Ticket ID: SIXXS #618418 Ticket Status: User PoP:
Unable to get any return traffic from PoP
Shadow Hawkins on Thursday, 06 December 2007 13:41:22
I have read and followed the "Reporting Problems" section on the Contact page and am providing the following details for this report based on the list of items stated there:
Hello SixXS Staff,
I have not been able to get my tunnel to function properly since requesting and having that request granted yesterday. Since I am behind a NAT router, I have tried heartbeat with my workstation assigned to the DMZ and AYIYA via AICCU using standard config through NAT. According to the logs, I get connected, but when I try to ping the PoP's IPv6 address, I get no return traffic. Details follow:
Tunnel ID: TI3443
PoP: usatl01
Host OS: Ubuntu 7.10 AMD64
Kernel: 2.6.22-14-generic #1 SMP Sun Oct 14 21:45:15 GMT 2007 x86_64 GNU/Linux
AICCU Version: 2007.01.15-console-linux
AICCU Source: Ubuntu Universe Repository (aiccu_20070115-3_amd64.deb)
aiccu.conf
# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
username DJG2-SIXXS
password #############
tunnel_id T13443
# AICCU Configuration
# Login information (defaults: none)
#username <your nichandle/username>
#password <your password>
# Protocol and server to use for setting up the tunnel (defaults: none)
#protocol <tic|tsp|l2tp>
#server <server to use>
# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface tun0
# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
#tunnel_id Txxxx
# Be verbose? (default: false)
verbose true
# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
#
# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
daemonize true
# Automatic Login and Tunnel activation?
automatic true
# Require TLS?
# When set to true, if TLS is not supported on the server
# the TIC transaction will fail.
# When set to false, it will try a starttls, when that is
# not supported it will continue.
# In any case if AICCU is build with TLS support it will
# try to do a 'starttls' to the TIC server to see if that
# is supported.
requiretls false
# PID File
#pidfile /var/run/aiccu.pid
# Add a default route (default: true)
#defaultroute true
# Script to run after setting up the interfaces (default: none)
#setupscript /usr/local/etc/aiccu-subnets.sh
# Make heartbeats (default true)
# In general you don't want to turn this off
# Of course only applies to AYIYA and heartbeat tunnels not to static ones
#makebeats true
# Don't configure anything (default: false)
#noconfigure true
# Behind NAT (default: false)
# Notify the user that a NAT-kind network is detected
#behindnat true
# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
#
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
#local_ipv4_override
aucci test
Tunnel Information for T13443:
POP Id : usatl01
IPv6 Local : 2001:4830:1700:93::2/64
IPv6 Remote : 2001:4830:1700:93::1/64
Tunnel Type : 6in4-heartbeat
Adminstate : enabled
Userstate : enabled
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (10.20.50.38)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 10.20.50.38 (10.20.50.38) 56(84) bytes of data.
64 bytes from 10.20.50.38: icmp_seq=1 ttl=64 time=0.021 ms
64 bytes from 10.20.50.38: icmp_seq=2 ttl=64 time=0.015 ms
64 bytes from 10.20.50.38: icmp_seq=3 ttl=64 time=0.015 ms
--- 10.20.50.38 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.015/0.017/0.021/0.003 ms
######
Did this work? [Y/n] y
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (216.10.93.2)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 216.10.93.2 (216.10.93.2) 56(84) bytes of data.
64 bytes from 216.10.93.2: icmp_seq=1 ttl=56 time=80.4 ms
64 bytes from 216.10.93.2: icmp_seq=2 ttl=56 time=83.4 ms
64 bytes from 216.10.93.2: icmp_seq=3 ttl=56 time=89.7 ms
--- 216.10.93.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 80.481/84.546/89.713/3.855 ms
######
Did this work? [Y/n] y
####### [3/8] Traceroute to the PoP (216.10.93.2) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 216.10.93.2 (216.10.93.2), 30 hops max, 40 byte packets
1 gw.rugmonster.org (10.20.50.1) 0.742 ms 1.156 ms 2.730 ms
2 user-24-96-167-89.knology.net (24.96.167.89) 12.517 ms 13.005 ms 17.515 ms
3 user-24-214-2-97.knology.net (24.214.2.97) 18.722 ms 19.267 ms 19.636 ms
4 ge.0-1-0.cr-Mont.AL.US.knology.net (24.214.0.153) 20.358 ms 20.725 ms 21.097 ms
5 user-24-96-68-97.knology.net (24.96.68.97) 33.174 ms 33.696 ms 34.062 ms
6 GigabitEthernet3-4.ar1.ATL2.gblx.net (64.208.222.209) 42.511 ms 41.419 ms 41.873 ms
