AICCU Test 5/8 fails
Shadow Hawkins on Thursday, 24 October 2013 18:56:41
Questions and Answers concerning IPv6 Setup of machines, routers etc.
Am trying to get a tunnel set up on a mac OSX 10.8.5
I installed AICCU and TUNTAP but the AICCU auto test fails test 5/8:
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:xxxx:xxx:154c::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING6(56=40+8+8 bytes) 2001:4dd0:ff00:154c::2 --> 2001:xxxx:xxxx:154c::2
24 bytes from fe80::2e9e:fcff:fe9c:769d%en1: Listener Report
HbH Options: nxt 58, len 0 (8 bytes)
Router Alert Opt: Type 0
146 bytes from 2001:4dd0:ff00:154c::5: Destination Host Unreachable
Vr TC Flow Plen Nxt Hlim
6 00 00000 0062 11 ff
2001:4dd0:ff00:154c::5->2001:4dd0:100:1020:53:2::1
UDP: from port 64242, to port 53 (decimal)
It passes all the other tests.
Can anyone tell me where to start looking for the problem?
Thank you
AICCU Test 5/8 fails
Jeroen Massar on Friday, 25 October 2013 06:57:27 Am trying to get a tunnel set up on a mac OSX 10.8.5
Please note that 10.9 is out, and is available for download/upgrade for Free. It is a huge step forward, thus go for it.
(it should not be fixing your issue though ;)
It passes all the other tests.
You mean tests 1-4 or also tests 6-8?
Note that the 'aiccu test' is there solely to *indicate* problems, it does not mean that if a test works that everything is perfectly fine.
Can anyone tell me where to start looking for the problem?
The routing tables. Likely though you simply do not have your local endpoint (2001:4dd0:ff00:154c::2) assigned to the interface or that interface is down or your firewall is blocking things.
AICCU Test 5/8 fails
Shadow Hawkins on Friday, 25 October 2013 18:23:07
Jeroen Massar wrote:
> Am trying to get a tunnel set up on a mac OSX 10.8.5
Please note that 10.9 is out, and is available for download/upgrade for Free. It is a huge step forward, thus go for it.
(it should not be fixing your issue though ;)
Thanks for the reply.
I loaded OSX 10.9 last night, but as you thought it didn't help my tunnel problem.
5/8 was the only test that failed.
How do I allocate the local endpoint to the interface?
May aiccu.conf file looks like this:
username xxxx-SIXXS/T1xxxxx
password xxxxxxxxxxxxxxxxxxx
server tic.sixxs.net
protocol tic
ipv6_interface gif0
tunnel_id T1xxxxxx
requiretls false
defaultroute true
behindnat true
makebeats true
daemonize true
It passes all the other tests.
You mean tests 1-4 or also tests 6-8?
Note that the 'aiccu test' is there solely to *indicate* problems, it does not mean that if a test works that everything is perfectly fine.
Can anyone tell me where to start looking for the problem?
The routing tables. Likely though you simply do not have your local endpoint (2001:4dd0:ff00:154c::2) assigned to the interface or that interface is down or your firewall is blocking things.
AICCU Test 5/8 fails
Jeroen Massar on Saturday, 26 October 2013 08:35:31 I loaded OSX 10.9 last night, but as you thought it didn't help my tunnel problem.
Well, apparently at least the Happy Eyeballs implementation changed a bit so that
How do I allocate the local endpoint to the interface?
AICCU should be doing that.
If you would list the interfaces, routes etc, we can see them. Wrapping them in a [code ] blocks [/code ] (see also right hand when posting) makes output a bit more readable.
May aiccu.conf file looks like this:
What is in
ipv6_interface gif0
You are specifying a 'gif' interface, while you are using a AYIYA tunnel.
Hence that is wrong, that needs to be 'tun0'.
From the default aiccu.conf:
# On *BSD and OSX the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
Thus if you can reach remote sites that is likely because of some other magic, not because the tunnel works.
AICCU Test 5/8 fails
Shadow Hawkins on Saturday, 26 October 2013 18:39:42
Jeroen Massar wrote:
> I loaded OSX 10.9 last night, but as you thought it didn't help my tunnel problem.
Well, apparently at least the Happy Eyeballs implementation changed a bit so that
Here the new aiccu.conf and the results of ifconfig:
How do I allocate the local endpoint to the interface?
AICCU should be doing that.
If you would list the interfaces, routes etc, we can see them. Wrapping them in a [code ] blocks [/code ] (see also right hand when posting) makes output a bit more readable.
