SixXS::Sunset 2017-06-06

Ticket ID: SIXXS #990209
Ticket Status: User

PoP: uschi02 - Your.Org, Inc. (Chicago, Illinois)

Tunnel Endpoint Connectivity Problem
[ca] Shadow Hawkins on Tuesday, 03 March 2009 19:04:09
Hello, I've been having trouble with my IPv6 connectivity. This has happened before, normally it would either resolve itself or rebooting my router where the tunnel was connected would fix it. The router is running the chrushedhat build of DD-WRT (https://www.sixxs.net/forum/?msg=setup-766464). The machines behind the router are a Windows XP SP3 & Linux box. My tunnel is T18703, the subnet is R7932. I cannot ping the tunnel endpoint (IPv6) or any IPv6 address from the router or a computer behind the router. The problem is I'll be in an IPSO Interop test on March 4th (aka: tomorrow!) so I really need to get my IPv6 connectivity back. I'm not super-experience in the tunnel setup, so if I'm doing something stupid or forgot to include some other useful information please let me know!! *******************The results of a aiccu test show******************* root@WRT54GL:~# aiccu test /jffs/etc/aiccu.conf ####### ####### AICCU Quick Connectivity Test ####### ####### [1/8] Ping the IPv4 Local/Your Outer Endpoint (10.0.1.2) ### This should return so called 'echo replies' ### If it doesn't then check your firewall settings ### Your local endpoint should always be pingable ### It could also indicate problems with your IPv4 stack PING 10.0.1.2 (10.0.1.2): 56 data bytes 64 bytes from 10.0.1.2: seq=0 ttl=64 time=1.035 ms 64 bytes from 10.0.1.2: seq=1 ttl=64 time=0.736 ms 64 bytes from 10.0.1.2: seq=2 ttl=64 time=0.732 ms --- 10.0.1.2 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.732/0.834/1.035 ms ###### Did this work? [Y/n] yes ####### [2/8] Ping the IPv4 Remote/PoP Outer Endpoint (216.14.98.22) ### These pings should reach the PoP and come back to you ### In case there are problems along the route between your ### host and the PoP this could not return replies ### Check your firewall settings if problems occur PING 216.14.98.22 (216.14.98.22): 56 data bytes 64 bytes from 216.14.98.22: seq=0 ttl=53 time=189.631 ms 64 bytes from 216.14.98.22: seq=1 ttl=53 time=41.236 ms 64 bytes from 216.14.98.22: seq=2 ttl=53 time=40.444 ms --- 216.14.98.22 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 40.444/90.437/189.631 ms ###### Did this work? [Y/n] yes ####### [3/8] Traceroute to the PoP (216.14.98.22) over IPv4 ### This traceroute should reach the PoP ### In case this traceroute fails then you have no connectivity ### to the PoP and this is most probably the problem traceroute to 216.14.98.22 (216.14.98.22), 30 hops max, 38 byte packets 1 10.0.1.1 (10.0.1.1) 0.931 ms 0.826 ms 0.755 ms 2 blk-215-116-1.eastlink.ca (24.215.116.1) 8.380 ms 9.904 ms 11.506 ms 3 hlfx-asr2.eastlink.ca (24.222.226.5) 10.293 ms 9.846 ms 9.379 ms 4 hlfx-br1.eastlink.ca (24.222.79.205) 8.290 ms 10.104 ms 8.920 ms 5 xe-11-0-0.bar2.Boston1.Level3.net (4.79.2.89) 21.032 ms 16.639 ms 24.185 ms 6 ae-0-11.bar1.Boston1.Level3.net (4.69.140.89) 16.089 ms 16.266 ms 18.620 ms 7 ae-5-5.ebr1.Chicago1.Level3.net (4.69.140.94) 51.281 ms 51.234 ms 40.244 ms 8 ae-13-55.car3.Chicago1.Level3.net (4.68.101.135) 40.044 ms 40.342 ms 37.8 40 ms 9 261.xe-0-3-0.cr2.ord1.us.scnet.net (4.71.100.26) 37.849 ms 37.636 ms 38.0 52 ms 10 v21.ar1.ord1.us.scnet.net (216.246.95.243) 43.450 ms 52.126 ms 42.120 ms 11 as19255.ge1-48.ar1.ord1.us.scnet.net (64.202.111.37) 73.678 ms 40.689 ms 37.740 ms 12 sixxs.cx01.chi.bb.your.org (216.14.98.22) 37.942 ms 38.120 