7 nlayer.ge-7-0-0.ar1.DCA3.gblx.net (208.51.117.126) 51.489 ms 47.993 ms 48.393 ms
8 occaid.g1-36.ar1.iad1.us.nlayer.net (69.31.31.102) 42.231 ms 45.551 ms 45.906 ms
9 bbr01-g1-0.atln01.occaid.net (216.93.254.143) 47.074 ms 44.833 ms 45.219 ms
10 dcr01-ve22.suwn01.occaid.net (216.93.254.155) 79.615 ms 74.971 ms 75.314 ms
11 usatl01.sixxs.net (216.10.93.2) 81.379 ms 76.161 ms 76.606 ms
######
Did this work? [Y/n] y
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.029 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.024 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.024/0.026/0.029/0.004 ms
######
Did this work? [Y/n] y
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:4830:1700:93::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2001:4830:1700:93::2(2001:4830:1700:93::2) 56 data bytes
64 bytes from 2001:4830:1700:93::2: icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from 2001:4830:1700:93::2: icmp_seq=2 ttl=64 time=0.027 ms
64 bytes from 2001:4830:1700:93::2: icmp_seq=3 ttl=64 time=0.022 ms
--- 2001:4830:1700:93::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.022/0.024/0.027/0.002 ms
######
Did this work? [Y/n] y
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:4830:1700:93::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
PING 2001:4830:1700:93::1(2001:4830:1700:93::1) 56 data bytes
--- 2001:4830:1700:93::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2002ms
######
Did this work? [Y/n] n
Interfaces: (ifconfig -a)
eth0 Link encap:Ethernet HWaddr 00:04:4B:03:04:80
inet addr:10.20.50.55 Bcast:10.20.50.31 Mask:255.255.255.192
inet6 addr: fe80::204:4bff:fe03:480/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1
RX packets:145755547 errors:2 dropped:0 overruns:0 frame:2
TX packets:12423466 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:368105360165 (342.8 GB) TX bytes:2253890757 (2.0 GB)
Interrupt:23 Base address:0xc000
eth1 Link encap:Ethernet HWaddr 00:04:4B:03:04:81
inet addr:10.20.50.38 Bcast:10.20.50.31 Mask:255.255.255.192
inet6 addr: fe80::204:4bff:fe03:481/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:9000 Metric:1
RX packets:1235541 errors:0 dropped:0 overruns:0 frame:0
TX packets:591070 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1278790327 (1.1 GB) TX bytes:55303370 (52.7 MB)
Interrupt:22 Base address:0x6000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:65113 errors:0 dropped:0 overruns:0 frame:0
TX packets:65113 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:10578157 (10.0 MB) TX bytes:10578157 (10.0 MB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
tun0 Link encap:IPv6-in-IPv4
inet6 addr: 2001:4830:1700:93::2/64 Scope:Global
inet6 addr: fe80::a14:3226/64 Scope:Link
inet6 addr: fe80::a14:3237/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
IPv6 Routing Table: (ip -6 ro show)
2001:4830:1700:93::/64 via :: dev tun0 metric 256 expires 17181943sec mtu 1280 advmss 1220 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21294909sec mtu 9000 advmss 1220 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21295303sec mtu 9000 advmss 1220 hoplimit 4294967295
fe80::/64 via :: dev tun0 metric 256 expires 21334301sec mtu 1280 advmss 1220 hoplimit 4294967295
ff00::/8 dev eth0 metric 256 expires 21294909sec mtu 9000 advmss 1220 hoplimit 4294967295
ff00::/8 dev eth1 metric 256 expires 21295303sec mtu 9000 advmss 1220 hoplimit 4294967295
ff00::/8 dev tun0 metric 256 expires 21334301sec mtu 1280 advmss 1220 hoplimit 4294967295
default via 2001:4830:1700:93::1 dev tun0 metric 1024 expires 21334301sec mtu 1280 advmss 1220 hoplimit 4294967295
IPv4 Routing Table: (ip ro show)
10.20.50.0/26 dev eth0 proto kernel scope link src 10.20.50.55
10.20.50.0/26 dev eth1 proto kernel scope link src 10.20.50.38
169.254.0.0/16 dev eth0 scope link metric 1000
default via 10.20.50.1 dev eth1
default via 10.20.50.1 dev eth0 metric 100
Host Firewall: iptables and ip6tables policy set to ACCEPT with no rules
daniel@ender:~$ sudo iptables -nL
[sudo] password for daniel:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
daniel@ender:~$ sudo ip6tables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Router: Linksys WRT54G w/ DD-WRT v23 SP2
DMZ Host: 10.20.50.38
Tried w/ and w/o VPN passthroughs enabled
Tried w/ and w/o Stateful Packet Filtering enabled
In traceroute, I see the packets go out first through tun0 then eth1 destined to the PoP, but nothing is returned.
Here's the relevant log entries from /var/log/syslog
Dec 6 06:36:24 ender aiccu: sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)"
Dec 6 06:36:24 ender aiccu: sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.22-14-generic"
Dec 6 06:36:24 ender aiccu: sock_getline() : "200 Client Identity accepted"
Dec 6 06:36:24 ender aiccu: sock_printf() : "get unixtime"
Dec 6 06:36:24 ender aiccu: sock_getline() : "200 1196944584"
Dec 6 06:36:24 ender aiccu: sock_printf() : "starttls"
Dec 6 06:36:24 ender aiccu: sock_getline() : "400 This service is not SSL enabled (yet)"
Dec 6 06:36:24 ender aiccu: sock_printf() : "username DJG2-SIXXS"
Dec 6 06:36:24 ender aiccu: sock_getline() : "200 Choose your authentication challenge please"
Dec 6 06:36:24 ender aiccu: sock_printf() : "challenge md5"
Dec 6 06:36:24 ender aiccu: sock_getline() : "200 ################################"
Dec 6 06:36:24 ender aiccu: sock_printf() : "authenticate md5 ################################"
Dec 6 06:36:25 ender aiccu: sock_getline() : "200 Succesfully logged in using md5 as DJG2-SIXXS (Daniel Justin Givens) from 24.236.70.83"
Dec 6 06:36:25 ender aiccu: sock_printf() : "tunnel show T13443"
Dec 6 06:36:25 ender aiccu: sock_getline() : "201 Showing tunnel information for T13443"
Dec 6 06:36:25 ender aiccu: sock_getline() : "TunnelId: T13443"
Dec 6 06:36:25 ender aiccu: sock_getline() : "Type: 6in4-heartbeat"
Dec 6 06:36:25 ender aiccu: sock_getline() : "IPv6 Endpoint: 2001:4830:1700:93::2"
Dec 6 06:36:25 ender aiccu: sock_getline() : "IPv6 POP: 2001:4830:1700:93::1"
Dec 6 06:36:25 ender aiccu: sock_getline() : "IPv6 PrefixLength: 64"
Dec 6 06:36:25 ender aiccu: sock_getline() : "Tunnel MTU: 1280"
Dec 6 06:36:25 ender aiccu: sock_getline() : "Tunnel Name: My First Tunnel"
Dec 6 06:36:25 ender aiccu: sock_getline() : "POP Id: usatl01"
Dec 6 06:36:25 ender aiccu: sock_getline() : "IPv4 Endpoint: heartbeat"
Dec 6 06:36:25 ender aiccu: sock_getline() : "IPv4 POP: 216.10.93.2"
Dec 6 06:36:25 ender aiccu: sock_getline() : "UserState: enabled"
Dec 6 06:36:25 ender aiccu: sock_getline() : "AdminState: enabled"
Dec 6 06:36:25 ender aiccu: sock_getline() : "Password: fb61044e310826f8b4aace67b4f13199"
Dec 6 06:36:25 ender aiccu: sock_getline() : "Heartbeat_Interval: 60"
Dec 6 06:36:25 ender aiccu: sock_getline() : "202 Done"
Dec 6 06:36:25 ender aiccu: sock_printf() : "QUIT Schaltet den schmerz ab"
Dec 6 06:36:25 ender aiccu: heartbeat_socket() - IPv4 : 10.20.50.38
Dec 6 06:36:25 ender aiccu: [HB] HEARTBEAT TUNNEL 2001:4830:1700:93::2 sender 1196944585 bb8a58eb4506a9d7109d4dab2e37badb
Dec 6 06:36:25 ender aiccu: [HB] HEARTBEAT TUNNEL 2001:4830:1700:93::2 sender 1196944585 bb8a58eb4506a9d7109d4dab2e37badb
I have noticed that in the tunnel information page, it doesn't look like the tunnel has been accessed at all. I'm confused as to what is messed up and would appreciate any help.
Thank you,
Daniel Givens
Unable to get any return traffic from PoP
Jeroen Massar on Thursday, 06 December 2007 13:57:39
You are behind a NAT, a such (unless you configure your NAT box, which you claim you did) you can't use proto-41 and you need to use AYIYA.
The PoP tells me though that no heartbeat packet has been seen yet.
As such it won't configure the tunnel either.
Check your firewall settings, especially on your gateway.
The tun0 interface above also displays that 0 packets have been sent/received (though that could be because you where playing with upping/downing the interface)
As you have a DD-WRT box, you do realize that you can run aiccu off that and provide IPv6 connectivity to your whole subnet? On the WRT, which is not-natted, you can get away with using heartbeat mode.
Most likely solution to this: use AYIYA.
When that doesn't work, report in the same kind of style as above.
Nice hostname btw, but that guy was able to debug a bit more and figure it out :)
Try running 'tcpdump' on your WRT on the external interface to see what you are sending and getting back.
Unable to get any return traffic from PoP
Shadow Hawkins on Thursday, 06 December 2007 14:23:40
I set the IP of my eth1 as the DMZ IP. Also, I tried AYIYA. I also tried running aiccu off of the WRT and moved to my desktop when that wouldn't work. Also, I don't have enough credits left to switch back to AYIYA since I've switched from Heartbeat to AYIYA and back to Heartbeat again.
Unable to get any return traffic from PoP
Jeroen Massar on Thursday, 06 December 2007 14:32:45
Tried it, but not really tested it I guess, or checked what went wrong. See the point about tcpdumping your connection, it is also mentioned in the "Reporting Problems" part for a reason: that you can see if those packets actually go there or not.
You can always switch tunneltypes, you just get further and further below zero.
Unable to get any return traffic from PoP
Shadow Hawkins on Saturday, 08 December 2007 19:36:00
Switched to AYIYA and tested again (yes, I did test before).
To see if the package was the problem, I downloaded the source for aiccu and compiled it. These tests are run from that binary.
daniel@ender:~/aiccu/unix-console$ sudo ./aiccu test /etc/aiccu.conf
Tunnel Information for T13443:
POP Id : usatl01
IPv6 Local : 2001:4830:1700:93::2/64
IPv6 Remote : 2001:4830:1700:93::1/64
Tunnel Type : ayiya
Adminstate : enabled
Userstate : enabled
#######
####### AICCU Quick Connectivity Test
#######
####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (10.20.50.38)
### This should return so called 'echo replies'
### If it doesn't then check your firewall settings
### Your local endpoint should always be pingable
### It could also indicate problems with your IPv4 stack
PING 10.20.50.38 (10.20.50.38) 56(84) bytes of data.
64 bytes from 10.20.50.38: icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from 10.20.50.38: icmp_seq=2 ttl=64 time=0.018 ms
64 bytes from 10.20.50.38: icmp_seq=3 ttl=64 time=0.009 ms
--- 10.20.50.38 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.009/0.013/0.018/0.004 ms
######
Did this work? [Y/n] y
####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (216.10.93.2)
### These pings should reach the PoP and come back to you
### In case there are problems along the route between your
### host and the PoP this could not return replies
### Check your firewall settings if problems occur
PING 216.10.93.2 (216.10.93.2) 56(84) bytes of data.
