SixXS::Sunset 2017-06-06

protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[de] Shadow Hawkins on Wednesday, 11 January 2012 17:06:40
Hi there, according to https://www.sixxs.net/tickets/?msg=tickets-6263070 this is a user-issue and I'm a little lost because I don't know how to resolve an "protocol 41 port 0 unreachable"-problem. thanks Klaus my firewall was turned off during this test: 1. start $> tcpdump -s 9999 -n -i ppp0 host 78.35.24.124 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ppp0, link-type LINUX_SLL (Linux cooked), capture size 9999 bytes 2. start aiccu /etc/init.d/aiccu start 3. info on aiccu-start 13:04:25.911057 IP 93.199.125.52.51851 > 78.35.24.124.3740: UDP, length 89 13:04:25.911432 IP 93.199.125.52.56782 > 78.35.24.124.3740: UDP, length 89 4. infos after some seconds: 13:04:32.053042 IP 78.35.24.124 > 93.199.125.52: IP6 2001:4dd0:1234:3::42 > 2001:4dd0:ff00:b6f::2: ICMP6, echo request, seq 2654, length 64 13:04:32.053090 IP 93.199.125.52 > 78.35.24.124: ICMP 93.199.125.52 protocol 41 port 0 unreachable, length 132 13:04:39.312329 IP 78.35.24.124 > 93.199.125.52: IP6 2001:4dd0:ff00:b6f::1 > 2001:4dd0:ff00:b6f::2: ICMP6, echo request, seq 54315, length 988 13:04:39.312361 IP 93.199.125.52 > 78.35.24.124: ICMP 93.199.125.52 protocol 41 port 0 unreachable, length 556 13:05:25.911628 IP 93.199.125.52.60652 > 78.35.24.124.3740: UDP, length 89 13:05:44.327560 IP 78.35.24.124 > 93.199.125.52: IP6 2001:4dd0:ff00:b6f::1 > 2001:4dd0:ff00:b6f::2: ICMP6, echo request, seq 54316, length 988 13:05:44.327601 IP 93.199.125.52 > 78.35.24.124: ICMP 93.199.125.52 protocol 41 port 0 unreachable, length 556 13:06:09.207392 IP 78.35.24.124 > 93.199.125.52: IP6 2001:4dd0:1234:3::42 > 2001:4dd0:ff00:b6f::2: ICMP6, echo request, seq 5817, length 64 13:06:09.207425 IP 93.199.125.52 > 78.35.24.124: ICMP 93.199.125.52 protocol 41 port 0 unreachable, length 132
protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[ch] Jeroen Massar SixXS Staff on Wednesday, 11 January 2012 18:15:22
13:04:25.911057 IP 93.199.125.52.51851 > 78.35.24.124.3740: UDP, length 89
Port 3740/UDP is heartbeat
13:04:32.053090 IP 93.199.125.52 > 78.35.24.124: ICMP 93.199.125.52 protocol 41 port 0 unreachable, length 132
That is a ICMP that says that protocol 41 is not reachable on that IP. 78.35.24.124 is decgn01.sixxs.net, thus 93.199.125.52 must be you. As such, you might want to check if your host has a properly configured tunnel. Depending on Operating system that you are using, you'll need to get the tunne details out. It is likely that this is some form of linux, thus "ip tun show" is the way to go.
protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[de] Shadow Hawkins on Wednesday, 11 January 2012 19:17:36
I'm using aiccu on a debian box. ip tun show displays this: sixxs: ipv6/ip remote 78.35.24.124 local 93.199.125.52 ttl 64 If I restart aiccu the syslog tells something like this - no errors, no warnings: Jan 11 19:12:18 z aiccu: Succesfully retrieved tunnel information for T79110 Jan 11 19:12:18 z aiccu: AICCU running as PID 681 Jan 11 19:12:18 z kernel: [10736787.971101] sixxs: Disabled Privacy Extensions My current local ip is 93.199.125.52. I was pointed to this FAQ: https://www.sixxs.net/faq/connectivity/?faq=ping "Your IPv4 path to the PoP is broken for proto-41." should be my problem, but I don't know why. Just for info: the tunnel worked at least until the end of 2011. I haven't used much v6-stuff since then only today when I discovered that something is wrong here. The tunnel stats are weired too: https://xdeamorg.s3.amazonaws.com/sixxs/tunnel_statistics.png
protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[ch] Jeroen Massar SixXS Staff on Wednesday, 11 January 2012 19:39:59
sixxs: ipv6/ip remote 78.35.24.124 local 93.199.125.52 ttl 64
That looks good. Now the big question is what your firewall looks like, as that might then be the only place that might reject protocol-41 to your endpoint while a tunnel is configured.
If I restart aiccu the syslog tells something like this - no errors, no warnings:
Restarting AICCU does not change a thing as it cannot correct misconfigured setups. You might want to actually provide as much details as possible.
protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[de] Shadow Hawkins on Wednesday, 11 January 2012 19:49:42
The minimal-setup that I run for the firewall is this: [qdisc] qdisc pfifo_fast 0: root bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 27018376 bytes 497434 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 [class] [filter] [iptables] Chain INPUT (policy ACCEPT 33 packets, 4952 bytes) pkts bytes target prot opt in out source destination 0 0 DROP tcp -- ppp0 any anywhere anywhere tcp dpt:ldap Chain FORWARD (policy ACCEPT 15 packets, 14820 bytes) pkts bytes target prot opt in out source destination 0 0 TCPMSS tcp -- any any anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU 5869 8544816 ACCEPT all -- ppp0 eth0 anywhere anywhere state RELATED,ESTABLISHED 3119 169096 ACCEPT all -- eth0 ppp0 anywhere anywhere Chain OUTPUT (policy ACCEPT 29 packets, 7521 bytes) pkts bytes target prot opt in out source destination [ip6tables] Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination If I add something like this iptables -I INPUT -p ipv6 -s 78.35.24.124/32 -j ACCEPT it won't help. (or even iptables -I INPUT -s 78.35.24.124/32 -j ACCEPT)
protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[ch] Jeroen Massar SixXS Staff on Wednesday, 11 January 2012 19:57:23
You'll have to provide a lot more details than this, ipv4/ipv6 routing tables, all interface details, kernel versions, distro etc would all be helpful. It actually looks like the tunneling module is not active in the kernel, as next to a firewall that would be the only way that proto-41 is not processed and then rejected. I'd suggest you unconfigure all the running IPv6 setup so that it is back to an 'empty' state.
protocol 41 port 0 unreachable/ Ping the PoP Inner Tunnel Endpoint fails
[de] Shadow Hawkins on Wednesday, 11 January 2012 20:29:23
ahm, I think it was an update. The box had an uptime of around 50 days and an colleague of mine did some updates around new year, but did not reboot the box. I now rebooted the thing and guess what - it's working again. The problem is that I don't know what packages (debian box) where updated. So I don't know what might have caused the hickup. Thanks for your help and your patience!

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker