AndrejaKo
Newbie
Posts: 16
|
 |
« on: February 25, 2011, 08:00:16 am » |
|
I'm having really bad luck with IPv6! I finally managed to get a router which can run OpenWRT and then I spent several days setting up IPv6 connection to SixXs using AICCU, because it looked easier than HE.net. After I set everything up nicely, my PoP started acting up and going down all the time. Fine. I then spent several days researching and experimenting with HE and managed to have my router set up a tunnel and have it hand out addresses using radvd. After that I noticed that only web-site that works is ipv6.google.com! I can ping sixxs, he, kame and others fine, and I can get traceroutes to them but when I type the URL into firefox, it doesn't load. It's just in loading state. Here's for example my tracert for ipv6.he.net: Tracing route to ipv6.he.net [2001:470:0:64::2]
over a maximum of 30 hops:
1 <1 ms 1 ms 1 ms 2001:470:1f0b:de5::1
2 62 ms 63 ms 62 ms andrejako-1.tunnel.tserv6.fra1.ipv6.he.net [2001:470:1f0a:de5::1]
3 60 ms 60 ms 63 ms gige-g2-4.core1.fra1.he.net [2001:470:0:69::1]
4 63 ms 68 ms 68 ms 10gigabitethernet1-4.core1.ams1.he.net [2001:470:0:47::1]
5 84 ms 74 ms 76 ms 10gigabitethernet1-4.core1.lon1.he.net [2001:470:0:3f::1]
6 146 ms 147 ms 151 ms 10gigabitethernet4-4.core1.nyc4.he.net [2001:470:0:128::1]
7 200 ms 198 ms 202 ms 10gigabitethernet5-3.core1.lax1.he.net [2001:470:0:10e::1]
8 219 ms * 210 ms 10gigabitethernet2-2.core1.fmt2.he.net [2001:470:0:18d::1]
9 221 ms 338 ms 209 ms gige-g4-18.core1.fmt1.he.net [2001:470:0:2d::1]
10 206 ms 210 ms 207 ms ipv6.he.net [2001:470:0:64::2]
Trace complete.
Also, I don't know if this is the right forum, because the issue could be related to the router too. My computers are using Windows 7 64bit SP1. So what should I do? UPDATE: I can browse IPv6 sites fine from the router, |
|
|
|
« Last Edit: February 25, 2011, 08:14:29 am by AndrejaKo »
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #1 on: February 25, 2011, 08:08:20 am » |
|
Did you assign an IPv6 address to your local area connection? If not, assign one out of your routed /64 (check your tunnel page for it)
|
|
|
|
|
Logged
|
|
|
|
AndrejaKo
Newbie
Posts: 16
|
|
« Reply #2 on: February 25, 2011, 08:18:46 am » |
|
Yes, I did assign IP address to LAN interface of the router.
It's 2001:470:1f0b:de5::1/64.
|
|
|
|
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #3 on: February 25, 2011, 08:22:18 am » |
|
What are you using for a DNS server? If you entered HE's DNS server, this is the behavior I would expect.
|
|
|
|
|
Logged
|
|
|
|
|
kriteknetworks
|
|
« Reply #4 on: February 25, 2011, 08:24:27 am » |
|
Yes, I did assign IP address to LAN interface of the router.
It's 2001:470:1f0b:de5::1/64.
The same adress you're using for your tunnel endpoint? 1 <1 ms 1 ms 1 ms 2001:470:1f0b:de5::1 |
|
|
|
|
Logged
|
|
|
|
AndrejaKo
Newbie
Posts: 16
|
|
« Reply #5 on: February 25, 2011, 08:42:22 am » |
|
@cholzhauer I'm using my ISP's DNS servers and Google's 8.8.8.8 I never had problems resolving AAAA with them and they worked fine with SixXs. Shouls I be using different DNS servers? @kriteknetworks Well, under my tunnel settings it says: Client IPv6 address: 2001:470:1f0a:de5::2/64 Shouldn't that be the endpoint of my tunnel at my side? Anyway, I'll try with a different address just in case that's the problem. It didn't help. |
|
|
|
« Last Edit: February 25, 2011, 08:46:33 am by AndrejaKo »
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #6 on: February 25, 2011, 08:49:25 am » |
|
That's fine...I was just wondering if you were using HE's DNS for everything.
The 2001:470:1f0a:de5::2/64 should only appear on your tunnel adapter...you have a routed /64 network listed on your tunnel detail page that is one character different.
From your trace route though, it looks like that's correct. Your first hop is 2001:470:1f0b:de5::1 and your second hop is 2001:470:1f0a:de5::1. I assume the first hop is the "inside interface" of your router and the 2001:470:1f0a:de5::1 is the IP address of the HE side of your tunnel.