64 bytes from 216.10.93.2: icmp_seq=1 ttl=56 time=108 ms
64 bytes from 216.10.93.2: icmp_seq=2 ttl=56 time=103 ms
64 bytes from 216.10.93.2: icmp_seq=3 ttl=56 time=75.4 ms
--- 216.10.93.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 75.456/95.837/108.867/14.596 ms
######
Did this work? [Y/n] y
####### [3/8] Traceroute to the PoP (216.10.93.2) over IPv4
### This traceroute should reach the PoP
### In case this traceroute fails then you have no connectivity
### to the PoP and this is most probably the problem
traceroute to 216.10.93.2 (216.10.93.2), 30 hops max, 40 byte packets
1 gw.rugmonster.org (10.20.50.1) 0.823 ms 1.304 ms 3.004 ms
2 user-24-96-167-89.knology.net (24.96.167.89) 23.630 ms 24.181 ms 30.019 ms
3 user-24-214-2-97.knology.net (24.214.2.97) 30.645 ms 31.090 ms 31.529 ms
4 ge.0-1-0.cr-Mont.AL.US.knology.net (24.214.0.153) 33.107 ms 33.549 ms 33.998 ms
5 user-24-96-68-97.knology.net (24.96.68.97) 45.644 ms 46.231 ms 46.672 ms
6 GigabitEthernet3-4.ar1.ATL2.gblx.net (64.208.222.209) 47.468 ms 46.283 ms 46.707 ms
7 nlayer.ge-7-0-0.ar1.DCA3.gblx.net (208.51.117.126) 60.084 ms 42.475 ms 42.876 ms
8 occaid.g1-36.ar1.iad1.us.nlayer.net (69.31.31.102) 41.502 ms 47.952 ms *
9 bbr01-g1-0.atln01.occaid.net (216.93.254.143) 48.546 ms 46.169 ms 46.966 ms
10 dcr01-ve22.suwn01.occaid.net (216.93.254.155) 84.796 ms 79.458 ms 78.661 ms
11 usatl01.sixxs.net (216.10.93.2) 83.411 ms 82.760 ms 84.176 ms
######
Did this work? [Y/n] y
###### [4/8] Checking if we can ping IPv6 localhost (::1)
### This confirms if your IPv6 is working
### If ::1 doesn't reply then something is wrong with your IPv6 stack
PING ::1(::1) 56 data bytes
64 bytes from ::1: icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from ::1: icmp_seq=2 ttl=64 time=0.015 ms
64 bytes from ::1: icmp_seq=3 ttl=64 time=0.012 ms
--- ::1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.012/0.015/0.020/0.005 ms
######
Did this work? [Y/n] y
###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:4830:1700:93::2)
### This confirms that your tunnel is configured
### If it doesn't reply then check your interface and routing tables
PING 2001:4830:1700:93::2(2001:4830:1700:93::2) 56 data bytes
64 bytes from 2001:4830:1700:93::2: icmp_seq=1 ttl=64 time=0.016 ms
64 bytes from 2001:4830:1700:93::2: icmp_seq=2 ttl=64 time=0.015 ms
64 bytes from 2001:4830:1700:93::2: icmp_seq=3 ttl=64 time=0.013 ms
--- 2001:4830:1700:93::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.013/0.014/0.016/0.004 ms
######
Did this work? [Y/n] y
###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:4830:1700:93::1)
### This confirms the reachability of the other side of the tunnel
### If it doesn't reply then check your interface and routing tables
### Don't forget to check your firewall of course
### If the previous test was succesful then this could be both
### a firewalling and a routing/interface problem
PING 2001:4830:1700:93::1(2001:4830:1700:93::1) 56 data bytes
--- 2001:4830:1700:93::1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2010ms
######
Did this work? [Y/n] n
Here are corresponding log entries during that test from /var/log/syslog
Dec 8 12:25:05 ender aiccu: sock_getline() : "200 SixXS TIC Service on noc.sixxs.net ready (http://www.sixxs.net)"
Dec 8 12:25:05 ender aiccu: sock_printf() : "client TIC/draft-00 AICCU/2007.01.15-console-linux Linux/2.6.22-14-generic"
Dec 8 12:25:05 ender aiccu: sock_getline() : "200 Client Identity accepted"
Dec 8 12:25:05 ender aiccu: sock_printf() : "get unixtime"
Dec 8 12:25:05 ender aiccu: sock_getline() : "200 1197138305"
Dec 8 12:25:05 ender aiccu: sock_printf() : "starttls"
Dec 8 12:25:05 ender aiccu: sock_getline() : "400 This service is not SSL enabled (yet)"
Dec 8 12:25:05 ender aiccu: TIC Server does not support TLS but TLS is not required, continuing
Dec 8 12:25:05 ender aiccu: sock_printf() : "username DJG2-SIXXS"
Dec 8 12:25:05 ender aiccu: sock_getline() : "200 Choose your authentication challenge please"
Dec 8 12:25:05 ender aiccu: sock_printf() : "challenge md5"
Dec 8 12:25:05 ender aiccu: sock_getline() : "200 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Dec 8 12:25:05 ender aiccu: sock_printf() : "authenticate md5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Dec 8 12:25:06 ender aiccu: sock_getline() : "200 Succesfully logged in using md5 as DJG2-SIXXS (Daniel Justin Givens) from 24.236.70.83"
Dec 8 12:25:06 ender aiccu: sock_printf() : "tunnel show T13443"
Dec 8 12:25:06 ender aiccu: sock_getline() : "201 Showing tunnel information for T13443"
