|
Trouble with Static Tunnel - nothing back from PoP
![[us]](/s/countries/us.gif) Shadow Hawkins on Sunday, 10 April 2011 02:38:02
NIC: VMD1-SIXXS
Tunnel: T50349 via uschi02
Route ID: 2001:4978:f:4aa::1/64
Static Tunnel terminating on pfSense 2.0RC1-IPv6
Currently allowing all ICMP and IPv6 traffic on firewall
Steps I've taken:
1) I recently switched to static tunnel (don't think I used this tunnel at all in past)
2) Observing no input packets on my gif0 interface. Observing no output packets on gif1195 interface at PoP according to graphs. Seeing my input packets on gif1195 interface at PoP.
3) Changed MTU from 1280 to 1281 (and back to 1280) in hopes of reseting the interface on the PoP side.
4) Switched tunnel endpoint and IPv6 address with my Hurricane Electric ones - and it works. So I'm fairly confident in my firewall rules, etc.
Anything stick out as incorrect? Any additional steps I can take or information I can provide?
Thank you.
Interface:
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 98.240.183.153 --> 216.14.98.22
inet6 fe80::202:16ff:fee9:db92%gif0 prefixlen 64 scopeid 0x9
inet6 2001:4978:f:4aa::2 prefixlen 64
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
options=1<ACCEPT_REV_ETHIP_VER>
Routing tables:
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 98.240.176.1 UGS 0 10146 fxp0
4.2.2.2 98.240.176.1 UGHS 0 4 fxp0
10.11.12.0/24 link#2 U 0 0 fxp1
10.11.12.254 link#2 UHS 0 0 lo0
10.12.12.0/24 link#3 U 0 35270 fxp2
10.12.12.1 link#3 UHS 0 0 lo0
71.216.119.142 link#11 UHS 0 0 lo0
75.75.75.75 00:02:16:e9:db:92 UHS 0 0 fxp0
75.75.76.76 00:02:16:e9:db:92 UHS 0 0 fxp0
98.240.176.0/21 link#1 U 0 5606 fxp0
98.240.183.153 link#1 UHS 0 0 lo0
127.0.0.1 link#5 UH 0 47 lo0
198.36.192.63 link#11 UH 0 5604 pppoe0
205.171.2.65 198.36.192.63 UGHS 0 5 pppoe0
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UH lo0
2001:4978:f:4aa::/64 link#9 U gif0
2001:4978:f:4aa::2 link#9 UHS lo0
fe80::%fxp0/64 link#1 U fxp0
fe80::202:16ff:fee9:db92%fxp0 link#1 UHS lo0
fe80::%fxp1/64 link#2 U fxp1
fe80::202:b3ff:fe11:f547%fxp1 link#2 UHS lo0
fe80::%fxp2/64 link#3 U fxp2
fe80::207:e9ff:fe72:2563%fxp2 link#3 UHS lo0
fe80::%lo0/64 link#5 U lo0
fe80::1%lo0 link#5 UHS lo0
fe80::%gif0/64 link#9 U gif0
fe80::202:16ff:fee9:db92%gif0 link#9 UHS lo0
fe80::%pppoe0/64 link#11 U pppoe0
fe80::202:16ff:fee9:db92%pppoe0 link#11 UHS lo0
ff01:1::/32 fe80::202:16ff:fee9:db92%fxp0 U fxp0
ff01:2::/32 fe80::202:b3ff:fe11:f547%fxp1 U fxp1
ff01:3::/32 fe80::207:e9ff:fe72:2563%fxp2 U fxp2
ff01:5::/32 ::1 U lo0
ff01:9::/32 fe80::202:16ff:fee9:db92%gif0 U gif0
ff01:b::/32 fe80::202:16ff:fee9:db92%pppoe0 U pppoe0
ff02::%fxp0/32 fe80::202:16ff:fee9:db92%fxp0 U fxp0
ff02::%fxp1/32 fe80::202:b3ff:fe11:f547%fxp1 U fxp1
ff02::%fxp2/32 fe80::207:e9ff:fe72:2563%fxp2 U fxp2
ff02::%lo0/32 ::1 U lo0
ff02::%gif0/32 fe80::202:16ff:fee9:db92%gif0 U gif0
ff02::%pppoe0/32 fe80::202:16ff:fee9:db92%pppoe0 U pppoe
Traceroutes:
traceroute 216.14.98.22
traceroute to 216.14.98.22 (216.14.98.22), 64 hops max, 52 byte packets
1 73.115.162.1 (73.115.162.1) 8.320 ms 11.725 ms 6.754 ms
2 ge-9-2-ur01.shoreview.mn.minn.comcast.net (68.85.166.201) 8.192 ms 8.302 ms 8.029 ms
3 te-0-3-0-4-ar01.roseville.mn.minn.comcast.net (68.87.174.178) 9.206 ms 8.524 ms 8.099 ms
4 te-0-4-0-6-cr01.chicago.il.ibone.comcast.net (68.86.91.5) 18.561 ms 17.991 ms 19.685 ms
5 tenge13/4.br03.chc01.pccwbtn.net (68.86.89.58) 52.621 ms 18.000 ms 23.318 ms
6 your.org.ge2-5.br02.chc01.pccwbtn.net (63.218.5.38) 19.913 ms 23.019 ms 19.197 ms
7 sixxs.cx01.chi.bb.your.org (216.14.98.22) 20.229 ms 20.215 ms 19.754 ms
traceroute6 2001:4978:f:4aa::1
traceroute6 to 2001:4978:f:4aa::1 (2001:4978:f:4aa::1) from 2001:4978:f:4aa::2, 64 hops max, 12 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
