|
Removing route on dev lo
![[dk]](/s/countries/dk.gif) Shadow Hawkins on Tuesday, 23 October 2012 01:17:32
Hi,
I am stuck setting up a 6in4 on my home router in what seems to be an obvious and stupid problem. I am able to ping the local end of my tunnel but not the remote end. I am trying to configure my router running HyperWRT (Tomato) but I seem to be stuck on the most simple FAQ entry! I will be happy to add a configuration how-to to the wiki when I have this resolved. I was not able to create a new wiki page so I have documented it at my blog: http://enkel-it.dk/blog/?p=135
The FAQ for "Tunnel endpoint didn't ping" refers me to:
https://www.sixxs.net/forum/?msg=setup-37642
The Tomato is based on a 2.6 Linux kernel and I seem to have the remote endpoint as described in the previous link:
Destination Next Hop Flags Metric Ref Use Iface
2001:16d8:a43b:7c9::1/128 :: U 0 21 1 lo
(Note: I have obfuscated my IPs)
This is where I hit a brick wall. To my great annoyance I seem to be completely unable to remove this route. It is proably very very simple but I do not have enough experience with this to pin point it *argh*.
I entered:
# route -A inet6 del 2001:16d8:a43b:7c9::1 dev lo metric 0
# route -A inet6 del 2001:16d8:a43b:7c9::1/128 dev lo metric 0
which gives me the very confusing response:
route: SIOCDELRT: No such process
With a little help from Google it seem the parameter list was invalid so I tried all of the following:
# route del -A inet6 -net 2001:16d8:a43b:7c9::1 dev lo metric 0
# route del -A inet6 -net 2001:16d8:a43b:7c9::1/128 dev lo metric 0
# route del -A inet6 -host 2001:16d8:a43b:7c9::1 dev lo metric 0
Which gives the no less puzzling:
route: getaddrinfo: #host: -2
route: resolving #host
I tried adding -n to avoid resolving hostname but it gives the same result.
The I tried ip but still no love
# ip -6 route del 2001:16d8:a43b:7c9::1/128 dev lo metric 0
RTNETLINK answers: No such process
# ip -6 route del 2001:16d8:a43b:7c9::1/128 dev lo
RTNETLINK answers: No such process
So it seems the first route version is OK and whatever I do I end up with a missing process?!?!?
I feel very stupid and on bad terms with busy box. Can anyone set me straight?
Kind Regards,
Claus Andersen
The full routing table for reference:
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:16d8:a43b:7c9::/64 :: U 256 0 0 br0
2001:16d8:a43b:7c9::/64 :: U 256 0 0 v6in4
2001:4860:4860::8844/128 2001:4860:4860::8844 UC 0 3 0 v6in4
2001:4860:4860::8888/128 2001:4860:4860::8888 UC 0 1 0 v6in4
2a00:1450:400f:800::100e/128 2a00:1450:400f:800::100e UC 0 1 0 v6in4
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 vlan1
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 vlan2
fe80::/64 :: U 256 0 0 v6in4
::/0 :: U 1024 0 0 v6in4
::1/128 :: U 0 0 1 lo
2001:16d8:a43b:7c9::/128 :: U 0 0 2 lo
2001:16d8:a43b:7c9::/128 :: U 0 0 2 lo
2001:16d8:a43b:7c9::1/128 :: U 0 21 1 lo
2001:16d8:a43b:7c9::2/128 :: U 0 220 1 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::5ab9:9e77/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8607/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8607/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8607/128 :: U 0 45 1 lo
fe80::9afc:11ff:fe6d:8608/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8609/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:860a/128 :: U 0 0 1 lo
ff02::1/128 ff02::1 UC 0 2 0 br0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 br0
ff00::/8 :: U 256 0 0 vlan2
ff00::/8 :: U 256 0 0 v6in4
I have enabled response to ping in the firewall. I have however not concerned myself over connection tracking (yet)
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW
shlimit tcp -- anywhere anywhere tcp dpt:telnet state NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- dkcph01.sixxs.net anywhere
ACCEPT ipv6 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpts:33434:33534
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
Chain FORWARD (policy DROP)
target prot opt source destination
all -- anywhere anywhere account: network/netmask: 192.168.0.0/255.255.255.0 name: lan
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
wanin all -- anywhere anywhere
wanout all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain shlimit (2 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: shlimit side: source
DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
target prot opt source destination
Chain wanout (1 references)
target prot opt source destination
# ifconfig
br0
eth0
eth1
eth2
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:742 errors:0 dropped:0 overruns:0 frame:0
TX packets:742 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:588264 (574.4 KiB) TX bytes:588264 (574.4 KiB)
v6in4 Link encap:IPv6-in-IPv4
inet6 addr: 2001:16d8:a43b:7c9::2/64 Scope:Global
inet6 addr: fe80::5ab9:9e77/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:323 errors:0 dropped:0 overruns:0 frame:0
TX packets:576 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:92844 (90.6 KiB) TX bytes:66474 (64.9 KiB)
vlan1
vlan2
Removing route on dev lo
Shadow Hawkins on Tuesday, 23 October 2012 01:18:52
Hi,
(Repost: Missed close tag on last post!)