Dec 8 12:25:06 ender aiccu: sock_getline() : "TunnelId: T13443"
Dec 8 12:25:06 ender aiccu: sock_getline() : "Type: ayiya"
Dec 8 12:25:06 ender aiccu: sock_getline() : "IPv6 Endpoint: 2001:4830:1700:93::2"
Dec 8 12:25:06 ender aiccu: sock_getline() : "IPv6 POP: 2001:4830:1700:93::1"
Dec 8 12:25:06 ender aiccu: sock_getline() : "IPv6 PrefixLength: 64"
Dec 8 12:25:06 ender aiccu: sock_getline() : "Tunnel MTU: 1280"
Dec 8 12:25:06 ender aiccu: sock_getline() : "Tunnel Name: My First Tunnel"
Dec 8 12:25:06 ender aiccu: sock_getline() : "POP Id: usatl01"
Dec 8 12:25:06 ender aiccu: sock_getline() : "IPv4 Endpoint: ayiya"
Dec 8 12:25:06 ender aiccu: sock_getline() : "IPv4 POP: 216.10.93.2"
Dec 8 12:25:06 ender aiccu: sock_getline() : "UserState: enabled"
Dec 8 12:25:06 ender aiccu: sock_getline() : "AdminState: enabled"
Dec 8 12:25:06 ender aiccu: sock_getline() : "Password: 7ceaf4634279144d7ded31c025a0c728"
Dec 8 12:25:06 ender aiccu: sock_getline() : "Heartbeat_Interval: 60"
Dec 8 12:25:06 ender aiccu: sock_getline() : "202 Done"
Dec 8 12:25:06 ender aiccu: Succesfully retrieved tunnel information for T13443
Dec 8 12:25:06 ender aiccu: sock_printf() : "QUIT Zij die gaan, groeten u"
Dec 8 12:25:06 ender kernel: [525298.280357] aiccu: Disabled Privacy Extensions
Dec 8 12:25:06 ender aiccu: [AYIYA-start] : Anything in Anything (draft-02)
Dec 8 12:25:06 ender aiccu: heartbeat_socket() - IPv4 : 10.20.50.38
Dec 8 12:25:06 ender aiccu: [AYIYA-tun->tundev] : (Socket to TUN) started
Dec 8 12:25:15 ender kernel: [525307.290528] aiccu: no IPv6 routers present
Corresponding tcpdump output from the gateway
VLAN1 - The external interface on the WRT54G
tcpdump -ni vlan1 '( src host 24.236.70.83 or src host 10.20.50.38 or src host 216.10.93.2 ) and ( dst host 216.10.93.2 or dst host 24.236.70.83 or dst host 10.20.50.38 )'
18:25:06.704588 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 92
18:25:06.706651 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 44
18:25:06.707278 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 44
18:25:10.707447 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 92
18:25:13.213288 IP 24.236.70.83 > 216.10.93.2: ICMP echo request, id 20996, seq 1, length 64
18:25:13.320850 IP 216.10.93.2 > 24.236.70.83: ICMP echo reply, id 20996, seq 1, length 64
18:25:14.212304 IP 24.236.70.83 > 216.10.93.2: ICMP echo request, id 20996, seq 2, length 64
18:25:14.314184 IP 216.10.93.2 > 24.236.70.83: ICMP echo reply, id 20996, seq 2, length 64
18:25:14.707763 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 92
18:25:15.211882 IP 24.236.70.83 > 216.10.93.2: ICMP echo request, id 20996, seq 3, length 64
18:25:15.286018 IP 216.10.93.2 > 24.236.70.83: ICMP echo reply, id 20996, seq 3, length 64
18:25:16.528864 IP 24.236.70.83.33688 > 216.10.93.2.33437: UDP, length 40
18:25:16.529502 IP 24.236.70.83.33689 > 216.10.93.2.33438: UDP, length 40
18:25:16.530134 IP 24.236.70.83.33690 > 216.10.93.2.33439: UDP, length 40
18:25:16.530769 IP 24.236.70.83.33691 > 216.10.93.2.33440: UDP, length 40
18:25:16.531397 IP 24.236.70.83.33692 > 216.10.93.2.33441: UDP, length 40
18:25:16.532025 IP 24.236.70.83.33693 > 216.10.93.2.33442: UDP, length 40
18:25:16.532660 IP 24.236.70.83.33694 > 216.10.93.2.33443: UDP, length 40
18:25:16.533351 IP 24.236.70.83.33695 > 216.10.93.2.33444: UDP, length 40
18:25:16.533992 IP 24.236.70.83.33696 > 216.10.93.2.33445: UDP, length 40
18:25:16.534624 IP 24.236.70.83.33697 > 216.10.93.2.33446: UDP, length 40
18:25:16.535263 IP 24.236.70.83.33698 > 216.10.93.2.33447: UDP, length 40
18:25:16.535901 IP 24.236.70.83.33699 > 216.10.93.2.33448: UDP, length 40
18:25:16.536534 IP 24.236.70.83.33700 > 216.10.93.2.33449: UDP, length 40
18:25:16.537489 IP 24.236.70.83.33701 > 216.10.93.2.33450: UDP, length 40
18:25:16.538165 IP 24.236.70.83.33702 > 216.10.93.2.33451: UDP, length 40
18:25:16.538796 IP 24.236.70.83.33703 > 216.10.93.2.33452: UDP, length 40
18:25:16.550331 IP 24.236.70.83.33704 > 216.10.93.2.33453: UDP, length 40
18:25:16.550969 IP 24.236.70.83.33705 > 216.10.93.2.33454: UDP, length 40
18:25:16.557926 IP 24.236.70.83.33706 > 216.10.93.2.33455: UDP, length 40
18:25:16.559924 IP 24.236.70.83.33707 > 216.10.93.2.33456: UDP, length 40
18:25:16.560563 IP 24.236.70.83.33708 > 216.10.93.2.33457: UDP, length 40
18:25:16.561580 IP 24.236.70.83.33709 > 216.10.93.2.33458: UDP, length 40
18:25:16.562219 IP 24.236.70.83.33710 > 216.10.93.2.33459: UDP, length 40
18:25:16.562852 IP 24.236.70.83.33711 > 216.10.93.2.33460: UDP, length 40