May aiccu.conf file looks like this:
What is in
ipv6_interface gif0
You are specifying a 'gif' interface, while you are using a AYIYA tunnel.
Hence that is wrong, that needs to be 'tun0'.
From the default aiccu.conf:
# On *BSD and OSX the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
Ok point taken. I changed the aiccu.conf . See below
Thus if you can reach remote sites that is likely because of some other magic, not because the tunnel works.
aiccu.conf
username xxxx-SIXXS/T1xxxxx
password xxxxxxxxxxxxxxxxx
server tic.sixxs.net
protocol tic
ipv6_interface tun0
tunnel_id T1xxxxxxxx
requiretls false
defaultroute true
behindnat true
makebeats true
daemonize true
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:26:08:01:aa:72
media: autoselect (<unknown type>)
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
inet6 2001:xxxx:xxxx:154c:226:8ff:fee4:5dba prefixlen 64 autoconf
inet6 2001:xxxx:xxxx:154c:757c:f4d2:333b:c91d prefixlen 64 autoconf temporary
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:08:ff:fe:01:aa:72
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:26:08:e4:5d:ba
media: autoselect
status: inactive
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280
inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9
inet6 2001:xxxx:ff00:154c::2 --> 2001:xxxx:ff00:154c::1 prefixlen 128
nd6 options=1<PERFORMNUD>
open (pid 536)
After surfing a bit I am thinking it may be an Apple problem?
My Apple Express is behind a bridged modem and is using a PPPoE connection.
It shows a "tunnel error".
Any ideas?
Thanks in advance
AICCU Test 5/8 fails
Jeroen Massar on Sunday, 27 October 2013 07:36:33 en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280 ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 inet6 2001:xxxx:xxxx:154c:226:8ff:fee4:5dba prefixlen 64 autoconf inet6 2001:xxxx:xxxx:154c:757c:f4d2:333b:c91d prefixlen 64 autoconf temporary
You are removing very important details there. What exactly are these addresses and where do they come from? It seems they are 'autoconf', thus that another host in your network is giving you these addresses.
One is temporary, the other is normal RA, thus looks like your connectivity gets configured.
If you, as requested (see that big yellow/orange box when posting which points to the contact page which contains a list of things to include when reporting problems), would have included a dump of your routing tables we could have told you which device is giving you IPv6 as it is the default gateway.
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280 inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9 inet6 2001:xxxx:ff00:154c::2 --> 2001:xxxx:ff00:154c::1 prefixlen 128 nd6 options=1<PERFORMNUD> open (pid 536)
That looks quite okay. Though without the routing tables little to say if it would be used etc.
My Apple Express is behind a bridged modem and is using a PPPoE connection. It shows a "tunnel error".
Which is unrelated to a SixXS tunnel (unless you tried to configure it there, but then you would not be using AICCU).
Likely you are getting a tunnel error there as Airport Expresses uses 6to4 and for that they need a public IP address (non-RFC1918).
AYIYA does not care about that though.
AICCU Test 5/8 fails
Shadow Hawkins on Sunday, 27 October 2013 13:48:13
Jeroen Massar wrote:
> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
Many thanks for your patience. By trail and error I managed to eliminate the problem myself and have now got full Ipv6 connection.
The problem lay in the local network settings on my laptop and not those in the airport express (although the airport still shows a tunnel problem! It works anyway!)
In case it helps others here some details
Aiccu.conf
ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 inet6 2001:xxxx:xxxx:154c:226:8ff:fee4:5dba prefixlen 64 autoconf inet6 2001:xxxx:xxxx:154c:757c:f4d2:333b:c91d prefixlen 64 autoconf temporary
You are removing very important details there. What exactly are these addresses and where do they come from? It seems they are 'autoconf', thus that another host in your network is giving you these addresses.
One is temporary, the other is normal RA, thus looks like your connectivity gets configured.
If you, as requested (see that big yellow/orange box when posting which points to the contact page which contains a list of things to include when reporting problems), would have included a dump of your routing tables we could have told you which device is giving you IPv6 as it is the default gateway.
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280 inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9 inet6 2001:xxxx:ff00:154c::2 --> 2001:xxxx:ff00:154c::1 prefixlen 128 nd6 options=1<PERFORMNUD> open (pid 536)
That looks quite okay. Though without the routing tables little to say if it would be used etc.
My Apple Express is behind a bridged modem and is using a PPPoE connection. It shows a "tunnel error".
