ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Thursday, 10 February 2011 12:25:24
Hi folks
Need some help / advice / pointers / ideas please. And apologies in advance if I'm using wrong terminology - I am not a routing expect by any stretch of the imagination - which is why it's taken me a couple of days to get to this point!
I have a working tunnel on a local Mac server such that I can access various ipv6 websites successfully. This seems to be robust, stable and all good. Thank you SixXS.
I have a /48 subnet assigned to me.
The local Mac server has a /64 from this subnet which it is announcing on the local network.
The local Mac server can ping both ends of the tunnel (as you'd expect). It can ping its local ethernet interface and my work machine's assigned ipv6 address.
My work machine can ping the local Mac server's ipv6 address on en0. However, it cannot find a route to the gateway address.
Obviously packets are not getting from en0 to tun0 - at which point a pro probably would look at the routing table and go "hah", the issue is xxxx and all would be fixed.
I don't understand routing tables and have struggled to find a Dick and Jane intro to same.
To talk (munged) specifics:
Subnet IPv6 : 2a01:1:2::/48
Routed to : 2a01:a:b:488::2/64
The routing table is:
Destination Gateway Flags Netif Expire
default 2a01:a:b:488::2 UGSc tun0
::1 ::1 UH lo0
2a01:a:b:488::1 2a01:a:b:488::2 UH tun0
2a01:a:b:488::2 link#7 UHL lo0
2a01:1:2::/64 link#4 UC en0
2a01:1:2::1 d4:9a:20:f4:11:b8 UHL lo0
2a01:1:2::21b:63ff:fe92:ab1f 0:1b:63:92:ab:1f UHLW en0
2a01:1:2::226:b0ff:fee6:634 0:26:b0:e6:6:34 UHLW en0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
fe80::%en0/64 link#4 UC en0
fe80::21b:63ff:fe92:ab1f%en0 0:1b:63:92:ab:1f UHLW en0
fe80::21b:63ff:fec0:ea36%en0 0:1b:63:c0:ea:36 UHLW en0
fe80::226:b0ff:fee6:634%en0 0:26:b0:e6:6:34 UHLW en0
fe80::d69a:20ff:fef4:11b8%en0 d4:9a:20:f4:11:b8 UHL lo0
fe80::d69a:20ff:fef4:11b8%tun0 link#7 UHL lo0
ff01::/32 ::1 Um lo0
ff02::/32 ::1 UmC lo0
ff02::/32 link#4 UmC en0
ff02::/32 fe80::d69a:20ff:fef4:11b8%tun0 UmC tun0
Can someone point out the obvious error?
And as a sanity check:
net.inet6.ip6.forwarding: 1
net.inet6.ip6.redirect: 1
ip6fw list
65535 allow ipv6 from any to any
Thank you very much for any assistance.
Simon
ipv6 forwarding, Mac OS (think BSD!)
Jeroen Massar on Thursday, 10 February 2011 12:37:49 Subnet IPv6 : 2a01:1:2::/48
I am very sure that that prefix is not routed route to you. This as it is not allocated by RIPE NCC.
If you want to use example prefixes, please actually use the documentation prefix: 2001:db8::/32
Thus fixing that up:
2001:db8:aaaa:488::1 2a01:a:b:488::2 UH tun0
Remote endpoint of the tunnel
2001:db8:aaaa:488::2 link#7 UHL lo0
Local endpoint of the tunnel, that is why it goes to lo0
2001:db8:2000::/64 link#4 UC en0
The /64 out of your /48 on the interface.
2001:db8:2000::1 d4:9a:20:f4:11:b8 UHL lo0
The local IP out of that prefix.
2001:db8:2000::21b:63ff:fe92:ab1f 0:1b:63:92:ab:1f UHLW en0 2001:db8:2000::226:b0ff:fee6:634 0:26:b0:e6:6:34 UHLW en0
Two hosts who are in that prefix.
* Can you ping those hosts?
* Can those hosts ping the ::1 variant?
* How do the routing tables on those hosts look?
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Thursday, 10 February 2011 13:01:46
Firstly, thank you for your (incredibly prompt) reply. Much appreciated.
If you want to use example prefixes, please actually use the documentation prefix: 2001:db8::/32
OK. Was unaware of this convention. Therefore, local Mac server (hereinafter router) has following table:
Destination Gateway Flags Netif Expire
default 2001:db8:6:488::2 UGSc tun0
::1 ::1 UH lo0
2001:db8:6:488::1 2001:db8:6:488::2 UH tun0
2001:db8:6:488::2 link#7 UHL lo0
2001:db8:2a3::/64 link#4 UC en0
2001:db8:2a3::1 d4:9a:20:f4:11:b8 UHL lo0
2001:db8:2a3::21b:63ff:fe92:ab1f 0:1b:63:92:ab:1f UHLW en0
2001:db8:2a3::226:b0ff:fee6:634 0:26:b0:e6:6:34 UHLW en0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
fe80::%en0/64 link#4 UC en0
fe80::21b:63ff:fe92:ab1f%en0 0:1b:63:92:ab:1f UHLW en0
fe80::21b:63ff:fec0:ea36%en0 0:1b:63:c0:ea:36 UHLW en0
fe80::226:b0ff:fee6:634%en0 0:26:b0:e6:6:34 UHLW en0
fe80::d69a:20ff:fef4:11b8%en0 d4:9a:20:f4:11:b8 UHL lo0
fe80::d69a:20ff:fef4:11b8%tun0 link#7 UHL lo0
ff01::/32 ::1 Um lo0
ff02::/32 ::1 UmC lo0
ff02::/32 link#4 UmC en0
ff02::/32 fe80::d69a:20ff:fef4:11b8%tun0 UmC tun0
Two hosts who are in that prefix.
