Got no packets back from pop deham01.sixxs.net
Shadow Hawkins on Saturday, 23 June 2007 20:01:29
After reading quite a while to get a solution for my setup problem of my first sixxs ipv6 tunnel, i ask for assistance in this forum.
In my understanding, my setup is correct. If i start the tunnel, all logs shows mye that everythins is fine, but i can't ping to the remote pop node at ipv6 level. The other ipv6 ping to my loopback interface and my local node is ok.
A tcpdump at ipv4 level shows me, that there no replys from deham01.sixxs.net, so it is quite clear, that the ipv6 ping got no answer.
username FMR2-SIXXS
Tunnel ID T11955
Logextract from sixxs startup:
Jun 23 19:41:04 (none) local7.debug syslog: sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)"
Jun 23 19:41:04 (none) local7.debug syslog: sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-gui Linux/2.4.33.3"
Jun 23 19:41:04 (none) local7.debug syslog: sock_getline() : "200 Client Identity accepted"
Jun 23 19:41:04 (none) local7.debug syslog: sock_printf() : "get unixtime"
Jun 23 19:41:04 (none) local7.debug syslog: sock_getline() : "200 1182620464"
Jun 23 19:41:04 (none) local7.debug syslog: sock_printf() : "username FMR2-SIXXS"
Jun 23 19:41:04 (none) local7.debug syslog: sock_getline() : "200 Choose your authentication challenge please"
Jun 23 19:41:04 (none) local7.debug syslog: sock_printf() : "challenge md5"
Jun 23 19:41:04 (none) local7.debug syslog: sock_getline() : "200 xxxxxxxxxxxxxxxxxxxxxx"
Jun 23 19:41:04 (none) local7.debug syslog: sock_printf() : "authenticate md5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "200 Succesfully logged in using md5 as FMR2-SIXXS (Frank Matthiess) from 83.191.171.200"
Jun 23 19:41:05 (none) local7.debug syslog: sock_printf() : "tunnel show T11955"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "201 Showing tunnel information for T11955"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "TunnelId: T11955"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "Type: ayiya"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "IPv6 Endpoint: 2001:6f8:900:902::2"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "IPv6 POP: 2001:6f8:900:902::1"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "IPv6 PrefixLength: 64"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "Tunnel MTU: 1280"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "Tunnel Name: matthiess.lan6 Tunnel"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "POP Id: deham01"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "IPv4 Endpoint: ayiya"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "IPv4 POP: 212.224.0.188"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "UserState: enabled"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "AdminState: enabled"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "Password: dxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "Heartbeat_Interval: 60"
Jun 23 19:41:05 (none) local7.debug syslog: sock_getline() : "202 Done"
Jun 23 19:41:05 (none) local7.info syslog: Succesfully retrieved tunnel information for T11955
Jun 23 19:41:05 (none) local7.debug syslog: sock_printf() : "QUIT Running Down That Hill"
Jun 23 19:41:05 (none) local7.info syslog: AICCU running as PID 860
Jun 23 19:41:06 (none) local7.info syslog: [AYIYA-start] : Anything in Anything (draft-02)
Jun 23 19:41:06 (none) local7.info syslog: [AYIYA-tun->tundev] : (Socket to TUN) started
Jun 23 19:41:15 (none) user.debug kernel: sixxs: no IPv6 routers present
Hardware Linksys WRT54GS 1.1
Distribution FreeWRT 1.0 Build 2555
OS Linux 2.4.33.3
CPU Broadcom BCM947XX
BCM3302 V0.7
List of installed packages:
aiccu - 20070115-1 -
fping - 2.4b2_to-ipv6-1 -
ip6tables - 1.3.6-5 -
kmod-ip6tables - 2.4.33.3-brcm-1 -
kmod-ipv6 - 2.4.33.3-brcm-1 -
root@netsrv:/tmp# aiccu version
AICCU 2007.01.15-gui by Jeroen Massar
List of loaded kernel modules:
Module Size Used by Tainted: P
ppp_async 8508 0 (unused)
pppoe 9800 0 (unused)
pppox 1420 1 [pppoe]
ppp_generic 24308 0 [ppp_async pppoe pppox]
slhc 6704 0 [ppp_generic]
ipip 7920 0 (unused)
