Quantcast

IPv6 tunnel problem

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

IPv6 tunnel problem

Mattia Rossi
Hi all,

I'm having some trouble with my IPv6 tunnel lately (net/gateway6 port).

I'm running revision 220613.

The tunnel runs fine on 8.2, I can ping6 ipv6.google.com from all
interfaces using all IPv6 addresses. Route Advertisements are sent,
Linux Machines, Mac OS X machiens and FreeBSD 8.2/8.1 machines are all
receiveing the advertisements and are able to ping and use the IPv6 network.

On the machines running CURRENT anyhow, route advertisements don't work.
They arrive at the interface, but nothing happens.
If i set up an IPv6 address and route by hand, I don't get anywhere, as
it's permanently marked as "tentative", and trying to use that address
as source address in ping6 results in:

ping6: bind: Can't assign requested address

This brings me to my main problem: the tunnel. If I set up a tunnel on a
CURRENT machine, the tunnel gets set up (because it's IPv4) but the IPv6
part does not work. I'm not able to send pings (which means KEEPALIVES
are not sent either), so it just doesn't work.

I'm using IPv6 in UDP over IPv4 tunneling, as that's what I use on the
8.2 machine as well.

The error when trying to ping on the CURRENT machine where the tunnel
runs( for the short period the tunnel is up) is:

ping6: sendmsg: Network is down

Route advertisements are not sent either, as again, the IPv6 address
assigned to the interface by the tunnel is marked as tentative, so
rtadvd refuses to work.

Something is badly broken with IPv6 and/or NDP.

More info about the systems:

Interfaces in use on the machines running CURRENT:

bge0 and em0

Interfaces on the working 8.2 machine:

fxp0 and em0

sysctls on the broken machines when in router mode:

net.inet6.ip6.forwarding: 1
net.inet6.ip6.redirect: 1
net.inet6.ip6.hlim: 64
net.inet6.ip6.maxfragpackets: 6400
net.inet6.ip6.accept_rtadv: 0
net.inet6.ip6.keepfaith: 0
net.inet6.ip6.log_interval: 5
net.inet6.ip6.hdrnestlimit: 15
net.inet6.ip6.dad_count: 1
net.inet6.ip6.auto_flowlabel: 1
net.inet6.ip6.defmcasthlim: 1
net.inet6.ip6.gifhlim: 30
net.inet6.ip6.kame_version: FreeBSD
net.inet6.ip6.use_deprecated: 1
net.inet6.ip6.rr_prune: 5
net.inet6.ip6.v6only: 1
net.inet6.ip6.rtexpire: 3600
net.inet6.ip6.rtminexpire: 10
net.inet6.ip6.rtmaxcache: 128
net.inet6.ip6.use_tempaddr: 0
net.inet6.ip6.temppltime: 86400
net.inet6.ip6.tempvltime: 604800
net.inet6.ip6.auto_linklocal: 1
net.inet6.ip6.prefer_tempaddr: 0
net.inet6.ip6.use_defaultzone: 0
net.inet6.ip6.maxfrags: 6400
net.inet6.ip6.mcast_pmtu: 0
net.inet6.ip6.mcast.loop: 1
net.inet6.ip6.mcast.maxsocksrc: 128
net.inet6.ip6.mcast.maxgrpsrc: 512
security.jail.param.ip6.saddrsel: 0
security.jail.param.ip6.: 0

on the working machine router mode:

net.inet6.ip6.forwarding: 1
net.inet6.ip6.redirect: 1
net.inet6.ip6.hlim: 64
net.inet6.ip6.maxfragpackets: 6400
net.inet6.ip6.accept_rtadv: 0
net.inet6.ip6.keepfaith: 0
net.inet6.ip6.log_interval: 5
net.inet6.ip6.hdrnestlimit: 15
net.inet6.ip6.dad_count: 1
net.inet6.ip6.auto_flowlabel: 1
net.inet6.ip6.defmcasthlim: 1
net.inet6.ip6.gifhlim: 30
net.inet6.ip6.kame_version: FreeBSD
net.inet6.ip6.use_deprecated: 1
net.inet6.ip6.rr_prune: 5
net.inet6.ip6.v6only: 1
net.inet6.ip6.rtexpire: 3600
net.inet6.ip6.rtminexpire: 10
net.inet6.ip6.rtmaxcache: 128
net.inet6.ip6.use_tempaddr: 0
net.inet6.ip6.temppltime: 86400
net.inet6.ip6.tempvltime: 604800
net.inet6.ip6.auto_linklocal: 1
net.inet6.ip6.prefer_tempaddr: 0
net.inet6.ip6.use_defaultzone: 0
net.inet6.ip6.maxfrags: 6400
net.inet6.ip6.mcast_pmtu: 0
net.inet6.ip6.mcast.loop: 1
net.inet6.ip6.mcast.maxsocksrc: 128
net.inet6.ip6.mcast.maxgrpsrc: 512