It's strange that everything is working from your tunnel server and not anything behind it. You mentioned that you're doing RA...what happens if you set up the addresses by hand?
|
|
|
|
|
Logged
|
|
|
|
AndrejaKo
Newbie
Posts: 16
|
|
« Reply #7 on: February 25, 2011, 09:04:50 am » |
|
Manual settings didn't help either. I can still access only Google form the computers. On router using elinks, everything seems to be fine and sixxs is reporting that I'm using IPv6. As for IP addresses, as far as I can see, it's the way you described. Here's my ifconfig output: 6in4-hene Link encap:IPv6-in-IPv4
inet6 addr: 2001:470:1f0a:de5::2/64 Scope:Global
inet6 addr: fe80::4d69:288c/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:89 errors:0 dropped:0 overruns:0 frame:0
TX packets:131 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26960 (26.3 KiB) TX bytes:26383 (25.7 KiB)
br-lan Link encap:Ethernet HWaddr 74:EA:3A:E4:DF:48
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:470:1f0b:de5::1/64 Scope:Global
inet6 addr: fe80::5085:feff:fe5a:489c/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:38625 errors:0 dropped:0 overruns:0 frame:0
TX packets:68321 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2938427 (2.8 MiB) TX bytes:85277918 (81.3 MiB)
eth0 Link encap:Ethernet HWaddr 74:EA:3A:E4:DF:48
inet6 addr: fe80::76ea:3aff:fee4:df48/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:70989 errors:0 dropped:0 overruns:0 frame:0
TX packets:40926 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:86623353 (82.6 MiB) TX bytes:5126791 (4.8 MiB)
Interrupt:4
eth0.1 Link encap:Ethernet HWaddr 74:EA:3A:E4:DF:48
inet6 addr: fe80::76ea:3aff:fee4:df48/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2618 errors:0 dropped:0 overruns:0 frame:0
TX packets:3649 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1008364 (984.7 KiB) TX bytes:1825232 (1.7 MiB)
eth0.2 Link encap:Ethernet HWaddr 74:EA:3A:E4:DF:48
inet addr:77.105.40.140 Bcast:77.105.40.255 Mask:255.255.255.0
inet6 addr: fe80::76ea:3aff:fee4:df48/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:68228 errors:0 dropped:0 overruns:0 frame:0
TX packets:37266 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:84585557 (80.6 MiB) TX bytes:3299682 (3.1 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:577 (577.0 B) TX bytes:577 (577.0 B)
mon.wlan0 Link encap:UNSPEC HWaddr 74-EA-3A-E4-DF-48-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:470 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:84371 (82.3 KiB) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 74:EA:3A:E4:DF:48
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:42694 errors:0 dropped:0 overruns:0 frame:0
TX packets:73691 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:5609868 (5.3 MiB) TX bytes:88684085 (84.5 MiB)
|
|
|
|
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #8 on: February 25, 2011, 09:07:03 am » |
|
Strange. OK, so your tunnel is up, I can verify by pinging your side of the tunnel.
Let's see a copy of the routing tables and ipconfig/ifconfig from one of your hosts that isn't working
Are you running any firewall on your router that might be interfering?
|
|
|
|
|
Logged
|
|
|
|
AndrejaKo
Newbie
Posts: 16
|
|
« Reply #9 on: February 25, 2011, 09:27:18 am » |
|
Please correct me if I'm wrong, since I'm not too sure I get the show routing and firewall tables. root@OpenWrt:/# ip route show
77.105.40.0/24 dev eth0.2 proto kernel scope link src 77.105.40.140
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
default via 77.105.40.141 dev eth0.2
I'm not too good with iptables, so I can't interpret the output. I added henet to wan zone as per instructions shown here: =hurricane&s[]=electric#dynamic.ipv6-in-ipv4.tunnel.he.net.only]http://wiki.openwrt.org/doc/uci/network?s[]=hurricane&s[]=electric#dynamic.ipv6-in-ipv4.tunnel.he.net.onlyroot@OpenWrt:/# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
syn_flood tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02
input_rule all -- 0.0.0.0/0 0.0.0.0/0
input all -- 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP)
target prot opt source destination
zone_wan_MSSFIX all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
forwarding_rule all -- 0.0.0.0/0 0.0.0.0/0
forward all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
output_rule all -- 0.0.0.0/0 0.0.0.0/0
output all -- 0.0.0.0/0 0.0.0.0/0
Chain forward (1 references)
target prot opt source destination
zone_lan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_forward all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_lan (1 references)
target prot opt source destination
Chain forwarding_rule (1 references)
target prot opt source destination
nat_reflection_fwd all -- 0.0.0.0/0 0.0.0.0/0
Chain forwarding_wan (1 references)
target prot opt source destination
Chain input (1 references)
target prot opt source destination
zone_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan all -- 0.0.0.0/0 0.0.0.0/0
