|
Sixxs on Apple Timecapsule / Airport Extreme
![[mt]](/s/countries/mt.gif) Shadow Hawkins on Monday, 02 May 2011 23:08:20
I have been trying to get IPv6 on my Apple Timecapsule with no success. Here's what I did:
1) Sign up to SixXS and got a /48 subnet.
2) Using the Airport utility, configured the airport as follows:
IPv6 Mode: Tunnel
Block Incoming IPv6 Connections: Checked
Configure IPv6: Manually
Remote IPv4 Address: [SixXS IPv4 from setup email]
WAN IPv6 Address: [Your IPv6 from setup email]
IPv6 Default Route: [SixXS IPv6 from setup email]
LAN IPv6 Address: my subnet prefix, in the form xxxx:xxxx:xxx::
Then in the IPv6 firewall section I added an exception to allow all services and ports on the WAN IPv6 (your IPv6) address.
When I update the timecapsule with these settings, the device initially says normal, but then switches to "IPv6 Tunnel Error".
I'm using the latest firmware 7.5.2. The tunnel type is 6-in-4 static.
Traceroute:
Keith-Vassallos-iMac-2:~ keith$ traceroute ipv6.google.com
traceroute: unknown host ipv6.google.com
ifconfig -a:
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 04:1e:64:eb:06:20
inet6 fe80::61e:64ff:feeb:620%en1 prefixlen 64 scopeid 0x6
inet 10.0.1.24 netmask 0xffffff00 broadcast 10.0.1.255
inet6 2001:1418:203::61e:64ff:feeb:620 prefixlen 64 autoconf
media: autoselect
status: active
Would appreciate any help on this!
Keith Vassallo
Sixxs on Apple Timecapsule / Airport Extreme
Check the Wiki, there is an article about people using these devices with success in some situations but also hitting bugs for others.
When I update the timecapsule with these settings, the device initially says normal, but then switches to "IPv6 Tunnel Error".
No idea here, but as it is protocol-41 the only error that can occur is a setup error, eg commands not being able to be properly completed, or if Apple implemented it, check for ICMP protocol 41 unreachables being sent back from the remote side, but I don't think anybody implemented that.
Traceroute: Keith-Vassallos-iMac-2:~ keith$ traceroute ipv6.google.com traceroute: unknown host ipv6.google.com
That makes sense of course, as 'traceroute' is an IPv4 only command on most platforms (and most Apple products are effectively BSD-based and thus have the same semantics in most cases). Try traceroute6.
But it seems you are trying this from an iMac, and I can only assume that is a host behind the Timecapsule/Extreme.
How are these devices connected? Are they directly connected to the Internet or sitting behind a NAT?
Sixxs on Apple Timecapsule / Airport Extreme
Shadow Hawkins on Tuesday, 03 May 2011 15:31:34
I configured the Time Capsule by following the wiki and various forum posts. The primary bug encountered by most is that some firmware versions require a static Internet connection or the tunnel won't work. This is however solved in firmware 7.5.2 (which is what I'm using) and I have a static IP anyway.
How are these devices connected? Are they directly connected to the Internet or sitting behind a NAT?
(Cable) Internet with 1 static IP -> Modem -> Time Capsule -> my iMac via wifi over NAT.
This means there's a NAT, and the devices have a private IP (both IPv4 and IPv6). Though the problem seems to be at the Time Capsule, since it is reporting the error (although i admit its not a helpful error at all as all it says is IPv6 Tunnel Error!). I've also checked the Time Capsule logs and there's nothing about IPv6 errors.
Try traceroute6.
Of course! That totally slipped my mind. The following is the output of the ping6 and traceroute6 commands.
Keith-Vassallos-iMac-2:~ keith$ ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:1418:203::61e:64ff:feeb:620 --> 2a00:1450:400c:c01::6a
Request timeout for icmp_seq=0
Request timeout for icmp_seq=1
Request timeout for icmp_seq=2
Request timeout for icmp_seq=3
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
So pinging google doesn't work. Pinging my router (i.e. the Time Capsule) does work though - so at least there's local IPv6.