18:25:16.563490 IP 24.236.70.83.33712 > 216.10.93.2.33461: UDP, length 40
18:25:16.574327 IP 24.236.70.83.33713 > 216.10.93.2.33462: UDP, length 40
18:25:16.574974 IP 24.236.70.83.33714 > 216.10.93.2.33463: UDP, length 40
18:25:16.576003 IP 24.236.70.83.33715 > 216.10.93.2.33464: UDP, length 40
18:25:16.576641 IP 24.236.70.83.33716 > 216.10.93.2.33465: UDP, length 40
18:25:16.577284 IP 24.236.70.83.33717 > 216.10.93.2.33466: UDP, length 40
18:25:16.577976 IP 24.236.70.83.33718 > 216.10.93.2.33467: UDP, length 40
18:25:16.589692 IP 24.236.70.83.33719 > 216.10.93.2.33468: UDP, length 40
18:25:16.593128 IP 24.236.70.83.33720 > 216.10.93.2.33469: UDP, length 40
18:25:16.593920 IP 24.236.70.83.33721 > 216.10.93.2.33470: UDP, length 40
18:25:16.598061 IP 24.236.70.83.33722 > 216.10.93.2.33471: UDP, length 40
18:25:16.606791 IP 24.236.70.83.33723 > 216.10.93.2.33472: UDP, length 40
18:25:16.607447 IP 24.236.70.83.33724 > 216.10.93.2.33473: UDP, length 40
18:25:16.608145 IP 24.236.70.83.33725 > 216.10.93.2.33474: UDP, length 40
18:25:16.608955 IP 24.236.70.83.33726 > 216.10.93.2.33475: UDP, length 40
18:25:16.644951 IP 24.236.70.83.33727 > 216.10.93.2.33476: UDP, length 40
18:25:16.651580 IP 24.236.70.83.33728 > 216.10.93.2.33477: UDP, length 40
18:25:16.652388 IP 24.236.70.83.33729 > 216.10.93.2.33478: UDP, length 40
18:25:16.654913 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33464 unreachable, length 36
18:25:16.655583 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33465 unreachable, length 36
18:25:16.656966 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33466 unreachable, length 36
18:25:16.657668 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33467 unreachable, length 36
18:25:16.670854 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33468 unreachable, length 36
18:25:16.676087 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33470 unreachable, length 36
18:25:16.676749 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33469 unreachable, length 36
18:25:16.676805 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33471 unreachable, length 36
18:25:16.683342 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33472 unreachable, length 36
18:25:16.683987 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33473 unreachable, length 36
18:25:16.691742 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33474 unreachable, length 36
18:25:16.692430 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33475 unreachable, length 36
18:25:16.721193 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33476 unreachable, length 36
18:25:16.726506 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33478 unreachable, length 36
18:25:16.727168 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33477 unreachable, length 36
18:25:29.870288 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 148
18:25:30.880850 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 148
18:25:31.880913 IP 24.236.70.83.33683 > 216.10.93.2.5072: UDP, length 148
BR0 - The internal interface on the WRT54G
18:25:06.703991 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 92
18:25:06.706176 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 44
18:25:06.706826 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 44
18:25:10.706997 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 92
18:25:13.212682 IP 10.20.50.38 > 216.10.93.2: ICMP echo request, id 20996, seq 1, length 64
18:25:13.321299 IP 216.10.93.2 > 10.20.50.38: ICMP echo reply, id 20996, seq 1, length 64
18:25:14.211692 IP 10.20.50.38 > 216.10.93.2: ICMP echo request, id 20996, seq 2, length 64
18:25:14.314630 IP 216.10.93.2 > 10.20.50.38: ICMP echo reply, id 20996, seq 2, length 64
18:25:14.707272 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 92
18:25:15.211267 IP 10.20.50.38 > 216.10.93.2: ICMP echo request, id 20996, seq 3, length 64
18:25:15.286469 IP 216.10.93.2 > 10.20.50.38: ICMP echo reply, id 20996, seq 3, length 64
18:25:16.525438 IP 10.20.50.38.33685 > 216.10.93.2.33434: UDP, length 40
18:25:16.525554 IP 10.20.50.38.33686 > 216.10.93.2.33435: UDP, length 40
18:25:16.526694 IP 10.20.50.38.33687 > 216.10.93.2.33436: UDP, length 40
18:25:16.526793 IP 10.20.50.38.33688 > 216.10.93.2.33437: UDP, length 40
18:25:16.526871 IP 10.20.50.38.33689 > 216.10.93.2.33438: UDP, length 40
18:25:16.526948 IP 10.20.50.38.33690 > 216.10.93.2.33439: UDP, length 40
18:25:16.527023 IP 10.20.50.38.33691 > 216.10.93.2.33440: UDP, length 40
