Cannot find 'ON' switch.
Shadow Hawkins on Wednesday, 02 February 2011 21:33:11
Help.
Everything is working, but nothing works.
Setup:
Ubuntu 10.04 behind a squid/netfilter NATed firewall.
Using aiccu to enable an AYIYA tunnel.
I have modified my firewall and NAT scheme so that 'aiccu test' passes all 8 tests.
When I run 'aiccu start' with verbose set to True, I see this upon connection:
Tunnel Information for T54269:
POP Id : usphx01
IPv6 Local : 2001:1938:81:1d4::2/64
IPv6 Remote : 2001:1938:81:1d4::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
Running ifconfig, I see this:
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1838:81:1d4:2/64 Scope:Link
inet6 addr: 2001:1938:81:1d4::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:34 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:3224 (3.2 KB) TX bytes:3368 (3.3 KB)
I can ping and ping6 my tunnel endpoint successfully. Note the RX/TX packets are both non-zero.
When I browse to www.sixxs.net, I see this:
SSL Logged in as John Charles Hill (JCH9-SIXXS)
SSL IPv4 connection from 69.198.198.90
and in 'home' I see the state of my tunnel as follows:
Tunnel information T54269usphx01 - Highwinds Network Group Incayiya2001:1938:81:1d4::2My First TunnelEnabled
In summary, everything I can figure out to check works.
So, why does my connect always report as Ipv4?? I cannot seem to find the 'on' switch? Every page at sixxs.net that reports connectivity asks me whether I would like to create an account so that I can experience the wonders of Ipv6 for myself, first hand. Um, help?
Cannot find 'ON' switch.
Jeroen Massar on Wednesday, 02 February 2011 23:53:54 So, why does my connect always report as Ipv4??
You are connecting from which host? With which OS and which browser?
Does your nameserver allow you to get IPv6 addresses? Did you try http://www.ipv6.sixxs.net ?
What does traceroute6 show? etc etc etc...
Cannot find 'ON' switch.
Shadow Hawkins on Thursday, 03 February 2011 01:14:39
Note: some std output content edited to remain within 78 character lines.
OS: Ubuntu 10.04
Browser: Firefox 3.6.13 /NoScript 2.0.9.7
Network Access:
Squid: 2.4 running NON-TRANSPARENT (significant?)
Netfilter: iptables filtering rules
NAT: Had to open add a few rules before I could reach sixxs.net for pings.
ISP: cbeyond.net (not IPv6 friendly)
DNS behaviour:
john@ook:~$ host noc.sixxs.net
noc.sixxs.net has address 213.197.29.32
noc.sixxs.net has IPv6 address 2001:838:1:1:210:dcff:fe20:7c7c
Not sure what you mean by 'host'
aiccu 20070115-11 obtained from Ubuntu repositories
AYIYA tunnel (due to NAT, seemed the proper way)
/etc/aiccu.conf:
=================================================================
# AICCU Configuration
# Login information (defaults: none)
username JCH9-SIXXS/T54269
password ***************
# Protocol and server to use for setting up the tunnel (defaults: none)
#protocol <tic|tsp|l2tp>
#server <server to use>
protocol ayiya
server tic.sixxs.net
# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel \
interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 \
tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface sixxs
# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
#tunnel_id Txxxx
tunnel_id T54269
# Be verbose? (default: false)
#verbose false
verbose true
# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
#
# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
daemonize true
# Automatic Login and Tunnel activation?
automatic true
# Require TLS?
# When set to true, if TLS is not supported on the server
# the TIC transaction will fail.
# When set to false, it will try a starttls, when that is
# not supported it will continue.
# In any case if AICCU is build with TLS support it will
# try to do a 'starttls' to the TIC server to see if that
# is supported.
requiretls false
# PID File
#pidfile /var/run/aiccu.pid
# Add a default route (default: true)
defaultroute true
# Script to run after setting up the interfaces (default: none)
#setupscript /usr/local/etc/aiccu-subnets.sh
# Make heartbeats (default true)
# In general you don't want to turn this off
# Of course only applies to AYIYA and heartbeat tunnels not to static ones
#makebeats true
# Don't configure anything (default: false)
#noconfigure true
# Behind NAT (default: false)
# Notify the user that a NAT-kind network is detected
#behindnat true
behindnat true
# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
#
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
#local_ipv4_override
=================================================================
output from "aiccu test"
=================================================================
Tunnel Information for T54269:
POP Id : usphx01
IPv6 Local : 2001:1938:81:1d4::2/64
IPv6 Remote : 2001:1938:81:1d4::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.1.186)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 192.168.1.186 (192.168.1.186) 56(84) bytes of data.