ms 39.365 ms ###### Did this work? [Y/n] yes ###### [4/8] Checking if we can ping IPv6 localhost (::1) ### This confirms if your IPv6 is working ### If ::1 doesn't reply then something is wrong with your IPv6 stack PING ::1 (::1): 56 data bytes 64 bytes from ::1: seq=0 ttl=64 time=0.790 ms 64 bytes from ::1: seq=1 ttl=64 time=0.580 ms 64 bytes from ::1: seq=2 ttl=64 time=0.586 ms --- ::1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.580/0.652/0.790 ms ###### Did this work? [Y/n] yes ###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:4978:f:240::2) ### This confirms that your tunnel is configured ### If it doesn't reply then check your interface and routing tables PING 2001:4978:f:240::2 (2001:4978:f:240::2): 56 data bytes 64 bytes from 2001:4978:f:240::2: seq=0 ttl=64 time=0.785 ms 64 bytes from 2001:4978:f:240::2: seq=1 ttl=64 time=0.648 ms 64 bytes from 2001:4978:f:240::2: seq=2 ttl=64 time=0.652 ms --- 2001:4978:f:240::2 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max = 0.648/0.695/0.785 ms ###### Did this work? [Y/n] yes ###### [6/8] Ping the IPv6 Remote/PoP Inner Tunnel Endpoint (2001:4978:f:240::1) ### This confirms the reachability of the other side of the tunnel ### If it doesn't reply then check your interface and routing tables ### Don't forget to check your firewall of course ### If the previous test was succesful then this could be both ### a firewalling and a routing/interface problem PING 2001:4978:f:240::1 (2001:4978:f:240::1): 56 data bytes --- 2001:4978:f:240::1 ping statistics --- 3 packets transmitted, 0 packets received, 100% packet loss ###### Did this work? [Y/n] n **************Kernel Routing Tables***************** root@WRT54GL:~# ip -6 route list 2001:4978:1e1::/64 dev br0 metric 256 mtu 1500 advmss 1220 2001:4978:1e1:1::/64 via 2001:4978:1e1:0:1af0:9fff:fee5:18f2 dev br0 metric 102 4 mtu 1500 advmss 1220 fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1220 fe80::/64 dev eth1 metric 256 mtu 1500 advmss 1220 fe80::/64 dev vlan0 metric 256 mtu 1500 advmss 1220 fe80::/64 dev br0 metric 256 mtu 1500 advmss 1220 fe80::/64 dev vlan1 metric 256 mtu 1500 advmss 1220 ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1220 ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1220 ff00::/8 dev vlan0 metric 256 mtu 1500 advmss 1220 ff00::/8 dev br0 metric 256 mtu 1500 advmss 1220 ff00::/8 dev vlan1 metric 256 mtu 1500 advmss 1220 unreachable default dev lo proto none metric -1 error -128 advmss 1220 ************ip tables special rules***************** The following are run at startup: iptables -t nat -D POSTROUTING -o vlan1 -j MASQUERADE iptables -t nat -I POSTROUTING -p ! ipv6 -o vlan1 -j MASQUERADE *************ifconfig****************************** root@WRT54GL:~# ifconfig br0 Link encap:Ethernet HWaddr 00:22:6B:69:E9:99 inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::222:6bff:fe69:e999/64 Scope:Link inet6 addr: 2001:4978:1e1::/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:30885 errors:0 dropped:0 overruns:0 frame:0 TX packets:39218 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3225139 (3.0 MiB) TX bytes:25682119 (24.4 MiB) br0:0 Link encap:Ethernet HWaddr 00:22:6B:69:E9:99 inet addr:169.254.255.1 Bcast:169.254.255.