temporary IPv6 Address. . . . . . : 2001:4830:1692:0:48f2:b473:c48:ca43(Preferred)
Link-local IPv6 Address . . . . . : fe80::d41b:3827:22cb:5ef9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 2001:4830:1600:26b::2
fe80::a00:27ff:fe0f:8d52%11
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 2001:4830:1600:26b::2
192.168.2.1
What I notice is, my tunnel is 2001:4830:1600:26b, whereas my subnet is 2001:4830:1692. So...
1) I figure I may have set up the eth0 interface wrong (2001:4830:1600 needs to be 2001:4830:1692...)
2) I've misconfigured something in radvd
3) I'm missing something with the gateway?
Additional info:
Most of the PCs are Windows7 (actually, any Windows pc here is), but I also have one Fedora laptop as well. Has a IPv6 address of the correct subnet (2001:4830:1692...) but also no connectivity.
Many thanks in advance.
Subnet setup needs help
Shadow Hawkins on Monday, 17 January 2011 18:08:55
You need to change your router to have a correct IPv6 address, in your assigned prefix.
So the eth0 IP address should indeed be 2001:4830:1692:x
I assume you already set ipv6 forwarding to yes.
Radvd seems to be configured correct.
Subnet setup needs help
Shadow Hawkins on Monday, 17 January 2011 19:32:13
Thanks Jacco! Ok, I did that. My eth0 interface is now "inet6 addr: 2001:4830:1692::3/64 Scope:Global"
Unfortunatley, this turns up (on the host with Sixxs)...
[root@fedora14vm ~]# ping6 ipv6.google.com
PING ipv6.google.com(iad04s01-in-x93.1e100.net) 56 data bytes
From fedora14vm icmp_seq=2 Destination unreachable: Address unreachable
From fedora14vm icmp_seq=3 Destination unreachable: Address unreachable
From fedora14vm icmp_seq=4 Destination unreachable: Address unreachable
^C
--- ipv6.google.com ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3005ms
Same on the windows machine., Destination unreachable.
And yes, ipv6 forwarding is on. Anything else I can provide to help diagnose it?
Subnet setup needs help
Shadow Hawkins on Tuesday, 18 January 2011 14:27:05
I can ping your side of the tunnel, so the tunnel is up. If you've lost connectivity since you changed the IP on eth0, check your routing tables.
Subnet setup needs help
Shadow Hawkins on Tuesday, 18 January 2011 17:13:14
Ok, well first you might want to divide your prefix a bit better by adding a subnet, something like
2001:4830:1692:1::/64 as a normal /64 subnet, and then start assigning hosta from there like your router could be 2001:4830:1692:1::1, your prefix gives you usuable subnets from 2001:4830:1692:0::/64 all the way to 2001:4830:1692:ffff::/64, or more then 65.000 possible subnets :)
Anyway, you don't seem to be able to ping from your router as well ?
Can you ping both tunnelendpoints from the router. Try running aiccu test and see what's going on. Also issue a ip -6 route and see if the tun device (your tunnel) has any associated routes (it should).
You can also use route -6 as alternative.
this command should show ::/0 2001:4830:1600:26b::1 tunx which is the default route for external internet so to speak, it should also show:
2001:4830:1600:26b::/64 :: tunx
Subnet setup needs help
Shadow Hawkins on Tuesday, 18 January 2011 14:24:05
Just to clarify...there are no subnets in a /64. A /64 is as small as you want to go. A /64 is one subnet. That one subnet contains 16 quintillion addresses
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 04:18:57
Ok before I make any changes, since you two disagree (ps, 0000 is a valid subnet :p)
On the router:
aiccu test - nothing appears when I run that command when AICCU is running. If I do a "aiccu stop", then the test runs, but of course would cause a failure at step 6. Bug in the fedora version of AICCU???
With AICCU stopped...
[root@fedora14vm ~]# aiccu stop
[root@fedora14vm ~]# aiccu test
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.2.10)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 192.168.2.10 (192.168.2.10) 56(84) bytes of data.