* Can you ping those hosts?
Yes.
* Can those hosts ping the ::1 variant?
Yes.
* How do the routing tables on those hosts look?
Destination Gateway Flags Netif Expire
::1 ::1 UH lo0
2001:db8:2a3::/64 link#6 UC en0
2001:db8:2a3::1 d4:9a:20:f4:11:b8 UHLW en0
2001:db8:2a3::21b:63ff:fe92:ab1f 0:1b:63:92:ab:1f UHL lo0
2001:db8:2a3::21b:63ff:fec0:ea36 0:1b:63:c0:ea:36 UHL lo0
fe80::%lo0/64 fe80::1%lo0 Uc lo0
fe80::1%lo0 link#1 UHL lo0
fe80::%en1/64 link#5 UC en1
fe80::21b:63ff:fec0:ea36%en1 0:1b:63:c0:ea:36 UHL lo0
fe80::d69a:20ff:fef4:11b8%en1 d4:9a:20:f4:11:b8 UHLW en1
fe80::%en0/64 link#6 UC en0
fe80::21b:63ff:fe92:ab1f%en0 0:1b:63:92:ab:1f UHL lo0
fe80::d69a:20ff:fef4:11b8%en0 d4:9a:20:f4:11:b8 UHLW en0
fe80::%vnic0/64 link#7 UC vnic0
fe80::21c:42ff:fe00:8%vnic0 0:1c:42:0:0:8 UHL lo0
fe80::%vnic1/64 link#8 UC vnic1
fe80::21c:42ff:fe00:9%vnic1 0:1c:42:0:0:9 UHL lo0
ff01::/32 ::1 Um lo0
ff02::/32 ::1 UmC lo0
ff02::/32 link#5 UmC en1
ff02::/32 link#7 UmC vnic0
ff02::/32 link#8 UmC vnic1
The issue appears to be the passing packets from en0 to tun0 on the router - but I'm at a loss as to why this fails.
* WARNING * It may well be something incredibly stupid / obvious to someone more well versed in this stuff.
Simon
ipv6 forwarding, Mac OS (think BSD!)
Jeroen Massar on Thursday, 10 February 2011 13:09:26 The issue appears to be the passing packets from en0 to tun0 on the router - but I'm at a loss as to why this fails.
Could be a Tun/Tap issue similar to the problem that Windows has. I've never seen anybody using AYIYA on a Mac and doing routing on it, thus that might be the issue at hand.
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Thursday, 10 February 2011 18:51:19
Try temporarily disabling the IPv6 firewall and see if that resolves anything.
I had previously used a Mac as my IPv6 router and had run into issues that were caused by certain rules in my firewall. There were also some sysctl operations that needed to be performed, as documented by this post:
http://lists.apple.com/archives/ipv6-dev/2007/Aug/msg00014.html
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Thursday, 10 February 2011 13:53:26
Does the workstations have a ipv6-routing to the gateway?
i.e. can you do a
traceroute6 www.sixxs.net?
If not you either must set a default route on each workstation, or use rtadvd on the router (I think...)
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Thursday, 10 February 2011 14:05:50
rtadvd is enabled on the router. Each workstation can ping the router without issue. There seems to be a disconnect between en0 and tun0 on the router.
At this point in time I've run out of things to look at. The previous poster suggested it may be a tuntap issue. How to investigate this further I know not at this point in time.
Simon
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Thursday, 10 February 2011 14:49:57
The workstation might be able to ping the router, but does the workstation have a default route?
Does traceroute go to the router and stop, or does it say "no route to host" or similar?
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Friday, 11 February 2011 14:40:06
It seems that moderators got to the last couple of (light hearted) posts in this thread. Just to say that the issue appeared to be the routes on the workstations as opposed to the router itself.
Leif was right.
In conclusion, setting up Mac OS X 10.6 Server to route IPv6 traffic over a AYIYA tunnel is very doable and, when you know what to do, is relatively simple. I'll write up the experience and get it online in the next few days.
Thank you SixXS and the guys who responded to my initial post on this forum.
ipv6 forwarding, Mac OS (think BSD!)
Shadow Hawkins on Tuesday, 22 February 2011 14:15:50
http://www.ldml.com/Setting_Up_A_Mac_Server_As_An_IPv6_Router.html
Posting is only allowed when you are logged in. |