Keith-Vassallos-iMac-2:~ keith$ traceroute6 ipv6.google.com
traceroute6 to ipv6.l.google.com (2a00:1450:400c:c01::6a) from 2001:1418:203::61e:64ff:feeb:620, 64 hops max, 12 byte packets
1 2001:1418:203::6233:4bff:fe2e:6b83 178.301 ms 0.766 ms 0.648 ms
2 * * *
And it continues with * * * (I waited till 25 hops and gave up - a normal traceroute takes 12 hops).
Sixxs on Apple Timecapsule / Airport Extreme
(Cable) Internet with 1 static IP -> Modem -> Time Capsule -> my iMac via wifi over NAT.
Which device does the NAT function? The Modem or the Time Capsule?
Better question: does the Time Capsule get your public IPv4 address?
And of course then it still depends on the fact if between your IP and the PoP proto-41 is not filtered out.
So pinging google doesn't work. Pinging my router (i.e. the Time Capsule) does work though - so at least there's local IPv6.
Well, it is at least clear that it is the tunnel which gives the issue.
Sixxs on Apple Timecapsule / Airport Extreme
Shadow Hawkins on Tuesday, 03 May 2011 16:02:36Which device does the NAT function? The Modem or the Time Capsule?
The Time Capsule.
Better question: does the Time Capsule get your public IPv4 address?
Yes.
then it still depends on the fact if between your IP and the PoP proto-41 is not filtered out.
Is there any way to check this?
Sixxs on Apple Timecapsule / Airport Extreme
The trick of old: traceroute to the PoP, and then do a 'hping' to every hop using proto-41 and hope that the node that filters also replies with ICMP denied or similar.
Sixxs on Apple Timecapsule / Airport Extreme
Shadow Hawkins on Tuesday, 03 May 2011 16:50:58
Just to confirm - I should traceroute (not traceroute6?) to the PoP and then using hping3 on every hop? Would you be so kind as to give me the command I should use for hping3?
I'm trying:
sudo hping3 -0 -t 1 xxx.xxx.xxx.xxx
but that doesn't seem to be doing anything.
Also, something strange is going on. traceroute6 is now working:
My PoP is ittrn01 (2001:1418:100:416::1)
Keith-Vassallos-iMac-2:~ keith$ traceroute6 2001:1418:100:416::1
traceroute6 to 2001:1418:100:416::1 (2001:1418:100:416::1) from 2001:1418:203::61e:64ff:feeb:620, 64 hops max, 12 byte packets
1 2001:1418:203::6233:4bff:fe2e:6b83 0.816 ms 0.610 ms 0.585 ms
2 gw-1047.trn-01.it.sixxs.net 60.796 ms 55.628 ms 55.686 ms
Keith-Vassallos-iMac-2:~ keith$ traceroute6 ipv6.google.com
traceroute6 to ipv6.l.google.com (2a00:1450:400c:c01::6a) from 2001:1418:203::61e:64ff:feeb:620, 64 hops max, 12 byte packets
1 2001:1418:203::6233:4bff:fe2e:6b83 0.743 ms 0.542 ms 0.556 ms
2 gw-1047.trn-01.it.sixxs.net 53.855 ms 52.269 ms 51.706 ms
3 gw-1047.trn-01.it.sixxs.net 50.598 ms 52.314 ms 49.315 ms
Sixxs on Apple Timecapsule / Airport Extreme
No idea, long time ago that I used hping, there is an option though for specifying protocol 41, and then you can use that to ping hosts. Generally when they filter that protocol they will then respond with admin denied, or just drop the packet, while if they allow it to pass they will just respond with icmp too many hops.
Also, something strange is going on. traceroute6 is now working:
Looks like that works indeed.