tcpdump on WAN interface. No packets back from PoP.
18:56:23.282873 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 47898, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 0
18:56:24.283201 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 8252, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 1
18:56:25.283178 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 4877, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 2
18:56:26.283192 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 54367, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 3
18:56:27.283188 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 44207, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 4
18:56:28.282141 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 30, id 54509, offset 0, flags [none], proto IPv6 (41), length 84)
98.240.183.153 > 216.14.98.22: (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:4978:f:4aa::1
18:56:28.283156 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 12018, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 5
18:56:29.282151 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 30, id 21223, offset 0, flags [none], proto IPv6 (41), length 84)
98.240.183.153 > 216.14.98.22: (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:4978:f:4aa::1
18:56:29.283156 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 90: (tos 0x0, ttl 30, id 19736, offset 0, flags [none], proto IPv6 (41), length 76)
98.240.183.153 > 216.14.98.22: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 6
18:56:30.282139 00:02:16:e9:db:92 > 00:1b:d5:fe:8f:e2, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 30, id 5241, offset 0, flags [none], proto IPv6 (41), length 84)
98.240.183.153 > 216.14.98.22: (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:4978:f:4aa::1
tcpdump on gif0 interface:
18:58:58.282189 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 155
18:58:59.282190 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 156
18:59:00.282182 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 157
18:59:01.282149 AF IPv6 (28), length 68: (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:4978:f:4aa::1
18:59:01.282235 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 158
18:59:02.282147 AF IPv6 (28), length 68: (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:4978:f:4aa::1
18:59:02.282234 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 159
18:59:03.282146 AF IPv6 (28), length 68: (hlim 255, next-header ICMPv6 (58) payload length: 24) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, neighbor solicitation, length 24, who has 2001:4978:f:4aa::1
18:59:03.282230 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 160
18:59:04.282194 AF IPv6 (28), length 60: (hlim 64, next-header ICMPv6 (58) payload length: 16) 2001:4978:f:4aa::2 > 2001:4978:f:4aa::1: [icmp6 sum ok] ICMP6, echo request, length 16, seq 161
Trouble with Static Tunnel - nothing back from PoP
Shadow Hawkins on Sunday, 10 April 2011 17:14:09
You don't appear to have a gateway.
Trouble with Static Tunnel - nothing back from PoP
Shadow Hawkins on Sunday, 10 April 2011 23:34:54
Thanks, that fixed it - but I'm a bit perplexed.
I'm not sure why I needed a default gateway on a point-to-point link. I was doing my pings/traces from the machine terminating the tunnel. So the other end of the tunnel is on the same subnet.
I think it's a pfSense bug of some sort. I added the gateway like you suggested, then removed it, re-added my Hurricane Electric tunnel as an additional tunnel, and all is behaving well now.
Thanks again.
|
Posting is only allowed when you are