|
tunnel problem ??
![[hr]](/s/countries/hr.gif) Shadow Hawkins on Tuesday, 20 September 2011 22:49:48
from today my tunnel dont work anymore .. here is my working setup.
root@pila ~]# sixxs-aiccu test /usr/local/etc/aiccu.conf
Tunnel Information for T29589:
POP Id : simbx01
IPv6 Local : 2001:15c0:65ff:3dd::2/64
IPv6 Remote : 2001:15c0:65ff:3dd::1/64
Tunnel Type : 6in4-heartbeat
Adminstate : enabled
Userstate : enabled
add net default: gateway 2001:15c0:65ff:3dd::1
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.1.111)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 192.168.1.111 (192.168.1.111): 56 data bytes
64 bytes from 192.168.1.111: icmp_seq=0 ttl=64 time=0.226 ms
64 bytes from 192.168.1.111: icmp_seq=1 ttl=64 time=0.130 ms
64 bytes from 192.168.1.111: icmp_seq=2 ttl=64 time=0.143 ms
--- 192.168.1.111 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.130/0.166/0.226/0.043 ms
######
Did this work? [Y/n] y
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (212.18.63.73)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 212.18.63.73 (212.18.63.73): 56 data bytes
64 bytes from 212.18.63.73: icmp_seq=0 ttl=57 time=41.871 ms
64 bytes from 212.18.63.73: icmp_seq=1 ttl=57 time=38.945 ms
64 bytes from 212.18.63.73: icmp_seq=2 ttl=57 time=42.040 ms
--- 212.18.63.73 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 38.945/40.952/42.040/1.421 ms
######
Did this work? [Y/n] y
####### [3/8] Traceroute to the PoP (212.18.63.73) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 212.18.63.73 (212.18.63.73), 64 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 0.898 ms 1.578 ms 1.485 ms
2 * * *
3 172.29.16.129 (172.29.16.129) 16.706 ms 16.393 ms 17.247 ms
4 gtr10-gdr10.ip.t-com.hr (195.29.240.105) 15.781 ms 15.221 ms 14.979 ms
5 vix.amis.net (193.203.0.117) 35.846 ms 34.070 ms 66.222 ms
6 mx-mb-te-1-2-1.amis.net (212.18.44.149) 38.902 ms 38.534 ms 39.838 ms
7 maribor3-te-7-4.amis.net (212.18.44.134) 37.154 ms 37.488 ms 39.962 ms
8 simbx01.sixxs.net (212.18.63.73) 38.949 ms 38.158 ms 39.426 ms
######
Did this work? [Y/n] y
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING6(56=40+8+8 bytes) ::1 --> ::1
16 bytes from ::1: Echo Request
16 bytes from ::1, icmp_seq=0 hlim=64 dst=::1%8 time=1.002 ms
16 bytes from ::1: Echo Request
16 bytes from ::1, icmp_seq=1 hlim=64 dst=::1%8 time=0.362 ms
16 bytes from ::1: Echo Request
16 bytes from ::1, icmp_seq=2 hlim=64 dst=::1%8 time=0.360 ms
--- ::1 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.360/0.575/1.002/0.302 ms
######
Did this work? [Y/n] y
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:15c0:65ff:3dd::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING6(56=40+8+8 bytes) 2001:15c0:65ff:3dd::2 --> 2001:15c0:65ff:3dd::2
--- 2001:15c0:65ff:3dd::2 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
######
Did this work? [Y/n] n
[root@pila ~]#
[root@pila ~]# ifconfig gif0 destroy
[root@pila ~]# service sixxs-aiccu start
Tunnel Information for T29589:
POP Id : simbx01
IPv6 Local : 2001:15c0:65ff:3dd::2/64
IPv6 Remote : 2001:15c0:65ff:3dd::1/64
Tunnel Type : 6in4-heartbeat
Adminstate : enabled
Userstate : enabled
[root@pila ~]#
[root@pila ~]# ifconfig gif0
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
tunnel inet 192.168.1.111 --> 212.18.63.73
inet6 fe80::220:a6ff:fe4f:6aaa%gif0 prefixlen 64 scopeid 0xd
inet6 2001:15c0:65ff:3dd::2 --> 2001:15c0:65ff:3dd::1 prefixlen 128
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
options=1<ACCEPT_REV_ETHIP_VER>
[root@pila ~]#
[root@pila ~]# ping6 2001:15c0:65ff:3dd::1
PING6(56=40+8+8 bytes) 2001:15c0:65ff:3dd::2 --> 2001:15c0:65ff:3dd::1
^C
--- 2001:15c0:65ff:3dd::1 ping6 statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss
[root@pila ~]#
[root@pila ~]# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 0 1947 wlan1
10.42.1.0/24 link#9 U 0 525 wlan0
10.42.1.1 link#9 UHS 0 615 lo0
10.42.2.0/24 link#11 U 0 27374 wlan2
10.42.2.1 link#11 UHS 0 0 lo0
127.0.0.1 link#8 UH 0 39179 lo0
192.168.1.0/24 link#10 U 0 35 wlan1
Internet6:
Destination Gateway Flags Netif Expire
::/96 ::1 UGRS lo0 =>
default 2001:15c0:65ff:3dd::1 UGS gif0
::1 ::1 UH lo0
::ffff:0.0.0.0/96 ::1 UGRS lo0
2001:15c0:65ff:3dd::1 2001:15c0:65ff:3dd::2 UH gif0
2001:15c0:672a::/64 link#9 U wlan0
2001:15c0:672a::1 link#9 UHS lo0
2001:15c0:672a:a::/64 link#11 U wlan2
2001:15c0:672a:a::1 link#11 UHS lo0
fe80::/10 ::1 UGRS lo0
fe80::%rl0/64 link#4 U rl0
fe80::20e:2eff:feb0:8346%rl0 link#4 UHS lo0
fe80::%lo0/64 link#8 U lo0
fe80::1%lo0 link#8 UHS lo0
fe80::%wlan0/64 link#9 U wlan0
fe80::220:a6ff:fe4f:6aaa%wlan0 link#9 UHS lo0
fe80::%wlan1/64 link#10 U wlan1
fe80::201:36ff:fe13:a52c%wlan1 link#10 UHS lo0
fe80::%wlan2/64 link#11 U wlan2
fe80::76ea:3aff:fec1:326e%wlan2 link#11 UHS lo0
fe80::%gif0/64 link#13 U gif0
fe80::220:a6ff:fe4f:6aaa%gif0 link#13 UHS lo0
ff01::%rl0/32 fe80::20e:2eff:feb0:8346%rl0 U rl0
ff01::%lo0/32 ::1 U lo0
ff01::%wlan0/32 fe80::220:a6ff:fe4f:6aaa%wlan0 U wlan0
ff01::%wlan1/32 fe80::201:36ff:fe13:a52c%wlan1 U wlan1
ff01::%wlan2/32 fe80::76ea:3aff:fec1:326e%wlan2 U wlan2
ff01::%gif0/32 fe80::220:a6ff:fe4f:6aaa%gif0 U gif0
ff02::/16 ::1 UGRS lo0
ff02::%rl0/32 fe80::20e:2eff:feb0:8346%rl0 U rl0
ff02::%lo0/32 ::1 U lo0
ff02::%wlan0/32 fe80::220:a6ff:fe4f:6aaa%wlan0 U wlan0
ff02::%wlan1/32 fe80::201:36ff:fe13:a52c%wlan1 U wlan1
ff02::%wlan2/32 fe80::76ea:3aff:fec1:326e%wlan2 U wlan2
ff02::%gif0/32 fe80::220:a6ff:fe4f:6aaa%gif0 U gif0
[root@pila ~]#
any sugestion ??
tunnel problem ??
![[ch]](/s/countries/ch.gif) Shadow Hawkins on Wednesday, 21 September 2011 08:13:52
I guess the problem is that you want to start the tunnel on a box that is "NAT"ted:
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.1.111)
as 192.168.x.y is from the private (RFC 1918) IP range.
For such a setup, you need a ayiya-tunnel, a 6in4-heartbeat one
will not work.
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 08:51:31
and how it worked until yesterday?
2011-09-08 01:15:48
Dynamic Tunnel T29589 is alive for 22 weeks
5
2011-08-11 01:15:52
Dynamic Tunnel T29589 is alive for 18 weeks
5
2011-07-28 01:15:41
Dynamic Tunnel T29589 is alive for 16 weeks
5
2011-07-14 01:16:51
Dynamic Tunnel T29589 is alive for 14 weeks
5
2011-06-30 01:17:03
Dynamic Tunnel T29589 is alive for 12 weeks
5
2011-06-16 01:17:21
Dynamic Tunnel T29589 is alive for 10 weeks
5
2011-06-02 01:16:33
Dynamic Tunnel T29589 is alive for 8 weeks
5
2011-05-19 01:17:48
Dynamic Tunnel T29589 is alive for 6 weeks
5
2011-05-05 01:17:44
Dynamic Tunnel T29589 is alive for 4 weeks
5
2011-04-21 01:19:22
Dynamic Tunnel T29589 is alive for 2 weeks
5
2011-03-16 01:17:05
Dynamic Tunnel T29589 is alive for 10 weeks
5
2011-03-02 01:16:26
Dynamic Tunnel T29589 is alive for 8 weeks
5
2011-02-16 01:19:00
Dynamic Tunnel T29589 is alive for 6 weeks
5
2011-02-02 01:15:37
Dynamic Tunnel T29589 is alive for 4 weeks
5
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 09:20:49
Maybe your provider does not assign any routable IP-Adress to you any more,
i.e. has switched to "carrier grade NAT"?
I can't see any routable IP-Adress in your routing table, only
loopback and private ones:
[root@pila ~]# netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 0 1947 wlan1
10.42.1.0/24 link#9 U 0 525 wlan0
10.42.1.1 link#9 UHS 0 615 lo0
10.42.2.0/24 link#11 U 0 27374 wlan2
10.42.2.1 link#11 UHS 0 0 lo0
127.0.0.1 link#8 UH 0 39179 lo0
192.168.1.0/24 link#10 U 0 35 wlan1
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 09:39:46
i have tested nat with online port scanner tools and it works .. my ports are opened and i can reach my server.
http://imageshack.us/photo/my-images/801/naty.png/
strange is that i can see UDP packets from my ipv4 PoP to me anymore but can see other incoming UDP services (for example NTP service)
tunnel problem ??
i have tested nat with online port scanner tools and it works .. my ports are opened and i can reach my server.
Ports maybe, but protocols!?
The big problem of having a proto-41 tunnel behind a NAT is that the moment the NAT sees another proto-41 endpoint it will not know where to send the packets too.
Your traceroute and routing tables indicate that all three RFC1918 blocks (192.168.0.0/16 used by your NAT box, 172.16.0.0/12 by the ISP internally where your NAT box gets an address out of and 10.0.0.0/8 used locally), which has to indicate that you are behind two layers of NAT (your gigaset NAT box and the NAT of the ISP) and you don't control both of those, and there will likely be multiple people trying to set up proto-41 tunnels behind the ISP's NAT.
strange is that i can see UDP packets from my ipv4 PoP to me anymore
As you are using proto-41 + heartbeat, there is no UDP coming from the PoP (heartbeats are send-only).
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 10:07:49
ok . changed to AYIYA type .. rebooted my DSL line to get new IP from ISP ..
configured sixxs-aiccu to use tun0 instead of gif0 ..
[root@pila ~]# ping6 www.carnet.hr
PING6(56=40+8+8 bytes) 2001:15c0:65ff:3dd::2 --> 2001:b68:ff:1::10
^C
--- www.carnet.hr ping6 statistics ---
8 packets transmitted, 0 packets received, 100.0% packet loss
[root@pila ~]#
[root@pila ~]# tcpdump -i wlan1 -n
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan1, link-type EN10MB (Ethernet), capture size 65535 bytes
10:05:26.933089 IP 192.168.1.111.123 > 161.53.131.232.123: NTPv4, Client, length 48
10:05:26.949726 IP 161.53.131.232.123 > 192.168.1.111.123: NTPv4, Server, length 48
10:05:31.264634 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:32.264915 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:33.263957 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:34.264065 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:35.264122 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:36.264233 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 108
10:05:36.264552 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:37.264296 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 108
10:05:37.264562 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
10:05:38.264363 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 108
10:05:38.264626 IP 192.168.1.111.32200 > 212.18.63.73.5072: UDP, length 100
^C
13 packets captured
13 packets received by filter
0 packets dropped by kernel
[root@pila ~]#
why 212.18.63.73 does not return UDP packets ???
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 10:25:03
and now works ????!!!!
pse tell me that problem was on PoP side ..
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 10:34:08
and now back to heartbeat
PoP Namesimbx01PoP LocationMaribor, Slovenia Slovenia
PoP IPv4212.18.63.73TIC Servertic.sixxs.net (default in AICCU)
Your LocationNovi Marof, Croatia Croatia
Your IPv4Heartbeat, currently unknown
IPv6 Prefix2001:15c0:65ff:3dd::1/64
PoP IPv62001:15c0:65ff:3dd::1
Your IPv62001:15c0:65ff:3dd::2
Created2010-04-25 23:43:41 CEST
Last Alive2011-09-20 15:10:43 CEST
StateHeartbeat (automatically enabled on the fly)
[root@pila ~]# ping6 www.carnet.hr
PING6(56=40+8+8 bytes) 2001:15c0:65ff:3dd::2 --> 2001:b68:ff:1::10
16 bytes from 2001:b68:ff:1::10, icmp_seq=0 hlim=51 time=66.686 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=1 hlim=51 time=66.358 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=2 hlim=51 time=66.653 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=3 hlim=51 time=68.703 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=4 hlim=51 time=66.162 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=5 hlim=51 time=66.937 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=6 hlim=51 time=67.119 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=7 hlim=51 time=67.552 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=8 hlim=51 time=67.244 ms
16 bytes from 2001:b68:ff:1::10, icmp_seq=9 hlim=51 time=69.056 ms
^C
--- www.carnet.hr ping6 statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 66.162/67.247/69.056/0.907 ms
10:31:17.794119 IP 192.168.1.111 > 212.18.63.73: IP6 2001:15c0:65ff:3dd::2 > 2001:b68:ff:1::10: ICMP6, echo request, seq 7, length 16
10:31:17.833279 IP 212.18.63.73 > 192.168.1.111: IP6 2001:15c0:65ff:3dd::1 > 2001:15c0:65ff:3dd::2: ICMP6, neighbor advertisement, tgt is 2001:15c0:65ff:3dd::1, length 24
10:31:17.861410 IP 212.18.63.73 > 192.168.1.111: IP6 2001:b68:ff:1::10 > 2001:15c0:65ff:3dd::2: ICMP6, echo reply, seq 7, length 16
10:31:18.794086 IP 192.168.1.111 > 212.18.63.73: IP6 2001:15c0:65ff:3dd::2 > 2001:b68:ff:1::10: ICMP6, echo request, seq 8, length 16
10:31:18.860886 IP 212.18.63.73 > 192.168.1.111: IP6 2001:b68:ff:1::10 > 2001:15c0:65ff:3dd::2: ICMP6, echo reply, seq 8, length 16
10:31:19.794143 IP 192.168.1.111 > 212.18.63.73: IP6 2001:15c0:65ff:3dd::2 > 2001:b68:ff:1::10: ICMP6, echo request, seq 9, length 16
10:31:19.862754 IP 212.18.63.73 > 192.168.1.111: IP6 2001:b68:ff:1::10 > 2001:15c0:65ff:3dd::2: ICMP6, echo reply, seq 9, length 16
^C
18 packets captured
19 packets received by filter
0 packets dropped by kernel
[root@pila ~]#
but now i have -66 ISK .. it's posible to return lost ISK before problem has occured ?
tunnel problem ??
Shadow Hawkins on Wednesday, 21 September 2011 13:25:40
it's strange that configuration works 22 weeks and one day stop working less than 24h and then back works .. in that ~24h i try everything on my side and nothing helps. but for sixxs admin problem is on my side not on simbx.
for that testing what goes wrong i got loss 60ISK and i would like to know if that can be refund?
|
on Wednesday, 21 September 2011 09:47:11
Posting is only allowed when you are