Which is unrelated to a SixXS tunnel (unless you tried to configure it there, but then you would not be using AICCU).
Likely you are getting a tunnel error there as Airport Expresses uses 6to4 and for that they need a public IP address (non-RFC1918).
AYIYA does not care about that though.
username xxxx-SIXXS/T1xxxxx
password xxxxxxxxxxxxx
server tic.sixxs.net
protocol tic
ipv6_interface tun0
tunnel_id T1xxxxx
requiretls false
defaultroute true
behindnat true
makebeats true
daemonize true
IPv6 configuration : manual
IPv6 mode: Tunnel
IPv6-WAN-Address: Your IPv6 SIXX Address
IPv6-Standardrout: PoP IPv6
IPv4 Address: Pop IPv4
IPv6 prefix: IPv6 Prefix
IPv6-LAN Adress: Your IPv6 SIXX Address
Block incoming IPv active
Teredo-Tunnel active
IPSec authorization active
I didnt enter anything in the Port settings
Maybe I do have to make some Firewall / TCP and UDP Port entries??
What do you think??
Then on my laptop under the TCP/IP network tab I entered:
Ipv6 configuration to manual
Router: Your IPv6 SIXX address
IPv6 Address Here I justed added a digit on the end of Your IPv6 SIXX Address
Where my mistake was previously was that I entered the router address to the Pop IPv6 instead oft he address of the airport which is the router in my network!! Thats probably why test 5/8 failed
AICCU Test 5/8 fails
Jeroen Massar on Sunday, 27 October 2013 14:10:05 > IPv6 configuration : manual IPv6 mode: Tunnel IPv6-WAN-Address: Your IPv6 SIXX Address IPv6-Standardrout: PoP IPv6 IPv4 Address: Pop IPv4 IPv6 prefix: IPv6 Prefix IPv6-LAN Adress: Your IPv6 SIXX Address Block incoming IPv active Teredo-Tunnel active IPSec authorization active I didnt enter anything in the Port settings Maybe I do have to make some Firewall / TCP and UDP Port entries?? What do you think??
You'll first have to state WHERE that configuration detail is. AYIYA though in typical case does not need any changes in the NAT box.
Then on my laptop under the TCP/IP network tab I entered:
If you use AICCU you do not need to enter ANY configuration details except for aiccu.conf. AICCU should be able to take care of everything.
As I mentioned in a previous post, another system (likely your misconfigured Airport Express) is announcing itself as having IPv6 connectivity, likely (as you mask things out, we cannot state what is there) with the same details as the tunnel configuration.
AICCU Test 5/8 fails
Shadow Hawkins on Monday, 28 October 2013 10:58:22
Jeroen Massar wrote:
>
After a restart I had no IPv6 again
I had also apparently configured a tunnel on the Airport Express (AEP).
I have now turned IPv6 to Local Link in the AEP and the Network WLAN connection has been turned to Automatic
I now get the following ifconfig output after restarting:
> IPv6 configuration : manual
Where does these details come from? I do hope that you did not try to configure the tunnel on both your computer and on the Airport Express; Airports do not support AYIYA and having the same address configured twice will give all kinds of wrong results.
IPv6 mode: Tunnel IPv6-WAN-Address: Your IPv6 SIXX Address IPv6-Standardrout: PoP IPv6 IPv4 Address: Pop IPv4 IPv6 prefix: IPv6 Prefix IPv6-LAN Adress: Your IPv6 SIXX Address Block incoming IPv active Teredo-Tunnel active IPSec authorization active I didnt enter anything in the Port settings Maybe I do have to make some Firewall / TCP and UDP Port entries?? What do you think??
You'll first have to state WHERE that configuration detail is. AYIYA though in typical case does not need any changes in the NAT box.
Then on my laptop under the TCP/IP network tab I entered:
If you use AICCU you do not need to enter ANY configuration details except for aiccu.conf. AICCU should be able to take care of everything.
As I mentioned in a previous post, another system (likely your misconfigured Airport Express) is announcing itself as having IPv6 connectivity, likely (as you mask things out, we cannot state what is there) with the same details as the tunnel configuration.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:26:08:01:aa:72
media: autoselect (<unknown type>)
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:08:ff:fe:01:aa:72
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:26:08:e4:5d:ba
media: autoselect
status: inactive
I dont know where the inet6 addresses are coming from as aiccu obviously didnt automatically start because tun0 didnt appear.
I have to enter
sudo aiccu start
in the Terminal window to get tun0 to run.
Then I get the following ifconfig result:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:26:08:01:aa:72
media: autoselect (<unknown type>)
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:08:ff:fe:01:aa:72
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:26:08:e4:5d:ba
media: autoselect
status: inactive
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280
inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9
inet6 2001:4dd0:ff00:154c::2 --> 2001:4dd0:ff00:154c::1 prefixlen 128
nd6 options=1<PERFORMNUD>
open (pid 395)
The SIXXS website then shows that the tinnel is up but IPv6 tests (http://ipv6-test.com) only shows IPv4.
I do have a file called net.sixxs.Aiccu.plist located in /Library/LaunchDaemons directory with the following contents:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>net.sixxs.Aiccu</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/aiccu</string>
<string>start</string>
<string>/etc/aiccu.conf</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
but this doesnt seem to get loaded.
I did do a chmod 0775 on it but that didnt help.
The aiccu.conf file located in /usr/bin/acciu is currently as follows:
username xxxx-SIXXS/T1xxxxx
password xxxxxxxxxxxxxxx
server tic.sixxs.net
protocol tic
ipv6_interface tun0
tunnel_id T1xxxxx
requiretls false
defaultroute true
behindnat true
makebeats true
daemonize true
Here is a copy of the routing table from the network utility netstat
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 10.0.0.1 UGSc 548 0 en1
10/24 link#5 UCS 3 0 en1
10.0.0.1 f0:d1:a9:9:31:23 UHLWIir 550 6249 en1 665
10.0.0.23 0:23:6c:e9:9d:73 UHLWI 0 0 en1 668
10.0.0.24 localhost UHS 0 0 lo0
10.0.0.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 en1
127 localhost UCS 0 0 lo0
localhost localhost UH 4 14178 lo0
169.254 link#5 UCS 0 0 en1
Internet6:
Destination Gateway Flags Netif Expire
default gw-5453.cgn-01.de. UGSc tun0
localhost localhost UHL lo0
gw-5453.cgn-01.de. cl-5453.cgn-01.de. UHLr tun0
cl-5453.cgn-01.de. link#9 UHL lo0
fe80::%lo0 localhost UcI lo0
localhost link#1 UHLI lo0
fe80::%en1 link#5 UCI en1
birgit-redmonds-ma 0:26:8:e4:5d:ba UHLI lo0
skylas-airport-exp f0:d1:a9:9:31:23 UHLWI en1
fe80::%tun0 fe80::226:8ff:fe01 UcI tun0
fe80::226:8ff:fe01 link#9 UHLI lo0
ff01::%lo0 localhost UmCI lo0
ff01::%en1 link#5 UmCI en1
ff01::%tun0 fe80::226:8ff:fe01 UmCI tun0
ff02::%lo0 localhost UmCI lo0
ff02::%en1 link#5 UmCI en1
ff02::%tun0 fe80::226:8ff:fe01 UmCI tun0
The live tunnel status on Sixxs currently shows
Live Tunnel Status for T1xxxxx
The PoP reports the following status for your tunnel:
Tunnel Configuration
Tunnel IDT1xxxxx
TID0x154c
Tunnel Debuggingno
Inner Us2001:4dd0:ff00:154c::1
Inner Them2001:4dd0:ff00:154c::2
Outer Us78.35.24.124
Outer Them89.0.245.13
MTU1280
Tunnel Stateup
Tunnel Typeayiya
AYIYA AF2 (INET)
AYIYA Socket Type2 (DGRAM (UDP))
AYIYA Protocol17 (UDP)
AYIYA Port Us5072
AYIYA Port Them44317
AYIYA Hash2 (SHA-1)
Heartbeat Information (Heartbeat and AYIYA protocols only)
Last Heartbeat2013-10-28 10:48:03 (1382957283; 0 days 00:00:19 ago)
Heartbeat Password1371bab05c459dbb59de0d7af49e1fb2
Tunnel Traffic (last 5 minutes)
Packet In2013-10-28 10:47:58 (1382957278; 0 days 00:00:24 ago)
Packets In3
Octets In3084
Packet Out2013-10-28 10:47:58 (1382957278; 0 days 00:00:24 ago)
Packets Out3
Octets Out3300
Tunnel Latency (last 5 minutes)
Latency Pkt Sent3
Latency Pkt Recv3
Latency Loss0.00
Latency Min39.42 ms
Latency Avg138.01 ms
Latency Max272.07 ms
Encap.Pkt Too Bignone
Errors seen for this tunnel
Disabled tunnelnone
Clock Offnone
Encap.Pkt Send Errornone
Same In&Out Interface1943, last: 2001:4dd0:ff00:154c::2 2013-10-27 12:31:33 (1382877093; 0 days 22:16:49 ago)
Wrong Source IPv6none
Wrong Source IPv4none
Packet over uplinknone
Non-IPv6 Payloadnone
Non-IPv4 Payloadnone
AYIYA Hash Failnone
AYIYA-non-AYIYAnone
AYIYA Invalid Forwardnone
Heartbeat Hash Failnone
HB-non-HBnone
HB Missing IPv4none
HB Sender Mismatchnone
HB Missing Timenone
ICMPv4 Errors Received132, last: 89.0.245.13 2013-10-28 10:42:58 (1382956978; 0 days 00:05:24 ago)
ICMPv4 Echo Req. Recv.none
But it appears I still only have IPv4.