18:25:16.527098 IP 10.20.50.38.33692 > 216.10.93.2.33441: UDP, length 40
18:25:16.527172 IP 10.20.50.38.33693 > 216.10.93.2.33442: UDP, length 40
18:25:16.527248 IP 10.20.50.38.33694 > 216.10.93.2.33443: UDP, length 40
18:25:16.527327 IP 10.20.50.38.33695 > 216.10.93.2.33444: UDP, length 40
18:25:16.527405 IP 10.20.50.38.33696 > 216.10.93.2.33445: UDP, length 40
18:25:16.527481 IP 10.20.50.38.33697 > 216.10.93.2.33446: UDP, length 40
18:25:16.527606 IP 10.20.50.38.33698 > 216.10.93.2.33447: UDP, length 40
18:25:16.527690 IP 10.20.50.38.33699 > 216.10.93.2.33448: UDP, length 40
18:25:16.527765 IP 10.20.50.38.33700 > 216.10.93.2.33449: UDP, length 40
18:25:16.536719 IP 10.20.50.38.33701 > 216.10.93.2.33450: UDP, length 40
18:25:16.536823 IP 10.20.50.38.33702 > 216.10.93.2.33451: UDP, length 40
18:25:16.536900 IP 10.20.50.38.33703 > 216.10.93.2.33452: UDP, length 40
18:25:16.549636 IP 10.20.50.38.33704 > 216.10.93.2.33453: UDP, length 40
18:25:16.549743 IP 10.20.50.38.33705 > 216.10.93.2.33454: UDP, length 40
18:25:16.556982 IP 10.20.50.38.33706 > 216.10.93.2.33455: UDP, length 40
18:25:16.557199 IP 10.20.50.38.33707 > 216.10.93.2.33456: UDP, length 40
18:25:16.557271 IP 10.20.50.38.33708 > 216.10.93.2.33457: UDP, length 40
18:25:16.560737 IP 10.20.50.38.33709 > 216.10.93.2.33458: UDP, length 40
18:25:16.560843 IP 10.20.50.38.33710 > 216.10.93.2.33459: UDP, length 40
18:25:16.560920 IP 10.20.50.38.33711 > 216.10.93.2.33460: UDP, length 40
18:25:16.560997 IP 10.20.50.38.33712 > 216.10.93.2.33461: UDP, length 40
18:25:16.572291 IP 10.20.50.38.33713 > 216.10.93.2.33462: UDP, length 40
18:25:16.572375 IP 10.20.50.38.33714 > 216.10.93.2.33463: UDP, length 40
18:25:16.575149 IP 10.20.50.38.33715 > 216.10.93.2.33464: UDP, length 40
18:25:16.575255 IP 10.20.50.38.33716 > 216.10.93.2.33465: UDP, length 40
18:25:16.575334 IP 10.20.50.38.33717 > 216.10.93.2.33466: UDP, length 40
18:25:16.575412 IP 10.20.50.38.33718 > 216.10.93.2.33467: UDP, length 40
18:25:16.589078 IP 10.20.50.38.33719 > 216.10.93.2.33468: UDP, length 40
18:25:16.592503 IP 10.20.50.38.33720 > 216.10.93.2.33469: UDP, length 40
18:25:16.593310 IP 10.20.50.38.33721 > 216.10.93.2.33470: UDP, length 40
18:25:16.597398 IP 10.20.50.38.33722 > 216.10.93.2.33471: UDP, length 40
18:25:16.606006 IP 10.20.50.38.33723 > 216.10.93.2.33472: UDP, length 40
18:25:16.606110 IP 10.20.50.38.33724 > 216.10.93.2.33473: UDP, length 40
18:25:16.606188 IP 10.20.50.38.33725 > 216.10.93.2.33474: UDP, length 40
18:25:16.608322 IP 10.20.50.38.33726 > 216.10.93.2.33475: UDP, length 40
18:25:16.644339 IP 10.20.50.38.33727 > 216.10.93.2.33476: UDP, length 40
18:25:16.650957 IP 10.20.50.38.33728 > 216.10.93.2.33477: UDP, length 40
18:25:16.651763 IP 10.20.50.38.33729 > 216.10.93.2.33478: UDP, length 40
18:25:16.655390 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33464 unreachable, length 36
18:25:16.656030 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33465 unreachable, length 36
18:25:16.657419 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33466 unreachable, length 36
18:25:16.658114 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33467 unreachable, length 36
18:25:16.671309 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33468 unreachable, length 36
18:25:16.676551 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33470 unreachable, length 36
18:25:16.677225 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33469 unreachable, length 36
18:25:16.677808 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33471 unreachable, length 36
18:25:16.683789 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33472 unreachable, length 36
18:25:16.684429 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33473 unreachable, length 36
18:25:16.692201 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33474 unreachable, length 36
18:25:16.692857 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33475 unreachable, length 36
18:25:16.721636 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33476 unreachable, length 36
18:25:16.726959 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33478 unreachable, length 36
18:25:16.727646 IP 216.10.93.2 > 10.20.50.38: ICMP 216.10.93.2 udp port 33477 unreachable, length 36
18:25:29.869829 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 148
18:25:30.880390 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 148
18:25:31.880458 IP 10.20.50.38.33683 > 216.10.93.2.5072: UDP, length 148
It looks like the traffic to the PoP is going out, but nothing is coming back.