Chain input_lan (1 references)
target prot opt source destination
Chain input_rule (1 references)
target prot opt source destination
Chain input_wan (1 references)
target prot opt source destination
Chain nat_reflection_fwd (1 references)
target prot opt source destination
ACCEPT tcp -- 192.168.1.0/24 192.168.1.2 tcp dpt:80
Chain output (1 references)
target prot opt source destination
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain output_rule (1 references)
target prot opt source destination
Chain reject (7 references)
target prot opt source destination
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain syn_flood (1 references)
target prot opt source destination
RETURN tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x02 limit: avg 25/sec burst 50
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan (1 references)
target prot opt source destination
input_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_MSSFIX (0 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain zone_lan_REJECT (1 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_lan_forward (1 references)
target prot opt source destination
zone_wan_ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
forwarding_lan all -- 0.0.0.0/0 0.0.0.0/0
zone_lan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan (2 references)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8
ACCEPT 41 -- 0.0.0.0/0 0.0.0.0/0
input_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_ACCEPT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_DROP (0 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
DROP all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_MSSFIX (1 references)
target prot opt source destination
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
TCPMSS tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
Chain zone_wan_REJECT (2 references)
target prot opt source destination
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
reject all -- 0.0.0.0/0 0.0.0.0/0
Chain zone_wan_forward (2 references)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 192.168.1.2
forwarding_wan all -- 0.0.0.0/0 0.0.0.0/0
zone_wan_REJECT all -- 0.0.0.0/0 0.0.0.0/0
Here's the ipconfig on a computer when radvd is enabled:
Windows IP Configuration
Ethernet adapter tun0:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Lokalna veza:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:470:1f0b:de5:21b:38ff:fedd:7e0f
Temporary IPv6 Address. . . . . . : 2001:470:1f0b:de5:78a1:3119:a794:5c1b
Link-local IPv6 Address . . . . . : fe80::21b:38ff:fedd:7e0f%12
IPv4 Address. . . . . . . . . . . : 192.168.1.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::5085:feff:fe5a:489c%12
192.168.1.1
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : lan
Link-local IPv6 Address . . . . . : fe80::21d:e0ff:feab:1d95%11
IPv4 Address. . . . . . . . . . . : 192.168.1.143
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
WLAN adapter isn't getting its IPv6 address automagically, but that's a problem which I had before and it only seems to be affecting this one particular computer on the network. |
|
|
|
« Last Edit: February 25, 2011, 09:30:06 am by AndrejaKo »
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #10 on: February 25, 2011, 09:31:38 am » |
|
I can't do IPTables either...why not just shut it off and see what happens?
You should be able to do a "netstat -nr" to get your routing tables
|
|
|
|
|
Logged
|
|
|
|
AndrejaKo
Newbie
Posts: 16
|
|
« Reply #11 on: February 25, 2011, 09:36:13 am » |
|
Here's netstat -nr root@OpenWrt:/# netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
77.105.40.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0.2
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
0.0.0.0 77.105.40.141 0.0.0.0 UG 0 0 0 eth0.2
|
|
|
|
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #12 on: February 25, 2011, 09:36:54 am » |
|
Well the interesting thing is there isn't any mention of IPv6 routes there.
What OS?
|
|
|
|
|
Logged
|
|
|
|
AndrejaKo
Newbie
Posts: 16
|
|
« Reply #13 on: February 25, 2011, 09:42:44 am » |
|
Os on the router is OpenWRT Linux distribution. Here's uname -a Linux OpenWrt 2.6.32.25 #1 Fri Nov 19 20:27:50 PST 2010 mips GNU/Linux
There's some information on IPv6 routing on its wiki here: http://wiki.openwrt.org/doc/howto/ipv6?s[#enable.routingAccording to that, my routing is correctly set up. When I run cat /proc/sys/net/ipv6/conf/all/forwarding, I get 1. |
|
|
|
« Last Edit: February 25, 2011, 10:14:24 am by AndrejaKo »
|
Logged
|
|
|
|
|
cholzhauer
|
|
« Reply #14 on: February 25, 2011, 09:47:58 am » |
|
Did you add any routes to it manually?
# Add default routes
ip route add default via ${HETUNNELIP} dev ${INTERFACE} metric 1
ip route add 2000::/3 via ${HETUNNELIP} dev ${INTERFACE} metric 1
(That's in DDWRT, but I assume it'll work for openwrt)
I'm not aware of a separate command to list the IPv6 routing table...someone please correct me if i'm wrong
|
|
|
|
|
Logged
|
|
|
|
|