ip_conntrack_tftp 1776 0 (unused)
ip_nat_snmp_basic 9776 0 (unused)
ip_nat_pptp 2476 0 (unused)
ip_conntrack_pptp 3132 1
ip_nat_rtsp 5776 0 (unused)
ip_conntrack_rtsp 5160 1
ip_nat_mms 3152 0 (unused)
ip_conntrack_mms 3520 1
ip_nat_h323 2312 0 (unused)
ip_conntrack_h323 2408 1
ip_nat_proto_gre 1648 0 (unused)
ip_conntrack_proto_gre 2536 0 [ip_nat_pptp ip_conntrack_pptp]
ip_conntrack_amanda 1264 0 (unused)
wlcompat 14896 0 (unused)
tun 4696 3
ipv6 216032 -1
wl 423640 0 (unused)
switch-robo 4860 0 (unused)
switch-core 5120 0 [switch-robo]
diag 3440 0 (unused)
root@netsrv:/tmp# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:0f:66:c8:6a:d8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:fec8:6ad8/64 scope link
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:90:4c:5f:00:2a brd ff:ff:ff:ff:ff:ff
4: eth0.0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:0f:66:c8:6a:d8 brd ff:ff:ff:ff:ff:ff
inet 10.0.1.2/24 brd 10.0.1.255 scope global eth0.0
inet6 fe80::20f:66ff:fec8:6ad8/64 scope link
5: eth0.1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
link/ether 00:0f:66:c8:6a:d8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::20f:66ff:fec8:6ad8/64 scope link
9: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,100> mtu 1460 qdisc pfifo_fast qlen 3
link/ppp
inet 83.191.171.200 peer 83.191.160.1/32 scope global ppp0
10: sit0@NONE: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
11: sixxs: <POINTOPOINT,MULTICAST,NOARP,UP> mtu 1280 qdisc pfifo_fast qlen 10
link/[65534]
inet6 2001:6f8:900:902::2/64 scope global
inet6 fe80::4f8:900:902:2/64 scope link
root@dose:~# ping -c 3 212.224.0.188
PING 212.224.0.188 (212.224.0.188): 56 data bytes
84 bytes from 212.224.0.188: icmp_seq=0 ttl=52 time=71.8 ms
84 bytes from 212.224.0.188: icmp_seq=1 ttl=52 time=73.6 ms
84 bytes from 212.224.0.188: icmp_seq=2 ttl=52 time=71.7 ms
round-trip min/avg/max = 71.7/72.3/73.6 ms
root@netsrv:/tmp# ip route show
83.191.160.1 dev ppp0 src 83.191.171.200
10.0.1.0/24 dev eth0.0 src 10.0.1.2
default via 83.191.160.1 dev ppp0
root@netsrv:/tmp# ip -6 route show
2001:6f8:900:902::/64 dev sixxs metric 256
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth0.0 metric 256
fe80::/64 dev eth0.1 metric 256
fe80::/64 dev sixxs metric 256
ff00::/8 dev eth0 metric 256
ff00::/8 dev eth0.0 metric 256
ff00::/8 dev eth0.1 metric 256
ff00::/8 dev sixxs metric 256
default dev eth0.0 metric 256
default dev eth0 metric 256
default dev eth0.1 metric 256
default dev sixxs metric 256
default via 2001:6f8:900:902::1 dev sixxs metric 1024
unreachable default dev lo metric -1 error -128
root@dose:~# traceroute to deham01.sixxs.net (212.224.0.188), 30 hops max, 38 byte packets
1 d83-191-160-1.cust.tele2.de (83.191.160.1) 60.387 ms 58.762 ms 60.243 ms
2 fraz-mgmt-2.gigabiteth2-4.swip.net (212.151.144.205) 59.657 ms 59.669 ms 57.995 ms
3 64.208.110.241 (64.208.110.241) 60.443 ms 59.270 ms 60.231 ms
4 Easynet-LTD-FRA.ge-4-2-0.ar2.FRA3.gblx.net (207.138.128.22) 60.198 ms 59.236 ms 60.455 ms
5 ge0-0-0-22.br0.ixfra.de.easynet.net (212.224.4.162) 59.952 ms 60.349 ms 59.987 ms
6 ge0-3-0-0.br1.isham.de.easynet.net (194.64.4.118) 69.316 ms 67.360 ms 68.115 ms
7 ge5-1.br3.isham.de.easynet.net (194.64.4.42) 68.575 ms 68.702 ms 67.913 ms
8 ge9-15.cr20.isham.de.easynet.net (212.224.4.93) 68.831 ms 68.222 ms 67.874 ms
9 deham01.sixxs.net (212.224.0.188) 68.718 ms 70.551 ms 68.771 ms
aiccu.conf:
#
# /etc/aiccu.conf
#
username FMR2-SIXXS
password XXXXXXXXXX
tunnel_id T11955
#protocol tic
#server 212.224.0.188
ipv6_interface sixxs
verbose true
#
#
daemonize true
automatic true
requiretls false
#pidfile /var/run/aiccu.pid
defaultroute true
#setupscript /usr/local/etc/aiccu-subnets.sh
#makebeats true
With a runnig "fping6 -l i 2500 2001:6f8:900:902::1" i got this tcpdump:
# tcpdump -i ppp0 -n host 212.224.0.188
19:51:01.572282 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:51:03.582266 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:51:05.592267 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:51:06.371812 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 44
...
