From owner-freebsd-net@FreeBSD.ORG Mon Sep 26 13:29:25 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2B08F1065674 for ; Mon, 26 Sep 2011 13:29:25 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id F20FC8FC08 for ; Mon, 26 Sep 2011 13:29:24 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.76 (FreeBSD)) (envelope-from ) id 1R8BFL-000Dsp-Qq; Mon, 26 Sep 2011 09:29:23 -0400 Date: Mon, 26 Sep 2011 09:29:23 -0400 From: Gary Palmer To: Matt Smith Message-ID: <20110926132923.GB57708@in-addr.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: freebsd-net@freebsd.org Subject: Re: gif interface not passing IPv6 packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 13:29:25 -0000 On Mon, Sep 26, 2011 at 10:27:53AM +0100, Matt Smith wrote: > I have a very strange problem with a gif interface that has been > confusing me all weekend. For the last six months I have had a gif > tunnel setup to an ipv6 tunnel broker which has worked without any > issues. On Friday I had a power cut. The power returned, the server > restarted, and the tunnel has been down since. I have checked and > rechecked the configuration and it all looks identical to what I would > expect. I've even gone as far as running a buildworld/kernel in case > the power outage corrupted something. > > The problem is that the gif interface doesn't appear to be processing > any IPv6 packets at all, though it works fine with IPv4. I can't ping > my side of the tunnel. For example: > > root@tao[~]# ifconfig gif0 > gif0: flags=8051 metric 0 mtu 1280 > tunnel inet 192.168.1.2 --> 77.75.104.126 > inet6 fe80::240:63ff:fee8:793e%gif0 prefixlen 64 scopeid 0x5 > inet6 2a01:348:6:45c::2 --> 2a01:348:6:45c::1 prefixlen 128 deprecated > nd6 options=3 > options=1 > > root@tao[~]# ping6 2a01:348:6:45c::2 > PING6(56=40+8+8 bytes) 2a01:348:6:45c::2 --> 2a01:348:6:45c::2 > > root@tao[~]# tcpdump -i gif0 > listening on gif0, link-type NULL (BSD loopback), capture size 96 bytes > 10:15:12.545930 IP6 cl-1117.lon-02.gb.sixxs.net > > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 0, length 16 > 10:15:13.546316 IP6 cl-1117.lon-02.gb.sixxs.net > > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 1, length 16 > 10:15:14.546220 IP6 cl-1117.lon-02.gb.sixxs.net > > cl-1117.lon-02.gb.sixxs.net: ICMP6, echo request, seq 2, length 16 > > I've deleted other lines from the tcpdump like neighbour solicitation > and only shown the pings. But there is no ping response, only the > request. Do you have access to any other IPv6 hosts on a separate link? If so, I would suggest trying a ping or traceroute back to your IP or IPs across the tunnel and see if the packets are getting back to you. It may be a problem at the other end somewhere. Check with tcpdump of both the IPv4 and IPv6 layers to see if the packets are getting to the kernel but not to the gif interface. Also see if your router is passing packets. If you had a power cut the router may have had some issues and may not be passing the protocol 41 packets. Also, check the sixxs.net docs to make sure you're allowing through necessary packets. I use tunnelbroker.net and they require (or say they do) some packets to get through for the tunnel to stay up, e.g. an IPv4 ping. Gary