I am stuck setting up a 6in4 on my home router in what seems to be an obvious and stupid problem. I am able to ping the local end of my tunnel but not the remote end. I am trying to configure my router running HyperWRT (Tomato) but I seem to be stuck on the most simple FAQ entry! I will be happy to add a configuration how-to to the wiki when I have this resolved. I was not able to create a new wiki page so I have documented it at my blog: blog
The FAQ for "Tunnel endpoint didn't ping" refers me to:
FAQ
The Tomato is based on a 2.6 Linux kernel and I seem to have the remote endpoint as described in the previous link:
Destination Next Hop Flags Metric Ref Use Iface
2001:16d8:a43b:7c9::1/128 :: U 0 21 1 lo
(Note: I have obfuscated my IPs)
This is where I hit a brick wall. To my great annoyance I seem to be completely unable to remove this route. It is proably very very simple but I do not have enough experience with this to pin point it *argh*.
I entered:
# route -A inet6 del 2001:16d8:a43b:7c9::1 dev lo metric 0
# route -A inet6 del 2001:16d8:a43b:7c9::1/128 dev lo metric 0
which gives me the very confusing response:
route: SIOCDELRT: No such process
With a little help from Google it seem the parameter list was invalid so I tried all of the following:
# route del -A inet6 -net 2001:16d8:a43b:7c9::1 dev lo metric 0
# route del -A inet6 -net 2001:16d8:a43b:7c9::1/128 dev lo metric 0
# route del -A inet6 -host 2001:16d8:a43b:7c9::1 dev lo metric 0
Which gives the no less puzzling:
route: getaddrinfo: #host: -2
route: resolving #host
I tried adding -n to avoid resolving hostname but it gives the same result.
The I tried ip but still no love
# ip -6 route del 2001:16d8:a43b:7c9::1/128 dev lo metric 0
RTNETLINK answers: No such process
# ip -6 route del 2001:16d8:a43b:7c9::1/128 dev lo
RTNETLINK answers: No such process
So it seems the first route version is OK and whatever I do I end up with a missing process?!?!?
I feel very stupid and on bad terms with busy box. Can anyone set me straight?
Kind Regards,
Claus Andersen
The full routing table for reference:
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
2001:16d8:a43b:7c9::/64 :: U 256 0 0 br0
2001:16d8:a43b:7c9::/64 :: U 256 0 0 v6in4
2001:4860:4860::8844/128 2001:4860:4860::8844 UC 0 3 0 v6in4
2001:4860:4860::8888/128 2001:4860:4860::8888 UC 0 1 0 v6in4
2a00:1450:400f:800::100e/128 2a00:1450:400f:800::100e UC 0 1 0 v6in4
fe80::/64 :: U 256 0 0 eth0
fe80::/64 :: U 256 0 0 vlan1
fe80::/64 :: U 256 0 0 eth1
fe80::/64 :: U 256 0 0 eth2
fe80::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 vlan2
fe80::/64 :: U 256 0 0 v6in4
::/0 :: U 1024 0 0 v6in4
::1/128 :: U 0 0 1 lo
2001:16d8:a43b:7c9::/128 :: U 0 0 2 lo
2001:16d8:a43b:7c9::/128 :: U 0 0 2 lo
2001:16d8:a43b:7c9::1/128 :: U 0 21 1 lo
2001:16d8:a43b:7c9::2/128 :: U 0 220 1 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::/128 :: U 0 0 2 lo
fe80::5ab9:9e77/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8607/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8607/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8607/128 :: U 0 45 1 lo
fe80::9afc:11ff:fe6d:8608/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:8609/128 :: U 0 0 1 lo
fe80::9afc:11ff:fe6d:860a/128 :: U 0 0 1 lo
ff02::1/128 ff02::1 UC 0 2 0 br0
ff00::/8 :: U 256 0 0 eth0
ff00::/8 :: U 256 0 0 vlan1
ff00::/8 :: U 256 0 0 eth1
ff00::/8 :: U 256 0 0 eth2
ff00::/8 :: U 256 0 0 br0
ff00::/8 :: U 256 0 0 vlan2
ff00::/8 :: U 256 0 0 v6in4
I have enabled response to ping in the firewall. I have however not concerned myself over connection tracking (yet)
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
shlimit tcp -- anywhere anywhere tcp dpt:ssh state NEW
shlimit tcp -- anywhere anywhere tcp dpt:telnet state NEW