64 bytes from 192.168.1.186: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 192.168.1.186: icmp_seq=2 ttl=64 time=0.039 ms
64 bytes from 192.168.1.186: icmp_seq=3 ttl=64 time=0.041 ms
--- 192.168.1.186 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.030/0.036/0.041/0.008 ms
######
Did this work? [Y/n]
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (209.197.5.66)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 209.197.5.66 (209.197.5.66) 56(84) bytes of data.
64 bytes from 209.197.5.66: icmp_seq=1 ttl=50 time=246 ms
64 bytes from 209.197.5.66: icmp_seq=2 ttl=50 time=18.4 ms
64 bytes from 209.197.5.66: icmp_seq=3 ttl=50 time=18.2 ms
--- 209.197.5.66 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 18.230/94.384/246.426/107.510 ms
######
Did this work? [Y/n]
####### [3/8] Traceroute to the PoP (209.197.5.66) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 209.197.5.66 (209.197.5.66), 30 hops max, 60 byte packets
1 pie.tli.com (192.168.1.250) 4.181 ms 4.254 ms 4.336 ms
2 192.168.5.254 (192.168.5.254) 4.426 ms 4.516 ms 4.633 ms
3 69.198.198.89 (69.198.198.89) 4.663 ms 4.889 ms 5.280 ms
4 172.27.10.64 (172.27.10.64) 11.684 ms 11.749 ms 11.814 ms
5 192.168.53.4 (192.168.53.4) 11.891 ms 11.857 ms 12.006 ms
6 192.168.52.8 (192.168.52.8) 12.065 ms 8.096 ms 6.889 ms
7 xe-10-1-0.edge6.LosAngeles1.Level3.net (4.59.50.125) 8.124 ms \
8.892 ms 9.498 ms
8 ae-34-80.car4.LosAngeles1.Level3.net (4.69.144.134) 9.830 ms \
ae-14-60.car4.LosAngeles1.Level3.net (4.69.144.6) 10.155 ms \
ae-24-70.car4.LosAngeles1.Level3.net (4.69.144.70) 13.058 ms
9 globalcrossing-level3-10ge.LosAngeles1.Level3.net (4.68.110.66) \
37.473 ms 11.806 ms 11.924 ms
10 162.97.117.2 (162.97.117.2) 21.836 ms 22.124 ms 22.313 ms
11 2-1.r2.ph.hwng.net (69.16.191.38) 20.023 ms 20.010 ms 20.314 ms
12 usphx01.sixxs.net (209.197.5.66) 18.317 ms 18.768 ms 19.228 ms
######
Did this work? [Y/n]
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.038 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.051 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.051 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.038/0.046/0.051/0.010 ms
######
Did this work? [Y/n]
### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:1938:81:1d4::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2001:1938:81:1d4::2(2001:1938:81:1d4::2) 56 data bytes
64 bytes from 2001:1938:81:1d4::2: icmp_seq=1 ttl=64 time=0.035 ms
64 bytes from 2001:1938:81:1d4::2: icmp_seq=2 ttl=64 time=0.054 ms
64 bytes from 2001:1938:81:1d4::2: icmp_seq=3 ttl=64 time=0.053 ms
--- 2001:1938:81:1d4::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.035/0.047/0.054/0.010 ms
######
Did this work? [Y/n]
### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:1938:81:1d4::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was successful then this could be both
### a firewalling and a routing/interface problem
PING 2001:1938:81:1d4::1(2001:1938:81:1d4::1) 56 data bytes
64 bytes from 2001:1938:81:1d4::1: icmp_seq=1 ttl=64 time=20.5 ms
64 bytes from 2001:1938:81:1d4::1: icmp_seq=2 ttl=64 time=84.1 ms
64 bytes from 2001:1938:81:1d4::1: icmp_seq=3 ttl=64 time=19.8 ms
--- 2001:1938:81:1d4::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 19.813/41.488/84.122/30.148 ms
######
Did this work? [Y/n]