64 bytes from 192.168.2.10: icmp_req=1 ttl=64 time=0.592 ms
64 bytes from 192.168.2.10: icmp_req=2 ttl=64 time=0.284 ms
64 bytes from 192.168.2.10: icmp_req=3 ttl=64 time=0.440 ms
--- 192.168.2.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.284/0.438/0.592/0.128 ms
######
Did this work? [Y/n] y
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (66.117.47.228)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 66.117.47.228 (66.117.47.228) 56(84) bytes of data.
64 bytes from 66.117.47.228: icmp_req=1 ttl=52 time=28.9 ms
64 bytes from 66.117.47.228: icmp_req=2 ttl=52 time=17.8 ms
64 bytes from 66.117.47.228: icmp_req=3 ttl=52 time=22.0 ms
--- 66.117.47.228 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 17.853/22.929/28.909/4.561 ms
######
Did this work? [Y/n] y
####### [3/8] Traceroute to the PoP (66.117.47.228) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 66.117.47.228 (66.117.47.228), 30 hops max, 60 byte packets
1 192.168.2.1 (192.168.2.1) 0.864 ms 0.602 ms 0.716 ms
2 10.230.0.1 (10.230.0.1) 60.554 ms 29.956 ms 34.367 ms
3 173-219-247-46-link.sta.suddenlink.net (173.219.253.46) 34.056 ms 33.488 ms 33.002 ms
4 173-219-247-222-link.sta.suddenlink.net (173.219.253.222) 32.486 ms 32.129 ms 173-219-247-253-link.sta.suddenlink.net (173.219.253.253) 31.691 ms
5 ashbosr01-10gex1-3.atw.sta.suddenlink.net (66.76.219.33) 39.129 ms 38.465 ms 37.112 ms
6 ashbosr03-10gex1-1.atw.sta.suddenlink.net (66.76.219.34) 35.430 ms 28.783 ms 26.959 ms
7 s66-76-219-170.ltrkar.lr.sta.suddenlink.net (66.76.219.170) 26.235 ms 32.237 ms 33.898 ms
8 209.222.130.107 (209.222.130.107) 32.713 ms 30.869 ms 31.105 ms
9 iad0-sixxs.hotnic.net (66.117.47.228) 31.038 ms 30.748 ms 29.695 ms
######
Did this work? [Y/n] y
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=1.57 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.557 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.292 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 0.292/0.806/1.570/0.551 ms
######
Did this work? [Y/n] y
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:4830:1600:26b::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2001:4830:1600:26b::2(2001:4830:1600:26b::2) 56 data bytes
64 bytes from 2001:4830:1600:26b::2: icmp_seq=1 ttl=64 time=0.264 ms
64 bytes from 2001:4830:1600:26b::2: icmp_seq=2 ttl=64 time=0.471 ms
64 bytes from 2001:4830:1600:26b::2: icmp_seq=3 ttl=64 time=0.472 ms
--- 2001:4830:1600:26b::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.264/0.402/0.472/0.099 ms
######
Did this work? [Y/n] y
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:4830:1600:26b::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
PING 2001:4830:1600:26b::1(2001:4830:1600:26b::1) 56 data bytes
--- 2001:4830:1600:26b::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2006ms
######
Did this work? [Y/n] n
ip -6 route
2001:4830:1600:26b::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
2001:4830:1692::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
default via 2001:4830:1600:26b::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 0
default dev eth0 proto static metric 1024 mtu 1500 advmss 1440 hoplimit 0
ifconfig
[root@fedora14vm ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0F:8D:52
inet addr:192.168.2.10 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0f:8d52/64 Scope:Link
inet6 addr: 2001:4830:1692::3/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:132255 errors:0 dropped:0 overruns:0 frame:0
TX packets:21761 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:36747745 (35.0 MiB) TX bytes:2705685 (2.5 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3376 (3.2 KiB) TX bytes:3376 (3.2 KiB)
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:4830:1600:26b::2/64 Scope:Global
inet6 addr: fe80::4830:1600:26b:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:2161 errors:0 dropped:0 overruns:0 frame:0
TX packets:1939 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:998361 (974.9 KiB) TX bytes:209118 (204.2 KiB)
Ping tunnel endpoints (:1 & :2)
ping6 2001:4830:1600:26b::1
PING 2001:4830:1600:26b::1(2001:4830:1600:26b::1) 56 data bytes