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 eth0 Link encap:Ethernet HWaddr 00:22:6B:69:E9:99 inet6 addr: fe80::222:6bff:fe69:e999/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:62066 errors:0 dropped:0 overruns:0 frame:0 TX packets:61224 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:26526908 (25.2 MiB) TX bytes:28612900 (27.2 MiB) Interrupt:4 eth1 Link encap:Ethernet HWaddr 00:22:6B:69:E9:9B inet6 addr: fe80::222:6bff:fe69:e99b/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:3337 TX packets:0 errors:51 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:2 Base address:0x5000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1 RX packets:223 errors:0 dropped:0 overruns:0 frame:0 TX packets:223 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:19837 (19.3 KiB) TX bytes:19837 (19.3 KiB) sixxs Link encap:IPv6-in-IPv4 inet6 addr: fe80::a9fe:ff01/64 Scope:Link inet6 addr: fe80::a00:102/64 Scope:Link inet6 addr: fe80::c0a8:101/64 Scope:Link inet6 addr: 2001:4978:f:240::2/64 Scope:Global UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:447 (447.0 B) vlan0 Link encap:Ethernet HWaddr 00:22:6B:69:E9:99 inet6 addr: fe80::222:6bff:fe69:e999/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:30890 errors:0 dropped:0 overruns:0 frame:0 TX packets:39219 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3348917 (3.1 MiB) TX bytes:25839085 (24.6 MiB) vlan1 Link encap:Ethernet HWaddr 00:22:6B:69:E9:9A inet addr:10.0.1.2 Bcast:10.0.1.255 Mask:255.255.255.0 inet6 addr: fe80::222:6bff:fe69:e99a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:29653 errors:0 dropped:0 overruns:0 frame:0 TX packets:22005 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:21990823 (20.9 MiB) TX bytes:2489080 (2.3 MiB)
State change: user Locked
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 March 2009 21:03:58
Message is Locked
The state of this ticket has been changed to user
Tunnel Endpoint Connectivity Problem
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 March 2009 21:19:54
You have RFC1918 addresses only, which thus means you are behind a NAT towards the Internet. Is that NAT properly configured to forward proto-41 packets? Your routing table doesn't include routes for the tunnel, did you stop aiccu when listing it? It also looks like you are doing NAT on the box itself, is that correct? Especially when you are going to some other place with your tunnel, where you most likely do not control the network, you will want to convert your tunnel to an AYIYA tunnel and then use that, as that does cross NATs.
Tunnel Endpoint Connectivity Problem
[ca] Shadow Hawkins on Tuesday, 03 March 2009 22:43:11
Yes - aiccu was accidentally stopped when reporting, except for the 'ifconfig' where it was running. So the 'tunnel type' should just be changed to AIYYA? That is what I originally had it, I changed to to 6-to-4 heartbeat today only when I was trying to get this working. If you look at my network history graph, you can see where the tunnel seems to drop out every so often historically. https://www.sixxs.net/home/tunnelinfo/latency/?type=latency&graphtime=1week&pop=uschi02&ip=2001:4978:f:240::2 is the graph I mean - there are breaks in it, that seemed to correspond with where my tunnel was down.
Is that NAT properly configured to forward proto-41 packets
Probably not! The 6-to-4 was just a last-ditch effort there. The NAT is an Apple Router, which I can get control of but don't have direct access to. Hence it is much preferable to use AYIYA then. As you can see I'm somewhat "fiddling to it works" (or breaks more). I've temporarily changed to a HE tunnel while trying to resolve this. I'll try again tomorrow after the event, as I don't want the tunnel to go down again part-way through the event... Thanks for your help & patience!

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker