OpenWRT - Can't ping tunnel endpoint
Shadow Hawkins on Sunday, 02 June 2013 13:01:28
Hi,
I got a tunnel for my wif router and am trying to set up v6 for my wifi devices.
I followed the wiki and the installation went fine and the tunnel comes up:
Link local7.info syslog: Succesfully retrieved tunnel information for T124530
Link local7.info syslog: AICCU running as PID 12022
The trouble I have now is that I'm not able to ping my tunnel endpoint (or any other v6 address).
This really confuses me and I'm glad for any hints where to look for the error.
Here some debug information.
root@Link:~# ip -6 ro
2a01:1e8:e100:XXX::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1220
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1220
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1220
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1220
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1220
fe80::/64 via :: dev sixxs metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1220
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1220
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1220
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220
default dev eth0.0 proto kernel metric 256 mtu 1500 advmss 1220
default dev eth0.1 proto kernel metric 256 mtu 1500 advmss 1220
default dev wl0 proto kernel metric 256 mtu 1500 advmss 1220
default via 2a01:1e8:e100:XXX::1 dev sixxs metric 1024 mtu 1280 advmss 1220
unreachable default dev lo proto none metric -1 error -128 advmss 1220
root@Link:~# ip -6 a
1: lo: <LOOPBACK,UP>
inet6 ::1/128 scope host
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> qlen 1000
inet6 fe80::214:bfff:fec4:eed1/64 scope link
3: eth0.0: <BROADCAST,MULTICAST,PROMISC,UP>
inet6 fe80::214:bfff:fec4:eed1/64 scope link
4: eth0.1: <BROADCAST,MULTICAST,UP>
inet6 fe80::214:bfff:fec4:eed1/64 scope link
6: wl0: <BROADCAST,MULTICAST,PROMISC,UP> qlen 1000
inet6 fe80::214:bfff:fec4:eed3/64 scope link
18: br-lan: <BROADCAST,MULTICAST,UP>
inet6 fe80::214:bfff:fec4:eed1/64 scope link
20: sixxs: <POINTOPOINT,NOARP,UP>
inet6 2a01:1e8:e100:XXX::2/64 scope global
inet6 fe80::8d46:13a/128 scope link
root@Link:~# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
::1/128 :: U 0 1 1 lo
2a01:1e8:e100:XXX::2/128 :: U 0 1 0 lo
2a01:1e8:e100:XXX::/64 :: U 256 4 0 sixxs
fe80::/128 :: U 0 0 0 lo
fe80::8d46:13a/128 :: U 0 0 0 lo
fe80::214:bfff:fec4:eed1/128 :: U 0 0 0 lo
fe80::214:bfff:fec4:eed3/128 :: U 0 0 0 lo
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 eth0.0
fe80::/64 :: U 256 0 0 br-lan
fe80::/64 :: U 256 0 0 eth0.1
fe80::/64 :: U 256 0 0 wl0
fe80::/64 :: U 256 0 0 sixxs
ff02::1:2/128 ff02::1:2 UC 0 7 0 br-lan
ff02::1:3/128 ff02::1:3 UC 0 2 0 br-lan
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 eth0.0
ff00::/8 :: U 256 0 0 br-lan
ff00::/8 :: U 256 0 0 eth0.1
ff00::/8 :: U 256 0 0 wl0
ff00::/8 :: U 256 0 0 sixxs
::/0 :: UD 256 0 0 eth0.0
::/0 :: UD 256 0 0 eth0.1
::/0 :: UD 256 0 0 wl0
::/0 2a01:1e8:e100:XXX::1 UG 1024 5 0 sixxs
OpenWRT - Can't ping tunnel endpoint
Jeroen Massar on Sunday, 02 June 2013 16:08:36 I followed the wiki and the installation went fine and the tunnel comes up:
Actually, those messages just state that the tunnel is configured, not that it can even properly send and receive packets over the tunnel to the other side.
default dev eth0.0 proto kernel metric 256 mtu 1500 advmss 1220 default dev eth0.1 proto kernel metric 256 mtu 1500 advmss 1220 default dev wl0 proto kernel metric 256 mtu 1500 advmss 1220 default via 2a01:1e8:e100:XXX::1 dev sixxs metric 1024 mtu 1280 advmss 1220
Seems you have 4 defaults. You might want to get rid of them and keep only the last one.
Though, that should not interfere with you pinging the PoP side of the tunnel.
Of course you should be checking your firewall and underlying IPv4 configuration too. See the contact page for a "Problems Checklist" which lists what you can check and otherwise list here.
OpenWRT - Can't ping tunnel endpoint
Shadow Hawkins on Monday, 03 June 2013 23:07:33
thanks for your answer. I've tried to take a deeper look into it.
I've run 'aiccu test' and get the same problem: that everything works until I try to ping6 the pop side of the tunnel. A ipv4 ping works fine.
I've also added firewall rules to allow any ivp6 traffic in and out.
There is no NAT between the device and the PoP endpoint.
This could be a routing problem, but I'm not that into routing. I'll look for some tutorials tomorrow.
My guess is that I need to remove those default routes or change the metric of those.
Some more info to the router:
It's running OpenWrt Backfire 10.03.1
uname -a
Linux Link 2.4.37.9 #12 Wed Dec 21 03:33:39 CET 2011 mips GNU/Linux
OpenWRT - Can't ping tunnel endpoint
Jeroen Massar on Tuesday, 04 June 2013 00:55:42 I've also added firewall rules to allow any ivp6 traffic in and out.
Are those 'rules' for the IPv4 or the IPv6 firewall?
What are the exact firewall rules you use?
There is no NAT between the device and the PoP endpoint.
Are you sure? What does your network look like, what are the addresses on interfaces, what does tcpdump show?
This could be a routing problem, but I'm not that into routing.
If you want help with anything you will have to start providing details, IPv4 + IPv6 interfaces, IPv4 + IPv6 routing tables, firewall rulesets etc.
My guess is that I need to remove those default routes or change the metric of those.
You should only have one (1) default route, no more.
It's running OpenWrt Backfire 10.03.1
That is not really "more", as it does not say anything about your configuration or the environment it is in.
Posting is only allowed when you are logged in. |