If they're not routers:

net.inet6.ip6.forwarding: 0
net.inet6.ip6.redirect: 0
net.inet6.ip6.accept_rtadv: 1

And on the interfaces

ifconfig em0 inet6 accept_rtadv

And finally I have a question:

Why is there a net.inet6.ip6.accept_rtadv sysctl?
If we have to enable/disable route advertisements per interface, this
sysctl shouldn't be there at all.
Immagine a system (like mine) where you have multiple interfaces, and
which acts as IPv6 router amongst other stuff.

Shouldn't you be able to deactivate route advertisements on one
interface, which is where route advertisements are sent from, but enable
it on the other ones, so you don't need to statically configure them? If
there's a sysctl, you'll disable and enable route advertisements for the
whole machine, so the per interface stuff is useless, or am I wrong?

Mat
_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IPv6 tunnel problem

Marcin Cieslak-3
>> Mattia Rossi <[hidden email]> wrote:
> fxp0 and em0

Can you show us what does "ifconfig" say on
your interfaces? There are few parameters
for the ICMPv6 Neighbor Discovery Protocol
that might be needed:
 "ifconfig em0 inet6 accept_rtadv"

Those are nicely documented in ifconfig(8).

This is usually handled by the /etc/rc.d/*
stuff IF you have a current version of
/etc/rc.conf settings. (They changed a bit
in the meantime).

//Marcin


_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IPv6 tunnel problem

Mattia Rossi
I have accept_rtadv enabled if it's not a router. See my post.

ifconfig with tunnel up is:

ifconfig
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 
options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
         ether 00:0d:9d:51:d4:7e
         inet 136.186.229.112 netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
         inet6 fe80::xxxx:xxxx:xxxx:xxxx%bge0 prefixlen 64 scopeid 0x5
         inet6 xxxx:xxxx:xxxx:xxxx::xxxx prefixlen 64 duplicated
         nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
         media: Ethernet autoselect (1000baseT <full-duplex>)
         status: active
fxp0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
 
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
         ether 00:02:b3:eb:28:b0
         media: Ethernet autoselect (none)
         status: no carrier
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         options=3<RXCSUM,TXCSUM>
         inet 127.0.0.1 netmask 0xff000000
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
         options=80000<LINKSTATE>
         inet6 fe80::xxxx:xxxx:xxxx:xxxx%tun0 prefixlen 64 scopeid 0x9
         inet6 xxxx:xxxx:xxxx::xxxx --> xxxx:xxxx:xxxx::xxxx prefixlen 128
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
         Opened by PID 17726


I canceled the address in case you wonder.

Mat
On 15/04/2011 17:54, Marcin Cieslak wrote:

>>> Mattia Rossi<[hidden email]>  wrote:
>> fxp0 and em0
>
> Can you show us what does "ifconfig" say on
> your interfaces? There are few parameters
> for the ICMPv6 Neighbor Discovery Protocol
> that might be needed:
>   "ifconfig em0 inet6 accept_rtadv"
>
> Those are nicely documented in ifconfig(8).
>
> This is usually handled by the /etc/rc.d/*
> stuff IF you have a current version of
> /etc/rc.conf settings. (They changed a bit
> in the meantime).
>
> //Marcin
>
>
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IPv6 tunnel problem

Marcin Cieslak-3
>> Mattia Rossi <[hidden email]> wrote:
> I have accept_rtadv enabled if it's not a router. See my post.

I think I have a similar setup (only using sixxs-aiccu). Since
my machine is a gateway to the outside IPv6 world (via www.sixxs.net)
I am not accepting router adverisements there, but I'm running
rtadvd and sending them to other hosts on the LAN:

        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

> ifconfig with tunnel up is:
>
> ifconfig
> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>  
> options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
>          ether 00:0d:9d:51:d4:7e
>          inet 136.186.229.112 netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
>          inet6 fe80::xxxx:xxxx:xxxx:xxxx%bge0 prefixlen 64 scopeid 0x5
>          inet6 xxxx:xxxx:xxxx:xxxx::xxxx prefixlen 64 duplicated
                                                        **********
                                                     what's up here?
>          nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
>          media: Ethernet autoselect (1000baseT <full-duplex>)
>          status: active

Why is this address "duplicated"? If this machine *is* the gateway
to the outside IPv6 world, should *not* it be accepting rtadv
and have a global IPv6 address configured statically


> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1280
>          options=80000<LINKSTATE>
>          inet6 fe80::xxxx:xxxx:xxxx:xxxx%tun0 prefixlen 64 scopeid 0x9
>          inet6 xxxx:xxxx:xxxx::xxxx --> xxxx:xxxx:xxxx::xxxx prefixlen 128
>          nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
                                     **********
                                     Does "ifconfig tun0 inet6 -ifdisabled" help?