###### [7/8] Traceroute6 to the central SixXS machine (noc.sixxs.net)
### This confirms that you can reach the central machine of SixXS
### If that one is reachable you should be able to reach most IPv6 \
destinations
### Also check http://www.sixxs.net/ipv6calc/ which should show an IPv6 \
connection
### If your browser supports IPv6 and uses it of course.
traceroute to noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c), 30 hops max, \
80 byte packets
1 gw-469.phx-01.us.sixxs.net (2001:1938:81:1d4::1) 33.549 ms 34.752 ms \
35.835 ms
2 2001:4de0:1000:a4::1 (2001:4de0:1000:a4::1) 39.508 ms 40.641 ms \
42.749 ms
3 1-3.ipv6.r1.ph.hwng.net (2001:4de0:1000:27::2) 43.766 ms 44.895 ms \
45.809 ms
4 3-2.ipv6.r1.at.hwng.net (2001:4de0:1000:15::1) 87.718 ms 89.218 ms \
90.301 ms
5 2-1.ipv6.r2.dc.hwng.net (2001:4de0:1000:7::1) 125.657 ms 126.535 ms \
138.811 ms
6 5-4.ipv6.r2.am.hwng.net (2001:4de0:1000:5::1) 205.149 ms 179.278 ms \
181.015 ms
7 ams-ix.ipv6.concepts.nl (2001:7f8:1::a501:2871:1) 387.228 ms 309.075 ms\
180.485 ms
8 2001:838:5:a::2 (2001:838:5:a::2) 184.213 ms 185.213 ms 186.240 ms
9 noc.sixxs.net (2001:838:1:1:210:dcff:fe20:7c7c) 188.452 ms 187.284 ms \
189.327 ms
######
Did this work? [Y/n]
###### [8/8] Traceroute6 to (www.kame.net)
### This confirms that you can reach a Japanese IPv6 destination
# If that one is reachable you should be able to reach most IPv6 destinations
### You should also check http://www.kame.net which should display
### a animated kame (turtle), of course only when your browser supports and \
uses IPv6
traceroute to www.kame.net (2001:200:dff:fff1:216:3eff:feb1:44d7), \
30 hops max, 80 byte packets
1 gw-469.phx-01.us.sixxs.net (2001:1938:81:1d4::1) 19.916 ms 20.864 ms \
22.483 ms
2 2001:4de0:1000:a4::1 (2001:4de0:1000:a4::1) 23.101 ms 25.379 ms \
26.325 ms
3 1-3.ipv6.r1.ph.hwng.net (2001:4de0:1000:27::2) 27.420 ms 28.426 ms \
29.431 ms
4 2001:478:186::20 (2001:478:186::20) 30.465 ms 31.468 ms 32.919 ms
5 10gigabitethernet2-2.core1.lax1.he.net (2001:470:0:159::1) 40.392 ms \
41.397 ms 42.457 ms
6 10gigabitethernet2-2.core1.fmt2.he.net (2001:470:0:18d::1) 51.971 ms \
45.436 ms 46.231 ms
7 10gigabitethernet1-1.core1.sjc2.he.net (2001:470:0:31::2) 40.829 ms \
42.469 ms 45.168 ms
8 xe-0.equinix.snjsca04.us.bb.gin.ntt.net (2001:504:0:1::2914:1) \
46.560 ms 48.015 ms 49.590 ms
9 as-1.r21.osakjp01.jp.bb.gin.ntt.net (2001:218:0:2000::aa) 173.261 ms \
177.490 ms 178.524 ms
10 ae-4.r21.tokyjp01.jp.bb.gin.ntt.net (2001:218:0:2000::dd) 185.772 ms \
186.827 ms 195.954 ms
11 po-2.a15.tokyjp01.jp.ra.gin.ntt.net (2001:218:0:6000::116) 180.613 ms \
180.425 ms 181.677 ms
12 ge-8-2.a15.tokyjp01.jp.ra.gin.ntt.net (2001:218:2000:5000::82) \
172.586 ms 173.664 ms 174.716 ms
13 ve44.foundry6.otemachi.wide.ad.jp (2001:200:0:10::141) 158.279 ms \
155.956 ms 175.898 ms
14 ve42.foundry4.nezu.wide.ad.jp (2001:200:0:11::66) 175.992 ms 176.305 ms\
177.445 ms
15 cloud-net1.wide.ad.jp (2001:200:0:1c0a:218:8bff:fe43:d1d0) 178.535 ms \
179.376 ms 180.483 ms
16 2001:200:dff:fff1:216:3eff:feb1:44d7 \
(2001:200:dff:fff1:216:3eff:feb1:44d7) 181.514 ms 182.495 ms 184.686 ms
######
Did this work? [Y/n]
###### ACCU Quick Connectivity Test (done)
### Either the above all works and gives no problems
### or it shows you where what goes wrong
### Check the SixXS FAQ (http://www.sixxs.net/faq/
### for more information and possible solutions or hints
### Don't forget to check the Forums (http://www.sixxs.net/forum/)
### for a helping hand.
### Passing the output of 'aiccu autotest >aiccu.log' is a good idea.
*** press a key to continue ***
=================================================================
Activating tunnel:
root@ook:~# aiccu start
Tunnel Information for T54269:
POP Id : usphx01
IPv6 Local : 2001:1938:81:1d4::2/64
IPv6 Remote : 2001:1938:81:1d4::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
ifconfig (just tunnel interface):
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-\
00-00-00-00-00
inet6 addr: fe80::1838:81:1d4:2/64 Scope:Link
inet6 addr: 2001:1938:81:1d4::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:11 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:832 (832.0 B) TX bytes:976 (976.0 B)
route -A inet6:
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:1938:81:1d4::/64 :: U 256 0 1 sixxs
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 sixxs
::/0 2001:1938:81:1d4::1 UG 1024 0 14 sixxs
::/0 :: !n -1 1 579 lo
::1/128 :: Un 0 2 30 lo
2001:1938:81:1d4::2/128 :: Un 0 1 32 lo
fe80::217:42ff:fe1a:97eb/128 :: Un 0 1 0 lo
fe80::1838:81:1d4:2/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 sixxs
::/0 :: !n -1 1 579 lo
Notice from the bottom of the page I am entering this from:
Logged in as John Charles Hill (JCH9-SIXXS)
SSL IPv4 connection from 69.198.198.90
Not IPv6. What am I missing?
Cannot find 'ON' switch.
Jeroen Massar on Tuesday, 08 February 2011 12:52:12 Squid: 2.4 running NON-TRANSPARENT (significant?)
Yes, that is significant as AFAIK Firefox does not support IPv6 proxies and AFAIK unless something changed Squid does not support IPv6. Turning off the proxy might help there a lot.
Cannot find 'ON' switch.
Shadow Hawkins on Thursday, 03 February 2011 03:48:58
a) Can you ping6 ipv6.google.com?
b) Have turned on IPv6 in Firefox? Go to about:config, enter ipv6 in the filter box, and set network.dns.disableIPV6 to false.
Cannot find 'ON' switch.
Shadow Hawkins on Thursday, 03 February 2011 14:26:49
You used to have to assign a IPv6 address to your local interface to browse IPv6 websites...
Cannot find 'ON' switch.
Shadow Hawkins on Thursday, 03 February 2011 18:05:54
You used to have to assign a IPv6 address to your local interface
When I run ifconfig, I get this:
eth0 Link encap:Ethernet HWaddr 00:17:42:1a:97:eb
inet addr:192.168.1.186 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::217:42ff:fe1a:97eb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2709 errors:0 dropped:0 overruns:0 frame:0
TX packets:1880 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2680297 (2.6 MB) TX bytes:220278 (220.2 KB)
Interrupt:19
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:49 errors:0 dropped:0 overruns:0 frame:0
TX packets:49 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3361 (3.3 KB) TX bytes:3361 (3.3 KB)
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: fe80::1838:81:1d4:2/64 Scope:Link
inet6 addr: 2001:1938:81:1d4::2/64 Scope:Global
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:312 (312.0 B) TX bytes:456 (456.0 B)
So, I think >all< the interfaces have IPv6 addresses.
When I am logged in at sixxs.net, I sometimes see the RX/TX packet
counters increase upon re-running ifconfig. I have not figured out what sort of traffic this represents.
Thank you both for your suggestions. I had thought that I could establish a basic IPv6 connection via sixxs.net and begin to learn more about IPv6 by playing with it. Now I see that I am going to have to develop a thorough understanding of IPv6 before I can establish a basic connection. I usually learn faster and better by interacting directly with something (my definition of 'play') than by sitting quietly reading documents.
Wait, I misspoke. I have a basic connection. It actually works. I just can't figure out how to use it.
Cannot find 'ON' switch.
Shadow Hawkins on Thursday, 03 February 2011 17:52:56
a) Can you ping6 ipv6.google.com
Yes.
b) Have turned on IPv6 in Firefox?
Apparently that is the default - it was already set to false.
[SOLVED] Cannot find 'ON' switch.
Shadow Hawkins on Thursday, 03 February 2011 18:11:31
SUCCESS.
Switched from Firefox to Opera, now I see this:
Logged in as John Charles Hill (JCH9-SIXXS)
SSL IPv6 connection from 2001:1938:81:1d4::2
Yeah!!!
Posting is only allowed when you are logged in. |