SixXS::Sunset 2017-06-06

AICCU Test 5/8 fails
[de] Shadow Hawkins on Thursday, 24 October 2013 18:56:41
Questions and Answers concerning IPv6 Setup of machines, routers etc. Am trying to get a tunnel set up on a mac OSX 10.8.5 I installed AICCU and TUNTAP but the AICCU auto test fails test 5/8: ###### [5/8] Ping the IPv6 Local/Your Inner Tunnel Endpoint (2001:xxxx:xxx:154c::2) ### This confirms that your tunnel is configured ### If it doesn't reply then check your interface and routing tables PING6(56=40+8+8 bytes) 2001:4dd0:ff00:154c::2 --> 2001:xxxx:xxxx:154c::2 24 bytes from fe80::2e9e:fcff:fe9c:769d%en1: Listener Report HbH Options: nxt 58, len 0 (8 bytes) Router Alert Opt: Type 0 146 bytes from 2001:4dd0:ff00:154c::5: Destination Host Unreachable Vr TC Flow Plen Nxt Hlim 6 00 00000 0062 11 ff 2001:4dd0:ff00:154c::5->2001:4dd0:100:1020:53:2::1 UDP: from port 64242, to port 53 (decimal) It passes all the other tests. Can anyone tell me where to start looking for the problem? Thank you
AICCU Test 5/8 fails
[ch] Jeroen Massar SixXS Staff on Friday, 25 October 2013 06:57:27
Am trying to get a tunnel set up on a mac OSX 10.8.5
Please note that 10.9 is out, and is available for download/upgrade for Free. It is a huge step forward, thus go for it. (it should not be fixing your issue though ;)
It passes all the other tests.
You mean tests 1-4 or also tests 6-8? Note that the 'aiccu test' is there solely to *indicate* problems, it does not mean that if a test works that everything is perfectly fine.
Can anyone tell me where to start looking for the problem?
The routing tables. Likely though you simply do not have your local endpoint (2001:4dd0:ff00:154c::2) assigned to the interface or that interface is down or your firewall is blocking things.
AICCU Test 5/8 fails
[de] Shadow Hawkins on Friday, 25 October 2013 18:23:07
Jeroen Massar wrote:
> Am trying to get a tunnel set up on a mac OSX 10.8.5 Please note that 10.9 is out, and is available for download/upgrade for Free. It is a huge step forward, thus go for it. (it should not be fixing your issue though ;)
It passes all the other tests.
You mean tests 1-4 or also tests 6-8? Note that the 'aiccu test' is there solely to *indicate* problems, it does not mean that if a test works that everything is perfectly fine.
Can anyone tell me where to start looking for the problem?
The routing tables. Likely though you simply do not have your local endpoint (2001:4dd0:ff00:154c::2) assigned to the interface or that interface is down or your firewall is blocking things.
Thanks for the reply. I loaded OSX 10.9 last night, but as you thought it didn't help my tunnel problem. 5/8 was the only test that failed. How do I allocate the local endpoint to the interface? May aiccu.conf file looks like this: username xxxx-SIXXS/T1xxxxx password xxxxxxxxxxxxxxxxxxx server tic.sixxs.net protocol tic ipv6_interface gif0 tunnel_id T1xxxxxx requiretls false defaultroute true behindnat true makebeats true daemonize true
AICCU Test 5/8 fails
[ch] Jeroen Massar SixXS Staff on Saturday, 26 October 2013 08:35:31
I loaded OSX 10.9 last night, but as you thought it didn't help my tunnel problem.
Well, apparently at least the Happy Eyeballs implementation changed a bit so that
How do I allocate the local endpoint to the interface?
AICCU should be doing that. If you would list the interfaces, routes etc, we can see them. Wrapping them in a [code ] blocks [/code ] (see also right hand when posting) makes output a bit more readable.
May aiccu.conf file looks like this:
What is in
ipv6_interface gif0
You are specifying a 'gif' interface, while you are using a AYIYA tunnel. Hence that is wrong, that needs to be 'tun0'. From the default aiccu.conf:
# On *BSD and OSX the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels # or tunX (eg tun0) for AYIYA tunnels.
Thus if you can reach remote sites that is likely because of some other magic, not because the tunnel works.