I don't know why gateway6 (I don't use this software) leaves it as "IFDISABLED"

This is /etc/rc.conf from my tunnel gateway machine (two tunnels, tun0 and
tun1) - it runs a few-month-old -CURRENT:

ipv6_gateway_enable="YES"
rtadvd_enable="YES"
# Internal WLAN
rtadvd_interfaces="wlan0"
ifconfig_wlan0_ipv6="inet6 aaaaa:bbbb:cccc::1/64"
# Tunnel via tun0 is configured automatically by aiccu
# and has NO /etc/rc.conf entry at all
# Tunnel via tun1 is configured statically (it serves only some networks)
ifconfig_tun1_ipv6="inet6 aaaaa:bbbb:cccc:8000::1"  

//Marcin

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: IPv6 tunnel problem

Mattia Rossi-3
On 15/04/11 23:58, Marcin Cieslak wrote:

>>> Mattia Rossi<[hidden email]>  wrote:
>> I have accept_rtadv enabled if it's not a router. See my post.
>
> I think I have a similar setup (only using sixxs-aiccu). Since
> my machine is a gateway to the outside IPv6 world (via www.sixxs.net)
> I am not accepting router adverisements there, but I'm running
> rtadvd and sending them to other hosts on the LAN:
>
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>

Having ACCEPT_RTADV doesn't change anything. I can disable it by hand,
so my options are 21<PERFORMNUD,AUTO_LINKLOCAL> as well and it doesn't work.

>> ifconfig with tunnel up is:
>>
>> ifconfig
>> bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>  metric 0 mtu 1500
>>
>> options=8009b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,LINKSTATE>
>>           ether 00:0d:9d:51:d4:7e
>>           inet 136.186.229.112 netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
>>           inet6 fe80::xxxx:xxxx:xxxx:xxxx%bge0 prefixlen 64 scopeid 0x5
>>           inet6 xxxx:xxxx:xxxx:xxxx::xxxx prefixlen 64 duplicated
>                                                          **********
>                                                       what's up here?
>>           nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect (1000baseT<full-duplex>)
>>           status: active
>
> Why is this address "duplicated"? If this machine *is* the gateway
> to the outside IPv6 world, should *not* it be accepting rtadv
> and have a global IPv6 address configured statically
>
There's no duplicate, maybe obfuscating the IPv6 address was not so
smart.. There's a link local address (scopeid 0x5) starting with fe80
installed by auto_linklocal, and the proper address set by the tunnel

>
>> tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST>  metric 0 mtu 1280
>>           options=80000<LINKSTATE>
>>           inet6 fe80::xxxx:xxxx:xxxx:xxxx%tun0 prefixlen 64 scopeid 0x9
>>           inet6 xxxx:xxxx:xxxx::xxxx -->  xxxx:xxxx:xxxx::xxxx prefixlen 128
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>                                       **********
>                                       Does "ifconfig tun0 inet6 -ifdisabled" help?
>
> I don't know why gateway6 (I don't use this software) leaves it as "IFDISABLED"
>
Haven't realized there was an ifdisabled set. But it doesn't change
anything unsetting it. Still no IPv6

> This is /etc/rc.conf from my tunnel gateway machine (two tunnels, tun0 and
> tun1) - it runs a few-month-old -CURRENT:
>
> ipv6_gateway_enable="YES"
> rtadvd_enable="YES"
> # Internal WLAN
> rtadvd_interfaces="wlan0"
> ifconfig_wlan0_ipv6="inet6 aaaaa:bbbb:cccc::1/64"
> # Tunnel via tun0 is configured automatically by aiccu
> # and has NO /etc/rc.conf entry at all
> # Tunnel via tun1 is configured statically (it serves only some networks)
> ifconfig_tun1_ipv6="inet6 aaaaa:bbbb:cccc:8000::1"
>
> //Marcin
>
> _______________________________________________
> [hidden email] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "[hidden email]"

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "[hidden email]"
Loading...