Hi guys
I'm trying to get my first IPv6 tunnel set up and I'm pretty much stuck at square one. I'm trying to build an OpenBSD 5.1 based router running on a soekris 4801. After completing all of the set up steps, when I try to ping any IPv6 address (including the server's ipv6 endpoint address) I get 0 packets received.
My topology:
[ Internet ] ---- [ (71.212.119.174) Qwest DLS modem+router (192.168.0.1) ] ---- [ (192.168.0.2) OpenBSD ]
The Qwest rounter is pretty much an abomination, but it at least has a DMZ mode, so I enabled that for my OpenBSD box. I've also disabled PF just to make sure that's not causing any issues.
Before doing any tunnel configuration:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:38
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:24ff:fec7:3738%sis0 prefixlen 64 scopeid 0x1
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
sis1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:39
priority: 0
media: Ethernet autoselect (none)
status: no carrier
sis2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:3a
priority: 0
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
The example configuration for my tunnel:
ifconfig gif0 tunnel 71.212.119.174 72.52.104.74
ifconfig gif0 inet6 alias 2001:470:1f04:3dd::2 2001:470:1f04:3dd::1 prefixlen 128
route -n add -inet6 default 2001:470:1f04:3dd::1
and after adding the tunnel:
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff000000
sis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:38
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:24ff:fec7:3738%sis0 prefixlen 64 scopeid 0x1
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
sis1: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:39
priority: 0
media: Ethernet autoselect (none)
status: no carrier
sis2: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:24:c7:37:3a
priority: 0
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<>
priority: 0
groups: enc
status: active
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33196
priority: 0
groups: pflog
gif0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1280
priority: 0
groups: gif egress
physical address inet 71.212.119.174 --> 72.52.104.74
inet6 fe80::200:24ff:fec7:3738%gif0 -> prefixlen 64 scopeid 0x7
inet6 2001:470:1f04:3dd::2 -> 2001:470:1f04:3dd::1 prefixlen 128
and when I try to ping anything (in this case, tunnel endpoint):
# ping6 2001:470:1f04:3dd::1
PING6(56=40+8+8 bytes) 2001:470:1f04:3dd::2 --> 2001:470:1f04:3dd::1
^C
--- 2001:470:1f04:3dd::1 ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet loss
I've tried substituting my external ip address for 192.168.0.2 in the tunnel setup commands, with no effect.
I'm not positive, but I think my ICMP packets aren't even leaving the device. I've replicated the above setup in virtualbox on my laptop, and when I watch the traffic through wireshark I'm never seeing any ping requests when I ping ipv6 address (ipv4 ping requests show up fine). Am I missing some crucial step here?
some extra info:
# route -n show
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 192.168.0.1 UGS 3 311 - 8 sis0
127/8 127.0.0.1 UGRS 0 0 33196 8 lo0
127.0.0.1 127.0.0.1 UH 2 0 33196 4 lo0
192.168.0/24 link#1 UC 2 0 - 4 sis0
192.168.0.1 50:67:f0:ef:88:34 UHLc 1 38 - 4 sis0
192.168.0.2 127.0.0.1 UGHS 0 0 33196 8 lo0
192.168.0.11 00:15:c5:86:cc:a2 UHLc 1 746 - 4 sis0
224/4 127.0.0.1 URS 0 0 33196 8 lo0
Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
::/104 ::1 UGRS 0 0 - 8 lo0
::/96 ::1 UGRS 0 0 - 8 lo0
default 2001:470:1f04:3dd::1 UGS 0 0 - 8 gif0
::1 ::1 UH 14 0 33196 4 lo0
::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0
::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0
::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0
::ffff:0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0
2001:470:1f04:3dd::1 2001:470:1f04:3dd::2 UH 1 22 - 4 gif0
2001:470:1f04:3dd::2 link#7 UHL 0 0 - 4 lo0
2001:470:1f05:3dd::/64 link#2 C 0 0 - 4 sis1
2001:470:1f05:3dd::10 00:00:24:c7:37:39 HL 0 0 - 4 lo0
2002::/24 ::1 UGRS 0 0 - 8 lo0
2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0
2002:e000::/20 ::1 UGRS 0 0 - 8 lo0
2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0
fe80::/10 ::1 UGRS 0 0 - 8 lo0
fe80::%sis0/64 link#1 UC 0 0 - 4 sis0
fe80::200:24ff:fec7:3738%sis0 00:00:24:c7:37:38 UHL 0 0 - 4 lo0
fe80::%sis1/64 link#2 C 0 0 - 4 sis1
fe80::200:24ff:fec7:3739%sis1 00:00:24:c7:37:39 HL 0 0 - 4 lo0
fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0
fe80::1%lo0 link#5 UHL 0 0 - 4 lo0
fe80::%gif0/64 link#7 UC 0 0 - 4 gif0
fe80::200:24ff:fec7:3738%gif0 link#7 UHL 0 0 - 4 lo0
fec0::/10 ::1 UGRS 0 0 - 8 lo0
ff01::/16 ::1 UGRS 0 0 - 8 lo0
ff01::%sis0/32 link#1 UC 0 0 - 4 sis0
ff01::%sis1/32 link#2 C 0 0 - 4 sis1
ff01::%lo0/32 fe80::1%lo0 UC 0 0 - 4 lo0
ff01::%gif0/32 link#7 UC 0 0 - 4 gif0
ff02::/16 ::1 UGRS 0 0 - 8 lo0
ff02::%sis0/32 link#1 UC 0 0 - 4 sis0
ff02::%sis1/32 link#2 C 0 0 - 4 sis1
ff02::%lo0/32 fe80::1%lo0 UC 0 0 - 4 lo0
ff02::%gif0/32 link#7 UC 0 0 - 4 gif0
# cat /etc/sysctl.conf
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets
net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets
net.inet6.ip6.accept_rtadv=0 # 1=Permit IPv6 autoconf (forwarding must be 0)
any thoughts? I'm up for trying anything at this point...