...
19:52:19.952266 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:52:21.962265 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
No reply at this run, but sometimes i got one packet back.
The question is: Linuxproblem as stated in some posting around?
Or is something in my send packets wrong, that deham01.sixxs.net wont reply on that.
Or is my setup brocken, or is the aiccu binary broken?
Does someone use a similar setup and is up and running, espacialy with FreeWRT?
Any hints?
Got no packets back from pop deham01.sixxs.net
Shadow Hawkins on Saturday, 23 June 2007 19:54:00
Ah. I forgot.
My sixxs tunnel endpoint is the border gateway with no firewallfilter, which prevent the ip traffic. This is of cause at nat router as i use tele2 dsl with dynamic ip.
A "# fping6 -l -i 2000 2001:6f8:900:902::1" give me this tcpdump:
# tcpdump -i ppp0 -n host 212.224.0.188
19:51:01.572282 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:51:03.582266 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:51:05.592267 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:51:06.371812 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 44
...
...
19:52:19.952266 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
19:52:21.962265 IP 83.191.171.200.1128 > 212.224.0.188.5072: UDP, length 152
Sometimes, but not now, i got one reply at ipv4 level.
Got no packets back from pop deham01.sixxs.net
Jeroen Massar on Saturday, 23 June 2007 21:36:50
The big question here is who compiled your version of AICCU and why didn't they use the make file supplied by AICCU? (Or how else did they break this? :)
unix-console/Makefile contains:
# Linux
ifeq ($(shell uname | grep -c "Linux"),1)
CFLAGS += -D_LINUX -D HAS_IFHEAD -D AICCU_TYPE="\"linux\""
SRCS += ../common/aiccu_linux.c
OBJS += ../common/aiccu_linux.o
LDFLAGS += -lpthread -lresolv
endif
That HAS_IFHEAD (and also NEED_IFHEAD on some platforms) flag is *VERY* crucial and clearly it was not set when the source code was compiled as the ethernet header is still included in the packets your version of aiccu is sending. And that is why it is not working as then, even though the packet claims to be IPv6, it does not start with a proper IPv6 header (a '6')...
Please contact the person/org who compiled your version, and point them to this. Also please let them explain why it went wrong so that we can avoid that in the future.
Got no packets back from pop deham01.sixxs.net
Shadow Hawkins on Saturday, 23 June 2007 22:46:39
Thanks for repling so fast ;-)
I will ask this on the freewrt ml and i will take a look in the svn repo for the makefile. I'm not an expirienced programmer, but i will take a look on it.
If i setup a new and hopefully fixed version, i let you know.
An addintional tcpdump on sixxs interface shows me, that the remote node pings my ipv6 node all 30 seconds, which my node responds immediately.
Got no packets back from pop deham01.sixxs.net
Jeroen Massar on Saturday, 23 June 2007 23:15:25
Correct, it is sending traffic and packets are arriving at the PoP but the contents have 4 bytes which should not be there and that is breaking it.
Got no packets back from pop deham01.sixxs.net
Shadow Hawkins on Sunday, 24 June 2007 00:55:50
i have stopped aiccu so far.