I also assume I will have to do something with the firewall as well because as at the moment
sudo ipfw show
only returns
65535 0 0 allow ip from any to any
I tried to get something working like the example shown in this link:
http://www.macshadows.com/kb/index.php?title=Firewall_Tunning_on_Mac_OS_X
But after creating the Firewall file in /Library/StartupItems/Firewall/Firewall containing the same entries as in the example shown the above link I get an error message after re-start saying:
Unsafe start object deactivated
/Library/StartupItems/Firewall wurde nicht gestartet, da das Objekt nicht die korrekten Sicherheitseinstellungen hat.
When I run the file in the terminal it seems to want a sudo command in front of each line in the script.
I tried chown and chmod but no luck.
But anyway one thing at a time. Lets please get the tunnel working first and then worry about the firewall I guess.
I have tried to be as verbose as I can. Sorry I am obviously tapping in the dark a little. Please be patient with me as I really appreciate your help. I am doing my best to get my head around the whole thing.
Please also try to be verbose as possible in telling me how to get any further information that might still be missing. I dont know too many terminal commands.
AICCU Test 5/8 fails
Jeroen Massar on Monday, 28 October 2013 11:07:34 I dont know where the inet6 addresses are coming from as aiccu obviously didnt automatically start because tun0 didnt appear.
inet6 fe80:......
Any address in fe80::/10 are Link Local addresses. An interface with IPv6 enabled will always have an address like that.
I do have a file called net.sixxs.Aiccu.plist located in /Library/LaunchDaemons directory with the following contents:
Please remove that. It is likely added by MacPorts but it only causes AICCU to be restarted over and over again, which is wrong.
But it appears I still only have IPv4.
Why do you think that? What part is not working?
AICCU Test 5/8 fails
Shadow Hawkins on Tuesday, 29 October 2013 19:55:06
Jeroen Massar wrote:
> I dont know where the inet6 addresses are coming from as aiccu obviously didnt automatically start because tun0 didnt appear.
inet6 fe80:......
Any address in fe80::/10 are Link Local addresses. An interface with IPv6 enabled will always have an address like that.
OK I deleted the net.sixxs.Aiccu.plist file and re-booted.
Ifconfig showed
I do have a file called net.sixxs.Aiccu.plist located in /Library/LaunchDaemons directory with the following contents:
Please remove that. It is likely added by MacPorts but it only causes AICCU to be restarted over and over again, which is wrong.
But it appears I still only have IPv4.
Why do you think that? What part is not working?
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:26:08:01:aa:72
media: autoselect (<unknown type>)
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:08:ff:fe:01:aa:72
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:26:08:e4:5d:ba
media: autoselect
status: inactive
Now I definitely dont get aiccu to start automatically.
Entering
sudo aiccu start
then got the following ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=1<PERFORMNUD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500
options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4>
ether 00:26:08:01:aa:72
media: autoselect (<unknown type>)
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
nd6 options=1<PERFORMNUD>
media: autoselect
status: active
fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078
lladdr 00:26:08:ff:fe:01:aa:72
media: autoselect <full-duplex>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 02:26:08:e4:5d:ba
media: autoselect
status: inactive
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280
inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9
inet6 2001:4dd0:ff00:154c::2 --> 2001:4dd0:ff00:154c::1 prefixlen 128
nd6 options=1<PERFORMNUD>
open (pid 322)
The tun0 interface seems to be working, but something is still wrong.