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- dkcph01.sixxs.net anywhere
ACCEPT ipv6 -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere
ACCEPT udp -- anywhere anywhere udp dpts:33434:33534
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
Chain FORWARD (policy DROP)
target prot opt source destination
all -- anywhere anywhere account: network/netmask: 192.168.0.0/255.255.255.0 name: lan
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
wanin all -- anywhere anywhere
wanout all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain shlimit (2 references)
target prot opt source destination
all -- anywhere anywhere recent: SET name: shlimit side: source
DROP all -- anywhere anywhere recent: UPDATE seconds: 60 hit_count: 4 name: shlimit side: source
Chain wanin (1 references)
target prot opt source destination
Chain wanout (1 references)
target prot opt source destination
# ifconfig
br0
eth0
eth1
eth2
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MULTICAST MTU:16436 Metric:1
RX packets:742 errors:0 dropped:0 overruns:0 frame:0
TX packets:742 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:588264 (574.4 KiB) TX bytes:588264 (574.4 KiB)
v6in4 Link encap:IPv6-in-IPv4
inet6 addr: 2001:16d8:a43b:7c9::2/64 Scope:Global
inet6 addr: fe80::5ab9:9e77/128 Scope:Link
UP POINTOPOINT RUNNING NOARP MTU:1280 Metric:1
RX packets:323 errors:0 dropped:0 overruns:0 frame:0
TX packets:576 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:92844 (90.6 KiB) TX bytes:66474 (64.9 KiB)
vlan1
vlan2
Removing route on dev lo
Shadow Hawkins on Monday, 22 October 2012 21:48:14
I am sure I closed the link tags but it still fails. I will stick to pure text this time as it is getting too late:
My blog with setup details for Tomato
http://enkel-it.dk/blog/?p=135
The FAQ for "Tunnel endpoint didn't ping" refers me to:
https://www.sixxs.net/forum/?msg=setup-37642
Good night,
Claus Andersen
Removing route on dev lo
2001:16d8:a43b:7c9::1/128 :: U 0 21 1 lo
<prefix>::1 tends to be the PoP side of the tunnel, as such, if you have the above you have something misconfigured.
To my great annoyance I seem to be completely unable to remove this route.
Likely you added it to the local interface, a 'ip -6 addr del <address>/<prefixlength> dev lo' should do the trick.
2001:16d8:a43b:7c9::/64 :: U 256 0 0 br0 2001:16d8:a43b:7c9::/64 :: U 256 0 0 v6in4 2001:4860:4860::8844/128 2001:4860:4860::8844 UC 0 3 0 v6in4 2001:4860:4860::8888/128 2001:4860:4860::8888 UC 0 1 0 v6in4 2a00:1450:400f:800::100e/128 2a00:1450:400f:800::100e UC 0 1 0 v6in4
Why do you have direct routes for certain prefixes in your routing table?
That seems odd...
As for your firewall rules, there seems to be an 'accept all' twice in there, thus everything will already likely be accepted, you might want to use 'iptables -v --list -n --line-numbers' to see what it really does.
As you have connection tracking there, things will magically break, see the FAQ for the details.
Also note that 'ip6tables' also exists and might cause you issues.
Removing route on dev lo
Shadow Hawkins on Tuesday, 23 October 2012 04:55:14
All routes where set up automatically by the firmware.
As suggested I tried:
# ip -6 addr del 2001:16d8:a43b:7c9::1/128 dev lo
but it gives me:
RTNETLINK answers: Cannot assign requested address
I found the direct routes odd as well but I am new to practical use of IPv6 so I only smelled smoke but dared not yell "fire".
It seems that the Tomato firmware might be a bit wonky. I will try their forums as well.
Surely conn track will tease me as well but that will be a story for another day when the routing is in ship shape :-)
If you have any other ideas they will be highly appreciated.
