|
PoP returns "ICMP protocol unreachable" after Windows reboot
![[dk]](/s/countries/dk.gif) Shadow Hawkins on Sunday, 18 March 2012 22:59:54
Hi, one of our tunnels just hit a snag, I suspect it is our fault as it happened when I rebooted the client (Windows 2008 aka Vista server) to install system updates. The tunnel is a static proto 41 tunnel with a /48 on top. The machine also has 6to4 connectivity in order to maximize reachability in the presence of broken 6to4 routers (which can affect either end of a connection).
After rebooting the machine, it can no longer be reached on its sixxs addresses, and the machine can no longer ping the tunnel::1 endpoint.
Installing Wireshark and capturing an attempt to ping tunnel::1, wireshark showed that the encapsulated ping packet was being returned from the PoP's IPv4 address in an ICMP "protocol unreachable" packet (ICMP type 3 code 2 with the IPv4 proto 41 encapsulated IPv6 echo request as payload). The ICMP error packet has a reasonable "odd" TTL to indicate that the packet traveled at least some of the way to the PoP.
To make things stranger, a nearby machine with near identical configuration and its own tunnel to the same PoP is still up.
Anyone have any pointers for solving this issue?
PoP returns "ICMP protocol unreachable" after Windows reboot
Shadow Hawkins on Monday, 19 March 2012 05:05:15
Found it: The machine has two IPv4 addresses, despite netsh showing the correct source IPv4 for the tunnel, Windows decided to send from the numerically smallest IPv4, causing the PoP to reject the packets.
Because I couldn't convince Windows to use the proper source address I had to spend a few ISK to change the tunnel endpoint to the address chosen by Windows.
Confusingly, after tic started returning the "new" IPv4 to AICCU, a few minutes passed before the PoP began accepting the packets, I guess there was a delay in applying the change to the PoP.
PoP returns "ICMP protocol unreachable" after Windows reboot
Confusingly, after tic started returning the "new" IPv4 to AICCU,
If you have a static tunnel you can simply use the configuration commands as detailed in the FAQ instead of using AICCU. Or you can check the output of verbose AICCU to see what it performs.
a few minutes passed before the PoP began accepting the packets
The PoP configuration is only pushed every 10 minutes or so. That is why for dynamic tunnels we have heartbeat & AYIYA which do talk to the PoP.
|
![[ch]](/s/countries/ch.gif)
on Monday, 19 March 2012 09:33:41
Posting is only allowed when you are