AICCU Test 5/8 fails
[de] Shadow Hawkins on Saturday, 26 October 2013 18:39:42
Jeroen Massar wrote:
> I loaded OSX 10.9 last night, but as you thought it didn't help my tunnel problem. Well, apparently at least the Happy Eyeballs implementation changed a bit so that
How do I allocate the local endpoint to the interface?
AICCU should be doing that. If you would list the interfaces, routes etc, we can see them. Wrapping them in a [code ] blocks [/code ] (see also right hand when posting) makes output a bit more readable.
May aiccu.conf file looks like this:
What is in
ipv6_interface gif0
You are specifying a 'gif' interface, while you are using a AYIYA tunnel. Hence that is wrong, that needs to be 'tun0'. From the default aiccu.conf:
# On *BSD and OSX the ipv6_interface should be set to gifX (eg gif0) for proto-41 tunnels # or tunX (eg tun0) for AYIYA tunnels.
Ok point taken. I changed the aiccu.conf . See below Thus if you can reach remote sites that is likely because of some other magic, not because the tunnel works.
Here the new aiccu.conf and the results of ifconfig:
aiccu.conf username xxxx-SIXXS/T1xxxxx password xxxxxxxxxxxxxxxxx server tic.sixxs.net protocol tic ipv6_interface tun0 tunnel_id T1xxxxxxxx requiretls false defaultroute true behindnat true makebeats true daemonize true
ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=3<RXCSUM,TXCSUM> inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=1<PERFORMNUD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4> ether 00:26:08:01:aa:72 media: autoselect (<unknown type>) en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280 ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 inet6 2001:xxxx:xxxx:154c:226:8ff:fee4:5dba prefixlen 64 autoconf inet6 2001:xxxx:xxxx:154c:757c:f4d2:333b:c91d prefixlen 64 autoconf temporary nd6 options=1<PERFORMNUD> media: autoselect status: active fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078 lladdr 00:26:08:ff:fe:01:aa:72 media: autoselect <full-duplex> status: inactive p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 02:26:08:e4:5d:ba media: autoselect status: inactive tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280 inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9 inet6 2001:xxxx:ff00:154c::2 --> 2001:xxxx:ff00:154c::1 prefixlen 128 nd6 options=1<PERFORMNUD> open (pid 536)
After surfing a bit I am thinking it may be an Apple problem? My Apple Express is behind a bridged modem and is using a PPPoE connection. It shows a "tunnel error". Any ideas? Thanks in advance
AICCU Test 5/8 fails
[ch] Jeroen Massar SixXS Staff on Sunday, 27 October 2013 07:36:33
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
inet6 2001:xxxx:xxxx:154c:226:8ff:fee4:5dba prefixlen 64 autoconf
inet6 2001:xxxx:xxxx:154c:757c:f4d2:333b:c91d prefixlen 64 autoconf temporary
You are removing very important details there. What exactly are these addresses and where do they come from? It seems they are 'autoconf', thus that another host in your network is giving you these addresses. One is temporary, the other is normal RA, thus looks like your connectivity gets configured. If you, as requested (see that big yellow/orange box when posting which points to the contact page which contains a list of things to include when reporting problems), would have included a dump of your routing tables we could have told you which device is giving you IPv6 as it is the default gateway.
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280
inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9
inet6 2001:xxxx:ff00:154c::2 --> 2001:xxxx:ff00:154c::1 prefixlen 128
nd6 options=1<PERFORMNUD>
open (pid 536)
That looks quite okay. Though without the routing tables little to say if it would be used etc.
My Apple Express is behind a bridged modem and is using a PPPoE connection.
It shows a "tunnel error".
Which is unrelated to a SixXS tunnel (unless you tried to configure it there, but then you would not be using AICCU). Likely you are getting a tunnel error there as Airport Expresses uses 6to4 and for that they need a public IP address (non-RFC1918). AYIYA does not care about that though.