The build of the aiccu binary wrong. The log of the make show no HAS_IFHEAD for the files.
As i stated before, i'm not a programmer, but with this info, this should be fixed easily by the maintainer.
Got no packets back from pop deham01.sixxs.net
Carmen Sandiego on Monday, 25 June 2007 20:31:30
Out of curiosity, what did you see in the results above that told you this was the problem? I'm having a very similar problem, and I want to know if it's the same.
Also, if it is the same, would changing to a heatbeat tunnel instead work around it?
Got no packets back from pop deham01.sixxs.net
Jeroen Massar on Monday, 25 June 2007 21:27:10
See Wikipedia's AYIYA page or the draft for the packet layout. In effect it is (when looking on the IPv4 interface where the packets are tunneled over:
[ IPv4 ]
[ UDP ]
[ AYIYA ]
[ IPv6 ]
The AYIYA header, as shown on the above mentioned page, is easily recognizeable, it contains as Identity a 128bits number, which is the IPv6 address of the client side of the tunnel, aka ::2 of your tunnel. Find the first occurrence of it, after that there are 20 bytes which are the SHA-1 hash, pretty random bits, then the important bit, the actual IPv6 packet. this should start with a '6' (in hex) as that is IPv6 and then some bits and 2x an IPv6 address (src+dst) and the rest.
At least that is a good packet, a bad packet has instead of the '6', "0000 86DD 6..." when you see that combination, you know that it is wrong. The "0000 86DD" bit is the identifier on Tun/Tap interface specifying that the packet received is an IPv6 packet. AICCU normally strips this, but when the compilation doesn't specify HAS_IFHEAD then that stripping part is skipped (as some OS's don't need it) and then the ethertype header remains in the packet and gets sent anyway.
Got no packets back from pop deham01.sixxs.net
Carmen Sandiego on Monday, 25 June 2007 21:55:45
I'm not sure that actually naswered my question, but it's very interesting none the less. I think what I was actually looking for was that an ICMPv6 ping (56 bytes of data) should come to 148 byte length, whereas mine, an the original posters, are coming to 152.
For the record, I figured this out because, from memory, ICMPv6 Echo Requests and Echo Replies should be the same size, and I watched my PoP ping with 148 byte length in tcpdump, and my box reply with 152.
Thanks.
Got no packets back from pop deham01.sixxs.net
Jeroen Massar on Tuesday, 26 June 2007 00:03:02
That is correct, and the four extra bytes are: 0000 86dd
Those are the 4 bytes which are supposed to be stripped, but are not.
Got no packets back from pop deham01.sixxs.net
Carmen Sandiego on Tuesday, 26 June 2007 10:41:47
Thanks. For the record, I'm using OpenWRT's Kamikaze 7.06 build, and have filed a bug at https://dev.openwrt.org/ticket/1971 . The version of the problem package is 20070115-1.
It looks like they applied a patch ( https://dev.openwrt.org/browser/packages/ipv6/aiccu/patches/100-cross_compile.patch ) to the makefile that takes into account cross-compiling, and it may be the source of the problem.
Got no packets back from pop deham01.sixxs.net
Shadow Hawkins on Saturday, 30 June 2007 10:21:15
I try the patch against the freewrt source, but this doesnt' help. because the problem is in front of laptop. In parallel i descibe the problem un the freewrt user list and got a response by waldemar brotkorb, that this can hopefully fixed in minutes ;-). The question now is, when this minutes a running ;-). So i stay tuned to the mailinglist and will report the test with the new and hopefully fixed packet.
Meanwhile i setup my laptop with aiccu on debian etch, and this runs out of the box. The etch paket, which are NOT in the debian repository(?!1?!) ist available at http://pkern.debian.net/ especially at http://pkern.debian.net/pool/main/a/aiccu/.
Got no packets back from pop deham01.sixxs.net
Shadow Hawkins on Monday, 02 July 2007 17:49:25
The problem is solved, the bug in the freewrt aiccu package is fixed.
I try the freewrt build 3054, which has the corrected aiccu package. Now it runs out of the box.
Thanks for support to Jeroen from sixxs,, Waldemar Brodkorb and Ralph Passgang from freewrt.
Next step is to get a subnet running with radvd, but this should be easier ;-).
Frank.
Posting is only allowed when you are logged in. |