64 bytes from 2001:4830:1600:26b::1: icmp_seq=1 ttl=64 time=23.4 ms
64 bytes from 2001:4830:1600:26b::1: icmp_seq=2 ttl=64 time=21.7 ms
64 bytes from 2001:4830:1600:26b::1: icmp_seq=3 ttl=64 time=35.7 ms
^C
--- 2001:4830:1600:26b::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2006ms
rtt min/avg/max/mdev = 21.723/26.963/35.753/6.256 ms
******************************************************
ping6 2001:4830:1600:26b::2
PING 2001:4830:1600:26b::2(2001:4830:1600:26b::2) 56 data bytes
64 bytes from 2001:4830:1600:26b::2: icmp_seq=1 ttl=64 time=4.45 ms
64 bytes from 2001:4830:1600:26b::2: icmp_seq=2 ttl=64 time=0.362 ms
64 bytes from 2001:4830:1600:26b::2: icmp_seq=3 ttl=64 time=0.290 ms
^C
--- 2001:4830:1600:26b::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 0.290/1.700/4.450/1.944 ms
From PC:
Ping local tunnel endpoint (2001:4830:1600:26b::2)
Pinging 2001:4830:1600:26b::2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 2001:4830:1600:26b::2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Ping fedora eth0 (2001:4830:1692::3)
Pinging 2001:4830:1692::3 with 32 bytes of data:
Reply from 2001:4830:1692::3: time=21ms
Reply from 2001:4830:1692::3: time=1ms
Reply from 2001:4830:1692::3: time<1ms
Reply from 2001:4830:1692::3: time=1ms
Ping statistics for 2001:4830:1692::3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 21ms, Average = 5ms
PC Interface summary (ipconfig /all)
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-14-0B-0B-10-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:4830:1692:0:d41b:3827:22cb:5ef9(Preferred)
Temporary IPv6 Address. . . . . . : 2001:4830:1692:0:59e2:7568:fc3a:f9c0(Preferred)
Link-local IPv6 Address . . . . . : fe80::d41b:3827:22cb:5ef9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 18, 2011 7:14:09 AM
Lease Expires . . . . . . . . . . : Saturday, February 25, 2147 4:37:56 AM
Default Gateway . . . . . . . . . : 2001:4830:1600:26b::2
fe80::a00:27ff:fe0f:8d52%11
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
The only thing I can think is it isn't routing correctly from the subnet 2001:4830:1692... to my tunnel 2001:4830:1600...
Is it a gateway issue? ipv6 forwarding is enabled.
cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 0
# Controls source route verification
net.ipv4.conf.default.rp_filter = 1
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
#ipv6
net.ipv6.conf.all.forwarding = 1
Subnet setup needs help
Jeroen Massar on Wednesday, 19 January 2011 05:12:32 If I do a "aiccu stop", then the test runs, but of course would cause a failure at step 6.
Why would that be? 'aiccu test' starts the tunnel etc during the test thus that should work.
Default Gateway . . . . . . . . . : 2001:4830:1600:26b::2 fe80::a00:27ff:fe0f:8d52%11
You really need to remove 2001:4830:1600:26b::2, then it might even work.
Try a 'netsh int ipv6 reset', which might reset your stack for this, or otherwise try to use netsh to remove the route manually.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 17:39:13
Is there a tunnel timeout period or something?
I have aiccu running (aiccu start). Able to ping successfully ipv6.google.com, which shows that the local, distant tunnel endpoints are working, and connectitivity past that.
I issue aiccu stop, then aiccu test. ifconfig (in another terminal) confirms the sixxs interface is up.
Ping to local endpoint works
Ping to distand endpoint fails
Been messing with this for a hour or so now...
I issued aiccu start.
Pings to local endpoint works.
After some time (2-3 minutes), pings to distant endpoint works.
Pings to any ipv6 site fail.
After 2-3 more minutes, volia, pings to ipv6.google.com suceed.
That's why I think aiccu test isn't quite right. I can do all of the steps manually and it's good (via aiccu start) and it's better.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 14:42:39
I would agree that 0000 is a valid subnet
However, 2001:db8:1234:: is a /48. That lets you change the 4th group from 0 to ffff, giving you 64k subnets
2001:db8:1234:1:: is a /64. You can not change the fourth group in a /64.