AICCU Test 5/8 fails
[de] Shadow Hawkins on Sunday, 27 October 2013 13:48:13
Jeroen Massar wrote:
> en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280
ether 00:26:08:e4:5d:ba
inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5
inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255
inet6 2001:xxxx:xxxx:154c:226:8ff:fee4:5dba prefixlen 64 autoconf
inet6 2001:xxxx:xxxx:154c:757c:f4d2:333b:c91d prefixlen 64 autoconf temporary
You are removing very important details there. What exactly are these addresses and where do they come from? It seems they are 'autoconf', thus that another host in your network is giving you these addresses. One is temporary, the other is normal RA, thus looks like your connectivity gets configured. If you, as requested (see that big yellow/orange box when posting which points to the contact page which contains a list of things to include when reporting problems), would have included a dump of your routing tables we could have told you which device is giving you IPv6 as it is the default gateway.
tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280
inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9
inet6 2001:xxxx:ff00:154c::2 --> 2001:xxxx:ff00:154c::1 prefixlen 128
nd6 options=1<PERFORMNUD>
open (pid 536)
That looks quite okay. Though without the routing tables little to say if it would be used etc.
My Apple Express is behind a bridged modem and is using a PPPoE connection.
It shows a "tunnel error".
Which is unrelated to a SixXS tunnel (unless you tried to configure it there, but then you would not be using AICCU). Likely you are getting a tunnel error there as Airport Expresses uses 6to4 and for that they need a public IP address (non-RFC1918). AYIYA does not care about that though.
Many thanks for your patience. By trail and error I managed to eliminate the problem myself and have now got full Ipv6 connection. The problem lay in the local network settings on my laptop and not those in the airport express (although the airport still shows a tunnel problem! It works anyway!) In case it helps others here some details Aiccu.conf
username xxxx-SIXXS/T1xxxxx password xxxxxxxxxxxxx server tic.sixxs.net protocol tic ipv6_interface tun0 tunnel_id T1xxxxx requiretls false defaultroute true behindnat true makebeats true daemonize true
IPv6 configuration : manual IPv6 mode: Tunnel IPv6-WAN-Address: Your IPv6 SIXX Address IPv6-Standardrout: PoP IPv6 IPv4 Address: Pop IPv4 IPv6 prefix: IPv6 Prefix IPv6-LAN Adress: Your IPv6 SIXX Address Block incoming IPv active Teredo-Tunnel active IPSec authorization active
I didnt enter anything in the Port settings Maybe I do have to make some Firewall / TCP and UDP Port entries?? What do you think?? Then on my laptop under the TCP/IP network tab I entered:
Ipv6 configuration to manual Router: Your IPv6 SIXX address IPv6 Address Here I justed added a digit on the end of Your IPv6 SIXX Address
Where my mistake was previously was that I entered the router address to the Pop IPv6 instead oft he address of the airport which is the router in my network!! Thats probably why test 5/8 failed
AICCU Test 5/8 fails
[ch] Jeroen Massar SixXS Staff on Sunday, 27 October 2013 14:10:05
> IPv6 configuration : manual
IPv6 mode: Tunnel
IPv6-WAN-Address: Your IPv6 SIXX Address
IPv6-Standardrout: PoP IPv6
IPv4 Address: Pop IPv4
IPv6 prefix: IPv6 Prefix
IPv6-LAN Adress: Your IPv6 SIXX Address
Block incoming IPv active
Teredo-Tunnel active
IPSec authorization active
Where does these details come from? I do hope that you did not try to configure the tunnel on both your computer and on the Airport Express; Airports do not support AYIYA and having the same address configured twice will give all kinds of wrong results.
I didnt enter anything in the Port settings
Maybe I do have to make some Firewall / TCP and UDP Port entries??
What do you think??
You'll first have to state WHERE that configuration detail is. AYIYA though in typical case does not need any changes in the NAT box.
Then on my laptop under the TCP/IP network tab I entered:
If you use AICCU you do not need to enter ANY configuration details except for aiccu.conf. AICCU should be able to take care of everything. As I mentioned in a previous post, another system (likely your misconfigured Airport Express) is announcing itself as having IPv6 connectivity, likely (as you mask things out, we cannot state what is there) with the same details as the tunnel configuration.