And again, the routing tables and interface information
daniel@ender:~$ ip -6 addr sh
1: lo: <LOOPBACK,UP,10000> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 9000 qlen 1000
inet6 fe80::204:4bff:fe03:480/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 9000 qlen 1000
inet6 fe80::204:4bff:fe03:481/64 scope link
valid_lft forever preferred_lft forever
53: aiccu: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qlen 500
inet6 2001:4830:1700:93::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4830:1700:93:2/64 scope link
valid_lft forever preferred_lft forever
daniel@ender:~$ ip addr sh
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 9000 qdisc pfifo_fast qlen 1000
link/ether 00:04:4b:03:04:80 brd ff:ff:ff:ff:ff:ff
inet 10.20.50.55/26 brd 10.20.50.31 scope global eth0
inet6 fe80::204:4bff:fe03:480/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 9000 qdisc pfifo_fast qlen 1000
link/ether 00:04:4b:03:04:81 brd ff:ff:ff:ff:ff:ff
inet 10.20.50.38/26 brd 10.20.50.31 scope global eth1
inet6 fe80::204:4bff:fe03:481/64 scope link
valid_lft forever preferred_lft forever
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
53: aiccu: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1280 qdisc pfifo_fast qlen 500
link/[65534]
inet6 2001:4830:1700:93::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4830:1700:93:2/64 scope link
valid_lft forever preferred_lft forever
daniel@ender:~$ ip -6 ro sh
2001:4830:1700:93::/64 dev aiccu metric 256 expires 17181963sec mtu 1280 advmss 1220 hoplimit 4294967295
fe80::/64 dev eth0 metric 256 expires 21060796sec mtu 9000 advmss 1220 hoplimit 4294967295
fe80::/64 dev eth1 metric 256 expires 21061190sec mtu 9000 advmss 1220 hoplimit 4294967295
fe80::/64 dev aiccu metric 256 expires 21334322sec mtu 1280 advmss 1220 hoplimit 4294967295
ff00::/8 dev eth0 metric 256 expires 21060796sec mtu 9000 advmss 1220 hoplimit 4294967295
ff00::/8 dev eth1 metric 256 expires 21061190sec mtu 9000 advmss 1220 hoplimit 4294967295
ff00::/8 dev aiccu metric 256 expires 21334322sec mtu 1280 advmss 1220 hoplimit 4294967295
default via 2001:4830:1700:93::1 dev aiccu metric 1024 expires 21334322sec mtu 1280 advmss 1220 hoplimit 4294967295
daniel@ender:~$ ip ro sh
10.20.50.0/26 dev eth0 proto kernel scope link src 10.20.50.55
10.20.50.0/26 dev eth1 proto kernel scope link src 10.20.50.38
169.254.0.0/16 dev eth0 scope link metric 1000
default via 10.20.50.1 dev eth1
default via 10.20.50.1 dev eth0 metric 100
And finally, my aiccu.conf
daniel@ender:~/aiccu/unix-console$ sudo cat /etc/aiccu.conf
# Under control from debconf, please use 'dpkg-reconfigure aiccu' to reconfigure
username DJG2-SIXXS
password ###############
tunnel_id T13443
# AICCU Configuration
# Login information (defaults: none)
#username <your nichandle/username>
#password <your password>
# Protocol and server to use for setting up the tunnel (defaults: none)
#protocol <tic|tsp|l2tp>
#server <server to use>
# Interface names to use (default: aiccu)
# ipv6_interface is the name of the interface that will be used as a tunnel interface.
# On *BSD the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels
# or tunX (eg tun0) for AYIYA tunnels.
ipv6_interface aiccu
# The tunnel_id to use (default: none)
# (only required when there are multiple tunnels in the list)
#tunnel_id Txxxx
# Be verbose? (default: false)
verbose true
# Daemonize? (default: true)
# Set to false if you want to see any output
# When true output goes to syslog
#
# WARNING: never run AICCU from DaemonTools or a similar automated
# 'restart' tool/script. When AICCU does not start, it has a reason
# not to start which it gives on either the stdout or in the (sys)log
# file. The TIC server *will* automatically disable accounts which
# are detected to run in this mode.
#
daemonize true
# Automatic Login and Tunnel activation?
automatic true
# Require TLS?
# When set to true, if TLS is not supported on the server
# the TIC transaction will fail.
# When set to false, it will try a starttls, when that is
# not supported it will continue.
# In any case if AICCU is build with TLS support it will
# try to do a 'starttls' to the TIC server to see if that
# is supported.
requiretls false
# PID File
#pidfile /var/run/aiccu.pid
# Add a default route (default: true)
#defaultroute true
# Script to run after setting up the interfaces (default: none)
#setupscript /usr/local/etc/aiccu-subnets.sh
# Make heartbeats (default true)
# In general you don't want to turn this off
# Of course only applies to AYIYA and heartbeat tunnels not to static ones
#makebeats true
# Don't configure anything (default: false)
#noconfigure true
# Behind NAT (default: false)
# Notify the user that a NAT-kind network is detected
behindnat true
# Local IPv4 Override (default: none)
# Overrides the IPv4 parameter received from TIC
# This allows one to configure a NAT into "DMZ" mode and then
# forwarding the proto-41 packets to an internal host.
#
# This is only needed for static proto-41 tunnels!
# AYIYA and heartbeat tunnels don't require this.
#local_ipv4_override
State change: user
Jeroen Massar on Thursday, 06 December 2007 13:51:25
The state of this ticket has been changed to user
Posting is only allowed when you are logged in. |