Thanks,
Claus Andersen
Removing route on dev lo
Can you give full output of:
ip -6 addr show
ip -6 ro show
ip -6 nei show
ip tun show
Note that if you want to 'obfuscate' your IP, then just replace the first two portions with 2001:db8: as that is the documentation prefix. If you obfuscate the latter parts you might mess up something that indicates if it is tunnel prefix (/64), a default routed subnet (/64) or a normal subnet (/48).
Removing route on dev lo
Shadow Hawkins on Thursday, 25 October 2012 21:19:36
When real troubleshooting is needed we better stick with the real values. If the worst happens IPs can be changed.
Thnx,
Claus
Tomato v1.28.0000 MIPSR2-102 K26 USB Nocat-VPN
<root@gate01:/tmp/home/root# ip -6 addr show
1: lo: <LOOPBACK,MULTICAST,UP,10000> mtu 16436
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qlen 1000
inet6 fe80::9afc:11ff:fe6d:8607/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qlen 1000
inet6 fe80::9afc:11ff:fe6d:8609/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500 qlen 1000
inet6 fe80::9afc:11ff:fe6d:860a/64 scope link
valid_lft forever preferred_lft forever
5: vlan1@eth0: <BROADCAST,MULTICAST,ALLMULTI,UP,10000> mtu 1500
inet6 fe80::9afc:11ff:fe6d:8607/64 scope link
valid_lft forever preferred_lft forever
6: vlan2@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 fe80::9afc:11ff:fe6d:8608/64 scope link
valid_lft forever preferred_lft forever
7: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500
inet6 2001:16d8:dd00:1b4::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::9afc:11ff:fe6d:8607/64 scope link
valid_lft forever preferred_lft forever
9: v6in4@NONE: <POINTOPOINT,NOARP,UP,10000> mtu 1280
inet6 2001:16d8:dd00:1b4::2/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5ab9:9e77/128 scope link
valid_lft forever preferred_lft forever
root@gate01:/tmp/home/root# ip -6 ro show
2001:16d8:dd00:1b4::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
2001:16d8:dd00:1b4::/64 via :: dev v6in4 proto kernel metric 256 mtu 1280 advmss 1220 metric 10 4294967295
fe80::/64 dev eth0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev vlan1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev eth1 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev eth2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev br0 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 dev vlan2 proto kernel metric 256 mtu 1500 advmss 1440 metric 10 4294967295
fe80::/64 via :: dev v6in4 proto kernel metric 256 mtu 1280 advmss 1220 metric 10 4294967295
default dev v6in4 metric 1024 mtu 1280 advmss 1220 metric 10 4294967295
unreachable default dev lo proto kernel metric -1 error -128 metric 10 255
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev vlan1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev eth1 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev eth2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev br0 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev vlan2 metric 256 mtu 1500 advmss 1440 metric 10 4294967295
ff00::/8 dev v6in4 metric 256 mtu 1280 advmss 1220 metric 10 4294967295
unreachable default dev lo proto kernel metric -1 error -128 metric 10 255
root@gate01:/tmp/home/root# ip -6 nei show
fe80::9afc:11ff:fe6d:8607 dev br0 lladdr 98:fc:11:6d:86:07 router STALE
root@gate01:/tmp/home/root# ip tun show
sit0: ipv6/ip remote any local any ttl 64 nopmtudisc 6rd-prefix 2002::/16
v6in4: ipv6/ip remote 93.158.77.42 local 90.185.158.119 ttl 255 6rd-prefix 2002::/16
Removing route on dev lo
When real troubleshooting is needed we better stick with the real values. If the worst happens IPs can be changed.
I can only agree, but you specified that you "(Note: I have obfuscated my IPs)" but you didn't specify how you mangled the addresses, and that can be very important indeed as seen below:
7: br0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 inet6 2001:16d8:dd00:1b4::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::9afc:11ff:fe6d:8607/64 scope link valid_lft forever preferred_lft forever
Why do you configure the PoP's IPv6 address on your side?
You might want to change that to eg 2001:16d8:dd00:81b4::1/64 which comes out of your default routed subnet instead of hijacking the tunnel prefix and thus breaking things....
Removing route on dev lo
Shadow Hawkins on Friday, 26 October 2012 16:59:12
Facepalm!
|
![[ch]](/s/countries/ch.gif)
on Tuesday, 23 October 2012 01:27:04
Posting is only allowed when you are