Date: Mon, 26 Sep 2011 14:49:15 +0100 From: Matt Smith <matt@xtaz.co.uk> To: Gary Palmer <gpalmer@freebsd.org> Cc: freebsd-net@freebsd.org Subject: Re: gif interface not passing IPv6 packets Message-ID: <CAD0n1vFB6h9h%2BBe9DOCwxi9aECBvkTvf8g7C_tsQxXXFv90XKw@mail.gmail.com> In-Reply-To: <20110926132923.GB57708@in-addr.com> References: <CAD0n1vG0fvHMkBxxLRq0Y%2Bx9rDt5AXb4WZhq-oxuqpti4mQC7w@mail.gmail.com> <20110926132923.GB57708@in-addr.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 26 September 2011 14:29, Gary Palmer <gpalmer@freebsd.org> wrote: > On Mon, Sep 26, 2011 at 10:27:53AM +0100, Matt Smith wrote: > Do you have access to any other IPv6 hosts on a separate link? =A0If so, > I would suggest trying a ping or traceroute back to your IP or > IPs across the tunnel and see if the packets are getting back to you. > It may be a problem at the other end somewhere. =A0Check with tcpdump > of both the IPv4 and IPv6 layers to see if the packets are getting > to the kernel but not to the gif interface. =A0Also see if your router > is passing packets. =A0If you had a power cut the router may have had > some issues and may not be passing the protocol 41 packets. > > Also, check the sixxs.net docs to make sure you're allowing through > necessary packets. =A0I use tunnelbroker.net and they require (or say > they do) some packets to get through for the tunnel to stay up, e.g. > an IPv4 ping. > The router is configured to just send all incoming traffic to 192.168.1.2, DMZ mode. This includes all protocols. I then use ipfw on the server to firewall it, though even flushing all rules and completely opening the firewall it still doesn't work. I think you're missing the main issue I have here, which is that the local side doesn't work. If the local side doesn't work then the remote side is irrelevant right now. Point is try this on any FreeBSD box and it will work (I did this earlier today on a friends FreeBSD server to verify): ifconfig gif0 create ifconfig gif0 tunnel <local_lan_ip> 1.2.3.4 ifconfig gif0 inet6 2abc::2 2abc::1 prefixlen 128 ping6 2abc::2 ifconfig gif0 destroy With that config you should be able to talk locally to 2abc::2 because that's just a local IP on your box. The rest of the config or the state of the internet connection/NAT etc doesn't matter because you're talking to a non existent IP anyway. On my box this doesn't work since the power cut but worked perfectly well before. tcpdump of gif0 shows ping requests but no ping responses. It's as if all IPv6 traffic into gif0 is blackholed. However if I configure an IPv4 address on it with ifconfig gif0 10.1.1.2 10.1.1.1 then I can happily ping 10.1.1.2. So this just affects IPv6. It's a bizarre issue. I'm using exactly the same configuration that worked before the power cut. It's the kind of thing I might expect on a Windows box for something to randomly stop working but FreeBSD should just work! This is why I did a full buildworld/kernel thinking maybe a shared lib or something had become corrupt but to no avail. If there's no suggestions of something else which may have got screwed up I may have to resort to reinstalling the box with a fresh 9.0 install rather than a csup upgrade which would be a first!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAD0n1vFB6h9h%2BBe9DOCwxi9aECBvkTvf8g7C_tsQxXXFv90XKw>