SixXS::Sunset 2017-06-06

Ping6 and FTP working, but not http/https.
[us] Shadow Hawkins on Friday, 23 January 2009 00:14:14
I'm trying to get IPv6 tunneling and routing working on a OpenWrt Kamikaze 7.09 box. I pretty have it going -- for pings and even ftp -- but whenever I try to access an IPv6 web site, it times out. Below is a Wireshare capture summary of IP6 traffic. You can see at the beginning, I have connectivity and can ping6ing www.sixxs.net and even initiate an IPv6 FTP session to ftp.kame.net. Then, I try accessing http://www.sixxs.net and https://www.sixxs.net. Both web accesses end up nowhere -- although it does seem like a small trickle of packets from 2001:838:1:1:210:dcff:fe20:7c7c (www.sixxs.net) do indeed come back. Does anyone see anything wrong going on in the trace below? Any other suggestions for troubleshooting? Thanks for any insights.
No. Time Source Destination Protocol Info 1 0.000000 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c ICMPv6 Echo request 2 0.223670 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 ICMPv6 Echo reply 3 1.000267 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c ICMPv6 Echo request 4 1.229484 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 ICMPv6 Echo reply 5 2.000239 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c ICMPv6 Echo request 6 2.231640 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 ICMPv6 Echo reply 7 4.200672 2001:0db8:1234:5::2 2001:200::8002:203:47ff:fea5:3085 TCP 64028 > ftp [SYN] Seq=0 Win=65535 Len=0 MSS=1440 WS=1 TSV=469803456 TSER=0 8 4.552528 2001:200::8002:203:47ff:fea5:3085 2001:0db8:1234:5::2 TCP ftp > 64028 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=1440 WS=1 TSV=2633855784 TSER=469803456 9 4.552687 2001:0db8:1234:5::2 2001:200::8002:203:47ff:fea5:3085 TCP 64028 > ftp [ACK] Seq=1 Ack=1 Win=65688 Len=0 TSV=469803459 TSER=2633855784 10 4.898084 2001:200::8002:203:47ff:fea5:3085 2001:0db8:1234:5::2 FTP Response: 220 orange.kame.net FTP server (Version 6.00LS) ready. 11 4.898248 2001:0db8:1234:5::2 2001:200::8002:203:47ff:fea5:3085 TCP 64028 > ftp [ACK] Seq=1 Ack=57 Win=65632 Len=0 TSV=469803463 TSER=2633856127 14 14.690193 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP GET / HTTP/1.1 15 19.726367 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64030 > http [SYN] Seq=0 Win=65535 Len=0 MSS=1440 WS=1 TSV=469803611 TSER=0 16 19.999024 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP http > 64030 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=2951720160 TSER=469803611 WS=9 17 19.999167 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64030 > http [ACK] Seq=1 Ack=1 Win=65688 Len=0 TSV=469803613 TSER=2951720160 18 19.999372 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP GET / HTTP/1.1 19 20.903464 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 20 22.907468 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 21 23.394512 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP http > 64030 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=2951721010 TSER=469803613 WS=9 22 23.394577 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP [TCP Dup ACK 20#1] 64030 > http [ACK] Seq=425 Ack=1 Win=65688 Len=0 TSV=469803647 TSER=2951721010 23 26.916167 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 24 34.934067 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 25 50.967810 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 28 78.830233 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP [TCP Retransmission] GET / HTTP/1.1 29 83.039284 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 30 142.973099 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP [TCP Retransmission] GET / HTTP/1.1 31 147.183135 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 34 207.116248 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP [TCP Retransmission] GET / HTTP/1.1 35 211.325550 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 38 212.468670 fe80::1 ff02::1:ffc1:7562 ICMPv6 Neighbor solicitation 39 271.258050 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP [TCP Retransmission] GET / HTTP/1.1 40 275.467629 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 43 323.619471 fe80::1 ff02::2 ICMPv6 Neighbor solicitation 45 323.620920 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP http > 64030 [FIN, ACK] Seq=1 Ack=1 Win=6144 Len=0 TSV=2951796066 TSER=469803613 46 323.621053 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64030 > http [ACK] Seq=425 Ack=2 Win=65688 Len=0 TSV=469806643 TSER=2951796066 47 323.621349 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64030 > http [FIN, ACK] Seq=425 Ack=2 Win=65688 Len=0 TSV=469806643 TSER=2951796066 48 323.845909 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP [TCP Dup ACK 45#1] http > 64030 [ACK] Seq=2 Ack=1 Win=6144 Len=0 TSV=2951796122 TSER=469803613 SLE=425 SRE=426 51 335.385008 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP [TCP Retransmission] GET / HTTP/1.1 52 339.594801 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 53 399.522977 2001:0db8:1234:5::2 2001:4860:b002::68 HTTP [TCP Retransmission] GET / HTTP/1.1 54 403.732052 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 57 435.599736 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64064 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1440 WS=1 TSV=469807760 TSER=0 58 435.824704 fe80::1 ff02::2 ICMPv6 Neighbor solicitation 60 435.826035 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP https > 64064 [SYN, ACK] Seq=0 Ack=1 Win=5712 Len=0 MSS=1440 TSV=2951824117 TSER=469807760 WS=9 61 435.826164 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64064 > https [ACK] Seq=1 Ack=1 Win=65688 Len=0 TSV=469807763 TSER=2951824117 62 435.826744 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv2 Client Hello 63 436.051059 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP https > 64064 [ACK] Seq=1 Ack=82 Win=6144 Len=0 TSV=2951824174 TSER=469807763 64 436.097182 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP [TCP Previous segment lost] [TCP segment of a reassembled PDU] 65 436.097238 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP [TCP Dup ACK 62#1] 64064 > https [ACK] Seq=82 Ack=1 Win=65688 Len=0 TSV=469807765 TSER=2951824174 SLE=1429 SRE=2413 66 436.208810 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 SSLv3 [TCP Retransmission] Server Hello, 67 436.208997 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64064 > https [ACK] Seq=82 Ack=1209 Win=64480 Len=0 TSV=469807767 TSER=2951824212 SLE=1429 SRE=2413 68 436.333777 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP [TCP Retransmission] [TCP segment of a reassembled PDU] 69 436.333926 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64064 > https [ACK] Seq=82 Ack=2413 Win=64484 Len=0 TSV=469807768 TSER=2951824244 70 436.352174 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 71 437.304154 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 72 439.309077 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 73 443.317679 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 74 451.336297 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 77 463.665359 2001:0db8:1234:5::2 2001:4860:b002::68 TCP 64025 > http [RST, ACK] Seq=626 Ack=1 Win=65535 Len=0 78 467.372988 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 79 467.874274 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c HTTP [TCP Retransmission] GET / HTTP/1.1 80 499.446143 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 83 513.310439 fe80::1 ff02::1 ICMPv6 Router advertisement 84 532.017652 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64030 > http [RST, ACK] Seq=426 Ack=2 Win=65688 Len=0 109 563.583963 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 112 568.931454 fe80::1 ff02::1:ffc1:7562 ICMPv6 Neighbor solicitation 117 627.725014 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 120 691.864775 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c SSLv3 [TCP Retransmission] Client Key Exchange, Change Cipher Spec, Encrypted Handshake Message 123 736.093510 fe80::1 ff02::2 ICMPv6 Neighbor solicitation 125 736.094949 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP https > 64064 [FIN, ACK] Seq=2413 Ack=82 Win=6144 Len=0 TSV=2951899184 TSER=469807768 126 736.095043 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64064 > https [ACK] Seq=296 Ack=2414 Win=65688 Len=0 TSV=469810759 TSER=2951899184 127 736.095412 2001:0db8:1234:5::2 2001:838:1:1:210:dcff:fe20:7c7c TCP 64064 > https [FIN, ACK] Seq=296 Ack=2414 Win=65688 Len=0 TSV=469810759 TSER=2951899184 128 736.645242 2001:838:1:1:210:dcff:fe20:7c7c 2001:0db8:1234:5::2 TCP https > 64064 [RST] Seq=2414 Win=0 Len=0
Ping6 and FTP working, but not http/https.
[at] Shadow Hawkins on Friday, 23 January 2009 11:18:19
Prefix 2001:db8::/32 is for documentation only and should not be used. If you didn't change the log intentionally to hide your prefix, then that's your problem, I guess. ;)
Ping6 and FTP working, but not http/https.
[us] Shadow Hawkins on Friday, 23 January 2009 15:10:19
But ping6 and FTP work. ;) Yes, I altered the log to avoid publishing my world-addressable IPv6 subnet and addresses. 2001:0db8:1234:5 is in place of my prefix. $PREFIX::1 for my router address $PREFIX::2 for my workstation address
Ping6 and FTP working, but not http/https.
[at] Shadow Hawkins on Friday, 23 January 2009 20:52:44
Ok, I expected you would have said that before. It's really hard to read that log, but I found something: The tcp handshake starting at line 15 fails somehow. Syn, syn-ack, ack, but then you get a second syn-ack, like your ack frome line 17 didn't get through. On the other hand, the tcp handshake to ftp.kame.net worked. Did you try www.kame.net? It seems like they run on the same host.
Ping6 and FTP working, but not http/https.
[us] Shadow Hawkins on Monday, 26 January 2009 18:24:41
The tcp handshake starting at line 15 fails somehow. Syn, syn-ack, ack, but then you get a second syn-ack, like your ack frome line 17 didn't get through. On the other hand, the tcp handshake to ftp.kame.net worked. Did you try www.kame.net? It seems like they run on the same host.
Thanks for your insight. Interestingly, http to www.kame.net behaves the same -- some but not all of the http tcp handshake makes it through (while the ftp tcp handshake is fine). It turns out, with some additional help, I've learned about a IPv6 related bug in the Linux 2.4 kernel running in OpenWrt v7.0.9 for the WRT54G v1.1. Apparently, in that configuration, packets greater than 190 bytes don't make it through the OpenWrt IPv6 router. Likely, the pings and the FTP handshake were below that threshold, but the http ACK was not. Since IPv6 does away with en route Fragmentation, I got it working by bumping my client manually down to a mtu size of 190, but that's not very practical solution.
Ping6 and FTP working, but not http/https.
[ch] Jeroen Massar SixXS Staff on Monday, 26 January 2009 18:54:14
The minimum MTU for IPv6 is 1280, thus 190 is definitely impossible. That ticket at OpenWRT looks like broken hardware to me. IPv6 on OpenWRT with a 2.6 kernel (eg latest kamikame) works like a charm. Only problem at the moment is that the kernel crashes when pushing eg 20mbit through it.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker