|
Ticket ID: SIXXS #1051307 Ticket Status: User PoP:
Not receiving incoming packets
![[es]](/s/countries/es.gif) Shadow Hawkins on Saturday, 04 April 2009 17:31:17
I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there:
Problem: I have problems with my tunnel T6701: sending packets seems to work but no incoming packets are received.
I have run 'aiccu test' and test 6/8 fails. I have absolutely no iptables/firewall configured in the machine and the host is properly configured as DMZ host through the router (I have done the proper checks from an external machine using netcat on random ports and everything works correctly).
# aiccu test
Tunnel Information for T6701:
POP Id : ptlis01
IPv6 Local : 2001:b18:2000:1e::2/64
IPv6 Remote : 2001:b18:2000:1e::1/64
Tunnel Type : 6in4-heartbeat
Adminstate : enabled
Userstate : enabled
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (192.168.1.7)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 192.168.1.7 (192.168.1.7) 56(84) bytes of data.
64 bytes from 192.168.1.7: icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from 192.168.1.7: icmp_seq=2 ttl=64 time=0.032 ms
64 bytes from 192.168.1.7: icmp_seq=3 ttl=64 time=0.044 ms
--- 192.168.1.7 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.027/0.034/0.044/0.008 ms
######
Did this work? [Y/n]
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (82.102.0.131)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 82.102.0.131 (82.102.0.131) 56(84) bytes of data.
64 bytes from 82.102.0.131: icmp_seq=1 ttl=252 time=66.2 ms
64 bytes from 82.102.0.131: icmp_seq=2 ttl=252 time=65.8 ms
64 bytes from 82.102.0.131: icmp_seq=3 ttl=252 time=69.2 ms
--- 82.102.0.131 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 65.876/67.117/69.266/1.554 ms
######
Did this work? [Y/n]
####### [3/8] Traceroute to the PoP (82.102.0.131) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 82.102.0.131 (82.102.0.131), 30 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 1.075 ms 2.485 ms 2.933 ms
2 1.4.221.87.dynamic.jazztel.es (87.221.4.1) 24.256 ms 26.786 ms 26.748 ms
3 * * *
4 178.216.106.212.static.jazztel.es (212.106.216.178) 31.377 ms 162.216.106.212.static.jazztel.es (212.106.216.162) 33.315 ms 178.216.106.212.static.jazztel.es (212.106.216.178) 35.230 ms
5 * * *
6 249.216.106.212.static.jazztel.es (212.106.216.249) 40.509 ms * 66.216.106.212.static.jazztel.es (212.106.216.66) 21.659 ms
7 xe-0-3-0-xcr1.bap.cw.net (208.175.154.177) 23.549 ms 25.491 ms 27.421 ms
8 xe-0-1-0.xcr1.mad.cw.net (195.2.25.37) 37.366 ms 39.087 ms xe-4-1-0.xcr1.mad.cw.net (195.2.25.73) 39.027 ms
9 ge-6-0-0-dcr1.mad.cw.net (195.2.25.70) 41.687 ms 45.099 ms 33.632 ms
10 dtag1.mad.cw.net (206.24.139.70) 31.754 ms 29.741 ms 31.408 ms
11 62.156.131.133 (62.156.131.133) 48.316 ms 48.551 ms 52.490 ms
12 217.243.216.90 (217.243.216.90) 70.293 ms 66.828 ms 62.214 ms
13 82.102.0.131 (82.102.0.131) 64.165 ms 66.578 ms 64.792 ms
######
Did this work? [Y/n]
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.027 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.041 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.027/0.036/0.041/0.006 ms
######
Did this work? [Y/n]
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:b18:2000:1e::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2001:b18:2000:1e::2(2001:b18:2000:1e::2) 56 data bytes
64 bytes from 2001:b18:2000:1e::2: icmp_seq=1 ttl=64 time=0.030 ms
64 bytes from 2001:b18:2000:1e::2: icmp_seq=2 ttl=64 time=0.045 ms
64 bytes from 2001:b18:2000:1e::2: icmp_seq=3 ttl=64 time=0.045 ms
--- 2001:b18:2000:1e::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.030/0.040/0.045/0.007 ms
######
Did this work? [Y/n]
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:b18:2000:1e::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
PING 2001:b18:2000:1e::1(2001:b18:2000:1e::1) 56 data bytes
--- 2001:b18:2000:1e::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 1999ms
######
My routing tables seem to be fine:
thunderstorm ~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
thunderstorm ~ # route -6 -n
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:b18:2000:1e::/64 :: Un 256 0 1 sixxs
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: Un 256 0 0 sixxs
::/0 2001:b18:2000:1e::1 UG 1024 0 3 sixxs
::/0 :: !n -1 1 40 lo
::1/128 :: Un 0 1 19 lo
2001:b18:2000:1e::2/128 :: Un 0 1 0 lo
fe80::c0a8:107/128 :: Un 0 1 0 lo
fe80::20c:29ff:fe0a:f199/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 sixxs
::/0 :: !n -1 1 40 lo
The logfile shows that the heartbeat is working properly:
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)"
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.27-gentoo-r8"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "200 Client Identity accepted"
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "get unixtime"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "200 1238858483"
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "starttls"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "400 This service is not SSL enabled (yet)"
Apr 4 17:21:38 thunderstorm aiccu: TIC Server does not support TLS but TLS is not required, continuing
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "username IA1006-RIPE"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "200 Choose your authentication challenge please"
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "challenge md5"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "200 <removed>"
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "authenticate md5 <removed>"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "200 Succesfully logged in using md5 as IA1006-RIPE (Ioannis Aslanidis) from 2001:7b8:3:4f:202:b3ff:fe46:bec"
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "tunnel show T6701"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "201 Showing tunnel information for T6701"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "TunnelId: T6701"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "Type: 6in4-heartbeat"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "IPv6 Endpoint: 2001:b18:2000:1e::2"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "IPv6 POP: 2001:b18:2000:1e::1"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "IPv6 PrefixLength: 64"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "Tunnel MTU: 1280"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "Tunnel Name: T6701"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "POP Id: ptlis01"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "IPv4 Endpoint: heartbeat"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "IPv4 POP: 82.102.0.131"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "UserState: enabled"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "AdminState: enabled"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "Password: <removed>"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "Heartbeat_Interval: 60"
Apr 4 17:21:38 thunderstorm aiccu: sock_getline() : "202 Done"
Apr 4 17:21:38 thunderstorm aiccu: Succesfully retrieved tunnel information for T6701
Apr 4 17:21:38 thunderstorm aiccu: sock_printf() : "QUIT Forsaken"
Apr 4 17:21:38 thunderstorm aiccu: AICCU running as PID 5674
Apr 4 17:21:38 thunderstorm [ 520.824703] sixxs: Disabled Privacy Extensions
Apr 4 17:21:38 thunderstorm aiccu: heartbeat_socket() - IPv4 : 192.168.1.7
Apr 4 17:21:38 thunderstorm aiccu: [HB] HEARTBEAT TUNNEL 2001:b18:2000:1e::2 sender 1238858498 f8dc3f446190c488a9e034ebf7c40d80
Apr 4 17:21:38 thunderstorm aiccu: [HB] HEARTBEAT TUNNEL 2001:b18:2000:1e::2 sender 1238858498 f8dc3f446190c488a9e034ebf7c40d80
Apr 4 17:22:38 thunderstorm aiccu: [HB] HEARTBEAT TUNNEL 2001:b18:2000:1e::2 sender 1238858558 7be08bda16acb173a80de6516effbd7d
Apr 4 17:23:38 thunderstorm aiccu: [HB] HEARTBEAT TUNNEL 2001:b18:2000:1e::2 sender 1238858618 04ff07feff5331032c34f4d765e035f1
Apr 4 17:24:38 thunderstorm aiccu: [HB] HEARTBEAT TUNNEL 2001:b18:2000:1e::2 sender 1238858678 5dd543aa13761709b70e24a506d832d5
Apr 4 17:25:38 thunderstorm aiccu: [HB] HEARTBEAT TUNNEL 2001:b18:2000:1e::2 sender 1238858738 706e6085486f54089391c48e2aa9a7a9
Using aiccu-2007.01.15 under Linux thunderstorm 2.6.27-gentoo-r8 #1 SMP Sat Apr 4 04:15:26 CEST 2009 x86_64 Intel(R) Core(TM)2 Duo CPU E6550 @ 2.33GHz GenuineIntel GNU/Linux
Interfaces:
thunderstorm ~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0c:29:0a:f1:99
inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe0a:f199/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1952 errors:0 dropped:0 overruns:0 frame:0
TX packets:2060 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:217345 (212.2 KiB) TX bytes:174590 (170.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:42 errors:0 dropped:0 overruns:0 frame:0
TX packets:42 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4008 (3.9 KiB) TX bytes:4008 (3.9 KiB)
sixxs Link encap:IPv6-in-IPv4
inet6 addr: 2001:b18:2000:1e::2/64 Scope:Global
inet6 addr: fe80::c0a8:107/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:248 (248.0 B)
Do you have any clue on what is happening?
Not receiving incoming packets
Shadow Hawkins on Saturday, 04 April 2009 19:12:47
Looks like there are intermittent problems in ptlis01. It suddenly started pinging!
Not receiving incoming packets
Shadow Hawkins on Saturday, 04 April 2009 19:18:42
Additional note: I am suffering disconnections every now and then. Sometimes I the IPv4 of the endpoint stops responding. I have tried from several locations, all reporting the same problems.
Not receiving incoming packets
Shadow Hawkins on Saturday, 04 April 2009 22:07:26
Everything seems to be working correctly right now. We can close the ticket and re-open it again if problems re-appear.
State change: user
The state of this ticket has been changed to user
Not receiving incoming packets
I have run 'aiccu test' and test 6/8 fails. I have absolutely no iptables/firewall configured in the machine and the host is properly configured as DMZ host through the router (I have done the proper checks from an external machine using netcat on random ports and everything works correctly).
As you are behind a NAT box and are using it's DMZ mode, the next time this happens tcpdump the connection as then you can see if packets are truly arriving there or not.
AYIYA is the much better protocol for these kind of setups and doesn't require the hackish nature of the DMZ-mode.
Also check the tunnel information page, it reveals your current IPv4 endpoint.
Not receiving incoming packets
Shadow Hawkins on Tuesday, 07 April 2009 09:08:59
Hello again. I have opted for changing the tunnel to AYIYA and it seems to be working fine now.
Not receiving incoming packets
Shadow Hawkins on Tuesday, 07 April 2009 09:15:33
One last question: I have a Gentoo machine doing the proper routing we saw above. I have configured a subnet with a Windows machine going through the Linux box.
The configuration seems to be fine and pings work; but the applications seem to be still using IPv4 instead of IPv6. In firefox, using the IPv6 of SixXS, for instance, always ends up with a timeout. The same thing happens with nmap and other command line applications (using IPv6 mode and 'standard' mode).
I suspect it might be a 'Windows Firewall' problem but I have seen nothing so far.
Configuration of the Linux Box:
eth0 Link encap:Ethernet HWaddr 00:0c:29:0a:f1:99
inet addr:192.168.1.7 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe0a:f199/64 Scope:Link
inet6 addr: 2001:b18:4015::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:306 errors:0 dropped:0 overruns:0 frame:0
TX packets:346 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:33276 (32.4 KiB) TX bytes:44118 (43.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:192 (192.0 B) TX bytes:192 (192.0 B)
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:b18:2000:1e::2/64 Scope:Global
inet6 addr: fe80::818:2000:1e:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:2828 (2.7 KiB) TX bytes:3124 (3.0 KiB)
Configuration of the Windows Box:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Shockwave
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-10-60-A2-DD-2A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82566DC Gigabit Network Connecti
on
Physical Address. . . . . . . . . : 00-1E-C9-5C-5E-EE
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:b18:4015:0:b9ca:86b0:8814:f9bc(Prefe
rred)
Link-local IPv6 Address . . . . . : fe80::b9ca:86b0:8814:f9bc%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::20c:29ff:fe0a:f199%10
192.168.1.1
DNS Servers . . . . . . . . . . . : 4.2.2.4
4.2.2.2
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tests:
C:\Users\Ioannis>ping -6 2001:b18:4015::1
Pinging 2001:b18:4015::1 from 2001:b18:4015:0:b9ca:86b0:8814:f9bc with 32 bytes
of data:
Reply from 2001:b18:4015::1: time<1ms
Reply from 2001:b18:4015::1: time<1ms
Reply from 2001:b18:4015::1: time<1ms
Ping statistics for 2001:b18:4015::1:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Users\Ioannis>ping -6 2001:b18:2000:1e::2
Pinging 2001:b18:2000:1e::2 from 2001:b18:4015:0:b9ca:86b0:8814:f9bc with 32 byt
es of data:
Reply from 2001:b18:2000:1e::2: time<1ms
Reply from 2001:b18:2000:1e::2: time<1ms
Reply from 2001:b18:2000:1e::2: time<1ms
Ping statistics for 2001:b18:2000:1e::2:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Control-C
^C
C:\Users\Ioannis>ping -6 2001:b18:2000:1e::1
Pinging 2001:b18:2000:1e::1 from 2001:b18:4015:0:b9ca:86b0:8814:f9bc with 32 byt
es of data:
Reply from 2001:b18:2000:1e::1: time=66ms
Reply from 2001:b18:2000:1e::1: time=66ms
Reply from 2001:b18:2000:1e::1: time=66ms
Ping statistics for 2001:b18:2000:1e::1:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 66ms, Maximum = 66ms, Average = 66ms
Control-C
^C
C:\Users\Ioannis>ping -6 noc.sixxs.net
Pinging noc.sixxs.net [2001:838:1:1:210:dcff:fe20:7c7c] from 2001:b18:4015:0:b9c
a:86b0:8814:f9bc with 32 bytes of data:
Reply from 2001:838:1:1:210:dcff:fe20:7c7c: time=189ms
Reply from 2001:838:1:1:210:dcff:fe20:7c7c: time=189ms
Reply from 2001:838:1:1:210:dcff:fe20:7c7c: time=191ms
Ping statistics for 2001:838:1:1:210:dcff:fe20:7c7c:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 189ms, Maximum = 191ms, Average = 189ms
Control-C
^C
Not receiving incoming packets
Start by checking your firewall on the Windows box. I would not be surprised if that is blocking it. In most cases this means contacting the vendor of your firewall tool and end up in de-installing it as they don't support IPv6.
See the forum for these kind of issues.
|
![[ch]](/s/countries/ch.gif)
on Sunday, 05 April 2009 13:01:25
Posting is only allowed when you are