Subnet setup needs help
Jeroen Massar on Wednesday, 19 January 2011 14:51:53 However, 2001:db8:1234:: is a /48 [..] 2001:db8:1234:1:: is a /64
No, 2001:db8:1234:: and 2001:db8:1234:1:: are per definition both /128.
Now if you 2001:db8:1234::/48 or 2001:db8:1234::/64 then it is either a /48 or a /64 or heck 2001:db8:1234::/120 a /120. Without a prefix length though it is always a /128.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 11:21:57
Yes, remove the default gateway pointing to the tunnelendpoint, as your PC won't have a direct route to it (which is obvious from the failed ping attemtp to it). That leaves the default gateway pointing to the link local address of Eth0 on the fedora machine, which your win7 machine does have a valid route to.
I assume you added this manually, as RA would only advertise the link local address of Eth0.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 11:27:57
Sorry for second message, apart from the gateway remove on Windows,
get rid of:
default dev eth0 proto static metric 1024 mtu 1500 advmss 1440 hoplimit 0
on your fedora box, that should fix it.
I compared the routes to one of mine machines, and that default route to eth0 is absent on my box, also you indeed seem to be unable to ping the tunnel endpoint ::1 from your fedora box.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 17:45:28
Ok before any changes:
From Fedora (router)
Pinging local tunnel endpoint 2001:4830:1600:26b::2 suceeded
Pinging distant tunnel endpoint 2001:4830:1600:26b::1 worked
Pinging ipv6.google.com failed.
Now changes:
Removed "2001:4830:1600:26b::2" from my pc using "netsh int ipv6 reset" (and rebooted)
Things changed on Fedora (router)
/etc/radvd.conf
changed prefix 2001:4830:1692::/64 -->to--> prefix 2001:4830:1692:1::/64 (a proper subnet...?)
interface eth0
{
AdvSendAdvert on;
prefix 2001:4830:1692:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
Removed route using the command "ip -6 route del default dev eth0"
ip -6 route
2001:4830:1600:26b::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
2001:4830:1692::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
default via 2001:4830:1600:26b::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 0
Pinged ipv6.google.com from fedora, now suceeding.
Ran "aiccu stop", then "aiccu test"... and... guess what? Failed at step 6.
Here's what I figured out. There must be some delay in restarting a tunnel because:
On start, pings to local endpoint work, distant fail, google fails.
After 2-3 minutes (I think), pings to distant endpoint start working, google still fails.
After 2-5 more minutes, pings to ipv6.google.com work!
---------------------
All that aside... the removal of the route and changing the subnet seem to have fixed it. My computers are connecting to ipv6 sites now! Huzzah!
Jacco, Jeroen, thank you for the help! Maybe I'll be able to learn this and soon help you both on the forums too. Need to understand this better first though.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 19:18:00
And then it stopped after a half hour. Investigating.
Subnet setup needs help
Shadow Hawkins on Wednesday, 19 January 2011 20:51:51
Something on the PoP (usqas01). I have two tunnels connected to it, from two different cities 100mi apart and both are suddenly having loss, when I haven't had any in the last week.
Will wait it out and report back. I can ping the tunnel ends, but nothing beyond that.
Subnet setup needs help
Jeroen Massar on Wednesday, 19 January 2011 21:07:41
Where are the traceroutes, the routing table outputs, the interface configurations etc etc etc etc?
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 02:13:00
Sorry sorry! I didn't post them for two reasons. One, it stopped working on my PC suddenly. I mean one moment I was on ipv6.google.com & whatismyipv6.com (confirming it was working), and just suddenly cut out while I was out of the room. When I checked my sixxs home page, I noted both tunnels (here: 2xxxx and back home in raleigh 4xxxx), both were suddenly reporting loss where none had been seen before. Tried rebooting, restarted the tunnel, waited.
Anyway...
I found the one route was back on the fedora machine. Deleted that, can ping ipv6.google.com again from fedora.