Keith-Vassallos-iMac-2:~ keith$ traceroute6 ipv6.google.com traceroute6 to ipv6.l.google.com (2a00:1450:400c:c01::6a) from 2001:1418:203::61e:64ff:feeb:620, 64 hops max, 12 byte packets 1 2001:1418:203::6233:4bff:fe2e:6b83 0.743 ms 0.542 ms 0.556 ms 2 gw-1047.trn-01.it.sixxs.net 53.855 ms 52.269 ms 51.706 ms 3 gw-1047.trn-01.it.sixxs.net 50.598 ms 52.314 ms 49.315 ms
That is rather strange though, should be quite a few more hops after number 2 and it should note repeat as numbero 3....
Effectively it should go like:
traceroute to ipv6.google.com (2a00:1450:400c:c00::6a), 30 hops max, 40 byte packets
1 if-1-12.charleston.CBQ.TRN.ipv6.ITgate.net (2001:1418:10:2::1) 0.586 ms 0.574 ms 0.563 ms
2 if-0-0.scrappy-monster.core.TRN.ipv6.ITgate.net (2001:1418:1:101::5) 1.448 ms 1.568 ms 1.606 ms
3 core1.ams.net.google.com (2001:7f8:1::a501:5169:2) 20.433 ms 20.267 ms 20.280 ms
4 2001:4860::1:0:8 (2001:4860::1:0:8) 21.165 ms 2001:4860::1:0:4b3 (2001:4860::1:0:4b3) 20.984 ms 20.822 ms
5 2001:4860::8:0:2ac4 (2001:4860::8:0:2ac4) 25.130 ms * 24.978 ms
6 2001:4860::1:0:2af6 (2001:4860::1:0:2af6) 24.908 ms 25.140 ms 25.522 ms
7 2001:4860:0:1::225 (2001:4860:0:1::225) 35.305 ms 26.626 ms 2001:4860:0:1::227 (2001:4860:0:1::227) 35.374 ms
8 2a00:1450:400c:c00::6a (2a00:1450:400c:c00::6a) 24.834 ms 24.265 ms 24.262 ms
Sixxs on Apple Timecapsule / Airport Extreme
Shadow Hawkins on Wednesday, 04 May 2011 10:30:51
I used the following command:
sudo hping3 -0 -t 1 -H 41 -T 213.254.12.34
This is supposed to perform a traceroute to my PoP and then use hping on every hop. When I run this, I get the following:
Keith-Vassallos-iMac-2:~ keith$ sudo hping3 -0 -t 1 -H 41 -T 213.254.12.34
Password:
HPING 213.254.12.34 (en1 213.254.12.34): raw IP mode set, 20 headers + 0 data bytes
hop=1 TTL 0 during transit from ip=10.0.1.1 name=UNKNOWN
hop=2 TTL 0 during transit from ip=10.48.32.1 name=UNKNOWN
hop=3 TTL 0 during transit from ip=212.56.128.65 name=UNKNOWN
hop=4 TTL 0 during transit from ip=212.56.129.100 name=g200-south02.csr01.melita.com
hop=5 TTL 0 during transit from ip=151.5.142.1 name=UNKNOWN
hop=6 TTL 0 during transit from ip=151.6.125.194 name=pavb-b01-ge2-0.70.wind.it
hop=7 TTL 0 during transit from ip=151.6.4.5 name=rmid-t02-rmas-t02-po02.wind.it
hop=8 TTL 0 during transit from ip=151.6.1.53 name=rmid-t02-micl-n01-po02.wind.it
hop=9 TTL 0 during transit from ip=151.6.2.182 name=UNKNOWN
The output stops there - I waited for 20 minutes and it's always stuck on hop 9. I then stop it (ctrl+c) and the following shows up:
--- 213.254.12.34 hping statistic ---
104 packets tramitted, 9 packets received, 92% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
I also noticed that if I perform a traceroute to the PoP in another terminal window whilst hping is running, it picks it up. Other hops show up, and the output stops with:
ICMP Port Unreachable from ip=213.254.12.34 name=frejus.itgate.net <-- This is the PoP
--- 213.254.12.34 hping statistic ---
140 packets tramitted, 45 packets received, 68% packet loss
round-trip min/avg/max = 0.0/0.0/0.0 ms
|
![[ch]](/s/countries/ch.gif)
on Tuesday, 03 May 2011 11:07:49
Posting is only allowed when you are