When I ry to test the connectivity on it fails on both sites.
One additional funny thing: aiccu auto test & test dont work anymore??
This led me to think that aiccu was maybe not installed properly.
I decided to try and delete all references to aiccu and start again!
Building aiccu again gave the followings errors:
Building : aiccu - Automatic IPv6 Connectivity Configuration Utility
Copyright : SixXS
Version : 2007.01.15
../common/hash_md5.c:134:24: warning: 'memset' call operates on objects of type
'struct MD5Context' while the size is based on a different type
'struct MD5Context *' [-Wsizeof-pointer-memaccess]
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
~~~ ^~~
../common/hash_md5.c:134:24: note: did you mean to dereference the argument to
'sizeof' (and multiply it by the number of elements)?
memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */
^~~
1 warning generated.
../common/hash_sha1.c:64:10: warning: cast from 'const sha1_byte *' (aka
'const unsigned char *') to 'BYTE64QUAD16 *' (aka 'union _BYTE64QUAD16 *')
increases required alignment from 1 to 4 [-Wcast-align]
block = (BYTE64QUAD16*)buffer;
^~~~~~~~~~~~~~~~~~~~~
1 warning generated.
../common/common.c:194:58: warning: for loop has empty body [-Wempty-body]
for (i=0; (i < (*filled-1)) && (rbuf != '\n'); i++);
^
../common/common.c:194:58: note: put the semicolon on a separate line to silence
this warning
1 warning generated.
../common/heartbeat.c:90:17: warning: explicitly assigning a variable of type
'const char *' to itself [-Wself-assign]
sIPv4Interface = sIPv4Interface;
~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~
1 warning generated.
../common/ayiya.c:84:25: warning: cast from 'char *' to 'struct pseudo_ayh *'
increases required alignment from 1 to 4 [-Wcast-align]
struct pseudo_ayh *s = (struct pseudo_ayh *)buf, s2;
^~~~~~~~~~~~~~~~~~~~~~~~
../common/ayiya.c:159:25: warning: cast from 'unsigned char *' to
'struct pseudo_ayh *' increases required alignment from 1 to 4
[-Wcast-align]
struct pseudo_ayh *s = (struct pseudo_ayh *)buf;
^~~~~~~~~~~~~~~~~~~~~~~~
../common/ayiya.c:377:29: warning: cast from 'struct sockaddr *' to
'struct sockaddr_in *' increases required alignment from 1 to 4
[-Wcast-align]
...memcpy(&ayiya_ipv4_pop, &((struct sockaddr_in *)res->ai_addr)->sin_addr...
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy'
__builtin___memcpy_chk (dest, src, len, __darwin_obsz0 (dest))
^
../common/ayiya.c:402:31: warning: cast from 'struct sockaddr *' to
'struct sockaddr_in6 *' increases required alignment from 1 to 4
[-Wcast-align]
...memcpy(&ayiya_ipv6_local, &((struct sockaddr_in6 *)res->ai_addr)->sin6_a...
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy'
__builtin___memcpy_chk (dest, src, len, __darwin_obsz0 (dest))
^
../common/ayiya.c:427:29: warning: cast from 'struct sockaddr *' to
'struct sockaddr_in6 *' increases required alignment from 1 to 4
[-Wcast-align]
...memcpy(&ayiya_ipv6_pop, &((struct sockaddr_in6 *)res->ai_addr)->sin6_add...
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy'
__builtin___memcpy_chk (dest, src, len, __darwin_obsz0 (dest))
^
5 warnings generated.
../common/resolver.c:33:21: warning: cast from 'unsigned char *' to 'HEADER *'
increases required alignment from 1 to 4 [-Wcast-align]
HEADER *header = (HEADER *)answer;
^~~~~~~~~~~~~~~~
1 warning generated.
../common/aiccu_darwin.c:75:10: warning: explicitly assigning a variable of type
'struct TIC_Tunnel *' to itself [-Wself-assign]
hTunnel = hTunnel;
~~~~~~~ ^ ~~~~~~~
1 warning generated.
Building done
After this frustration led me to go through my harddrive deleting any reference to aiccu I could find and I then tried apparently too often to get it going because your (by the way not very friendly or constructive) robot deactivated me. I can obviously understand that there are people out there who might missue your service, but I am not one of them.
I answered the robot mail and asked how to go about uninstalling aiccu completely so that I can start over, but as I dont know if you follow up answers tot he robot I thought it best to return here in the hope that you are still willing to help.
|