On pc, can ping ipv6.google.com, but can't access the website (or any other ipv6 site...). UGH. I feel like I'm being a pain :(
PC ipconfig
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : Belkin
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-14-0B-0B-10-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:4830:1692:1:d41b:3827:22cb:5ef9(Preferred)
Temporary IPv6 Address. . . . . . : 2001:4830:1692:1:812e:18f:75a9:d419(Preferred)
Link-local IPv6 Address . . . . . : fe80::d41b:3827:22cb:5ef9%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.12(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, January 19, 2011 7:49:33 PM
Lease Expires . . . . . . . . . . : Sunday, February 26, 2147 2:26:29 AM
Default Gateway . . . . . . . . . : fe80::a00:27ff:fe0f:8d52%11
192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
PC route
Fedora route
ip -6 route
2001:4830:1600:26b::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
2001:4830:1692:1:812e:18f:75a9:d419 via 2001:4830:1692:1:812e:18f:75a9:d419 dev eth0 metric 0
cache mtu 1500 advmss 1440 hoplimit 0
2001:4830:1692:1::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
default via 2001:4830:1600:26b::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 0
Fedora Pings (local endpoint, distand endpoint, ipv6google, traceroute6 ipv6google
ping6 -c 3 2001:4830:1600:26b::2;ping6 -c 3 2001:4830:1600:26b::1; ping6 -c 3 ipv6.google.com; traceroute6 ipv6.google.com
PING 2001:4830:1600:26b::2(2001:4830:1600:26b::2) 56 data bytes
64 bytes from 2001:4830:1600:26b::2: icmp_seq=1 ttl=64 time=0.367 ms
64 bytes from 2001:4830:1600:26b::2: icmp_seq=2 ttl=64 time=0.475 ms
64 bytes from 2001:4830:1600:26b::2: icmp_seq=3 ttl=64 time=0.538 ms
--- 2001:4830:1600:26b::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 0.367/0.460/0.538/0.070 ms
PING 2001:4830:1600:26b::1(2001:4830:1600:26b::1) 56 data bytes
64 bytes from 2001:4830:1600:26b::1: icmp_seq=1 ttl=64 time=22.0 ms
64 bytes from 2001:4830:1600:26b::1: icmp_seq=2 ttl=64 time=21.0 ms
64 bytes from 2001:4830:1600:26b::1: icmp_seq=3 ttl=64 time=22.1 ms
--- 2001:4830:1600:26b::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2007ms
rtt min/avg/max/mdev = 21.053/21.749/22.130/0.507 ms
PING ipv6.google.com(iad04s01-in-x68.1e100.net) 56 data bytes
64 bytes from iad04s01-in-x68.1e100.net: icmp_seq=1 ttl=58 time=26.4 ms
64 bytes from iad04s01-in-x68.1e100.net: icmp_seq=2 ttl=58 time=24.2 ms
64 bytes from iad04s01-in-x68.1e100.net: icmp_seq=3 ttl=58 time=32.5 ms
--- ipv6.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
rtt min/avg/max/mdev = 24.268/27.735/32.511/3.490 ms
traceroute to ipv6.google.com (2001:4860:800f::68), 30 hops max, 80 byte packets
1 gw-620.qas-01.us.sixxs.net (2001:4830:1600:26b::1) 19.880 ms 39.882 ms 37.460 ms
2 sixxs-gw.hotnic.us.occaid.net (2001:4830:e6:7::1) 35.532 ms 33.578 ms 31.932 ms
3 * * *
4 2001:4860::1:0:9ff (2001:4860::1:0:9ff) 24.825 ms 23.571 ms 74.998 ms
5 2001:4860:0:1::14d (2001:4860:0:1::14d) 33.533 ms 32.008 ms 29.178 ms
6 iad04s01-in-x68.1e100.net (2001:4860:800f::68) 25.461 ms 21.470 ms 24.366 ms
Fedora interface config
ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:0F:8D:52
inet addr:192.168.2.10 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe0f:8d52/64 Scope:Link
inet6 addr: 2001:4830:1692:1::3/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:18787 errors:0 dropped:0 overruns:0 frame:0
TX packets:4090 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1975759 (1.8 MiB) TX bytes:470662 (459.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:60 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7512 (7.3 KiB) TX bytes:7512 (7.3 KiB)
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:4830:1600:26b::2/64 Scope:Global
inet6 addr: fe80::4830:1600:26b:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:401 errors:0 dropped:0 overruns:0 frame:0
TX packets:413 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:45016 (43.9 KiB) TX bytes:38920 (38.0 KiB)
PC Routes
===========================================================================
Interface List
12...00 c0 a8 d4 41 90 ......Atheros AR5006EG Wireless Network Adapter
11...00 14 0b 0b 10 80 ......NVIDIA nForce Networking Controller
18...08 00 27 00 c0 e5 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
24...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 276 ::/0 fe80::a00:27ff:fe0f:8d52
1 306 ::1/128 On-link
11 28 2001:4830:1692:1::/64 On-link
11 276 2001:4830:1692:1:812e:18f:75a9:d419/128
On-link
11 276 2001:4830:1692:1:d41b:3827:22cb:5ef9/128
On-link
18 276 fe80::/64 On-link
11 276 fe80::/64 On-link
18 276 fe80::9804:f50a:9540:c3da/128
On-link
11 276 fe80::d41b:3827:22cb:5ef9/128
On-link
1 306 ff00::/8 On-link
18 276 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
PC Traceroute to ipv6.google.com
Tracing route to ipv6.l.google.com [2001:4860:800f::93]
over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 2001:4830:1692:1::3
2 25 ms 58 ms 38 ms gw-620.qas-01.us.sixxs.net [2001:4830:1600:26b::1]
3 48 ms 31 ms 21 ms sixxs-gw.hotnic.us.occaid.net [2001:4830:e6:7::1]
4 28 ms 42 ms 29 ms pr61.iad07.net.google.com [2001:504:0:2:0:1:5169:1]
5 32 ms 29 ms 44 ms 2001:4860::1:0:9ff
6 59 ms 33 ms 35 ms 2001:4860:0:1::14f
7 41 ms 23 ms 24 ms iad04s01-in-x93.1e100.net [2001:4860:800f::93]
Trace complete.
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 03:10:35
Do you have a firewall running on your fedora box ?
You can ping, but cannot browse the web, as if the reply from the server is being blocked.
Just a wild guess though, the routing should be fine, if you can ping.
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 03:21:54
Nothing more that what is OOBE, plus a minor change to ip6tables
cat /etc/sysconfig/ip6tables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p ipv6-icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m udp -p udp --dport 3740 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3874 -j ACCEPT
##-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
##-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
# Allow forwarding established and related traffic:
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow forwarding all traffic coming from internal network:
-A FORWARD -i eth1 -m state --state NEW -j ACCEPT
# Allow forwarding all ICMP:
-A FORWARD -p ipv6-icmp -j ACCEPT
# Default-deny:
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:11:48
Does stuff work if you disable ip6tables ?
Also you need to have a kernel that is more recent then 2.6.20 for statefull stuff to work.
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:31:14
running 2.6.35 and..... *hangs head low* yes. Once I issued "service ip6tables stop"... it came back to life.
enable, gone...
disable, working...
After testing... surprisingly, this rule seems to be the problem.
# Default-deny:
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:38:18
I have that line as well, (at the bottom), so it is probably rejecting something before the condition to forward can become true. There is a pretty good example of a firewall script on the wikki, try it out.
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:40:16
Ignore the last message, that line was indeed at the bottom.
-A FORWARD -i eth1 -m state --state NEW -j ACCEPT
Change eth1 to eth0 and try again :)
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:43:02
or even better:
-A FORWARD -i eth1 -o sixxs -m state --state NEW -j ACCEPT
can't edit post, that's a shame.
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:43:36
BLAST eth1=eth0
Now I stop adding messages :)
Subnet setup needs help
Shadow Hawkins on Thursday, 20 January 2011 04:58:08
Yea I did change that while commenting out lines to see which was the cause.
I'd comment a line, save, run "service iptables stop", wait 5 seconds, then "service iptables start". Time consuming, but worked once I hit that line.
Now I uncommented and... it's still working. Going to comment it back out if causes problem.
But, my computers are showing up an ipv6 address when on sixxs and whatismyipv6, and even my android phone! (need to check my nook color).
Ok lets give it 24 hours before I call it fixed lol.
Subnet setup needs help
Shadow Hawkins on Saturday, 09 June 2012 03:26:47
I'm bumping a fairly old topic because it's the same setup, but suddenly stopped working. That and you guys are really good at spotting the problems!
I have two endpoints at seperate locations (one near Raleigh NC, one in eastern NC), and I noted awhile ago I started seeing new subnets on my home page that were not there before and that I did not request. Both show "user disabled".
Did something change and I need to update my setup? I can connect to IPv6 sites (well, at least ping) from my endpoints, but not from systems on my subnet.
Relevant Info:
The tunnel endpoint (in this info) is based on ArchLinux on a pogoplug... using AICCU and radvd. No iptables here.
ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 metric 1
inet 192.168.2.12 netmask 255.255.255.0 broadcast 192.168.2.255
inet6 2001:4830:1692:1::3 prefixlen 64 scopeid 0x0<global>
inet6 fe80::225:31ff:fe02:647e prefixlen 64 scopeid 0x20<link>
ether 00:25:31:02:64:7e txqueuelen 1000 (Ethernet)
RX packets 74151 bytes 10756314 (10.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12690 bytes 4000099 (3.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 40
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436 metric 1
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 8 bytes 576 (576.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 576 (576.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
sixxs: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1280 metric 1
inet6 2001:4830:1600:26b::2 prefixlen 64 scopeid 0x0<global>
inet6 fe80::4830:1600:26b:2 prefixlen 64 scopeid 0x20<link>
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 500 (UNSPEC)
RX packets 2817 bytes 2893104 (2.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2815 bytes 2888108 (2.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
/etc/radvd.conf
interface eth0
{
AdvSendAdvert on;
prefix 2001:4830:1692:1::/64
{
AdvOnLink on;
AdvAutonomous on;
AdvRouterAddr on;
};
};
ip -6 route
2001:4830:1600:26b::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 hoplimit 0
fe80::/64 dev sixxs proto kernel metric 256 mtu 1280 advmss 1220 hoplimit 0
default via 2001:4830:1600:26b::1 dev sixxs metric 1024 mtu 1280 advmss 1220 hoplimit 0
=========================
Routes on a PC on the subnet
C:\Users\Nick>route PRINT -6
===========================================================================
Interface List
11...00 c0 a8 d4 41 90 ......Atheros AR5006EG Wireless Network Adapter
10...00 14 0b 0b 10 80 ......NVIDIA nForce Networking Controller
25...08 00 27 00 80 02 ......VirtualBox Host-Only Ethernet Adapter
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
25 276 fe80::/64 On-link
10 276 fe80::/64 On-link
25 276 fe80::90d:9d00:4f81:11f/128
On-link
10 276 fe80::d41b:3827:22cb:5ef9/128
On-link
1 306 ff00::/8 On-link
25 276 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\Nick>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Mkesick2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mkesick.net
Wireless LAN adapter Wireless Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : mkesick.net
Description . . . . . . . . . . . : Atheros AR5006EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-C0-A8-D4-41-90
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mkesick.net
Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
Physical Address. . . . . . . . . : 00-14-0B-0B-10-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d41b:3827:22cb:5ef9%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, June 08, 2012 7:21:00 AM
Lease Expires . . . . . . . . . . : Friday, June 22, 2012 6:46:53 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 234886155
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-5E-AB-46-00-14-0B-0B-10-80
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Subnet setup needs help
Jeroen Massar on Saturday, 09 June 2012 03:38:08 I started seeing new subnets on my home page that were not there before and that I did not request. Both show "user disabled".
These are "default routed subnets", every tunnel has these. When this feature was added we added them in disabled state for existing tunnels as some routers fetch their settings using TIC and then they would get two subnets and likely get confused.
Did something change and I need to update my setup?
Most likely you don't have to change anything, unless you want to use those prefixes that is.
IPv6 Route Table
Does not look that you have a default route there.
You should have a route over fe80::225:31ff:fe02:647e which is the Link-Local address of eth0 on your router.
Did you enable forwarding on the router?
Subnet setup needs help
Shadow Hawkins on Tuesday, 12 June 2012 03:00:04
It was enabled. It seems some update switched that back off, at least on one endpoint (the one referenced above).
Working on re-updating the config and will update the thread.
Subnet setup needs help
Shadow Hawkins on Tuesday, 12 June 2012 03:24:10
Yea that was it. Update sysctl to make persistant changes, and make immediate ones to /proc/sys/net/ipv6/conf/default/forwarding and /proc/sys/net/ipv6/conf/all/forwarding and then everything started pinging past the local endpoint (from other systems).
Thanks for the help!
/me notes that the above is so I can find this in the future and fix it myself!
Posting is only allowed when you are logged in. |