AICCU Test 5/8 fails
[de] Shadow Hawkins on Monday, 28 October 2013 10:58:22
Jeroen Massar wrote:
>
> IPv6 configuration : manual
IPv6 mode: Tunnel
IPv6-WAN-Address: Your IPv6 SIXX Address
IPv6-Standardrout: PoP IPv6
IPv4 Address: Pop IPv4
IPv6 prefix: IPv6 Prefix
IPv6-LAN Adress: Your IPv6 SIXX Address
Block incoming IPv active
Teredo-Tunnel active
IPSec authorization active
Where does these details come from? I do hope that you did not try to configure the tunnel on both your computer and on the Airport Express; Airports do not support AYIYA and having the same address configured twice will give all kinds of wrong results.
I didnt enter anything in the Port settings
Maybe I do have to make some Firewall / TCP and UDP Port entries??
What do you think??
You'll first have to state WHERE that configuration detail is. AYIYA though in typical case does not need any changes in the NAT box.
Then on my laptop under the TCP/IP network tab I entered:
If you use AICCU you do not need to enter ANY configuration details except for aiccu.conf. AICCU should be able to take care of everything. As I mentioned in a previous post, another system (likely your misconfigured Airport Express) is announcing itself as having IPv6 connectivity, likely (as you mask things out, we cannot state what is there) with the same details as the tunnel configuration.
After a restart I had no IPv6 again I had also apparently configured a tunnel on the Airport Express (AEP). I have now turned IPv6 to Local Link in the AEP and the Network WLAN connection has been turned to Automatic I now get the following ifconfig output after restarting:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=3<RXCSUM,TXCSUM> inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=1<PERFORMNUD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4> ether 00:26:08:01:aa:72 media: autoselect (<unknown type>) en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280 ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1<PERFORMNUD> media: autoselect status: active fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078 lladdr 00:26:08:ff:fe:01:aa:72 media: autoselect <full-duplex> status: inactive p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 02:26:08:e4:5d:ba media: autoselect status: inactive
I dont know where the inet6 addresses are coming from as aiccu obviously didnt automatically start because tun0 didnt appear. I have to enter
sudo aiccu start
in the Terminal window to get tun0 to run. Then I get the following ifconfig result:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=3<RXCSUM,TXCSUM> inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=1<PERFORMNUD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4> ether 00:26:08:01:aa:72 media: autoselect (<unknown type>) en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280 ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1<PERFORMNUD> media: autoselect status: active fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078 lladdr 00:26:08:ff:fe:01:aa:72 media: autoselect <full-duplex> status: inactive p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 02:26:08:e4:5d:ba media: autoselect status: inactive tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280 inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9 inet6 2001:4dd0:ff00:154c::2 --> 2001:4dd0:ff00:154c::1 prefixlen 128 nd6 options=1<PERFORMNUD> open (pid 395)
The SIXXS website then shows that the tinnel is up but IPv6 tests (http://ipv6-test.com) only shows IPv4. I do have a file called net.sixxs.Aiccu.plist located in /Library/LaunchDaemons directory with the following contents:
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>Label</key> <string>net.sixxs.Aiccu</string> <key>ProgramArguments</key> <array> <string>/usr/sbin/aiccu</string> <string>start</string> <string>/etc/aiccu.conf</string> </array> <key>RunAtLoad</key> <true/> </dict> </plist>
but this doesnt seem to get loaded. I did do a chmod 0775 on it but that didnt help. The aiccu.conf file located in /usr/bin/acciu is currently as follows:
username xxxx-SIXXS/T1xxxxx password xxxxxxxxxxxxxxx server tic.sixxs.net protocol tic ipv6_interface tun0 tunnel_id T1xxxxx requiretls false defaultroute true behindnat true makebeats true daemonize true
Here is a copy of the routing table from the network utility netstat
Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 10.0.0.1 UGSc 548 0 en1 10/24 link#5 UCS 3 0 en1 10.0.0.1 f0:d1:a9:9:31:23 UHLWIir 550 6249 en1 665 10.0.0.23 0:23:6c:e9:9d:73 UHLWI 0 0 en1 668 10.0.0.24 localhost UHS 0 0 lo0 10.0.0.255 ff:ff:ff:ff:ff:ff UHLWbI 0 3 en1 127 localhost UCS 0 0 lo0 localhost localhost UH 4 14178 lo0 169.254 link#5 UCS 0 0 en1 Internet6: Destination Gateway Flags Netif Expire default gw-5453.cgn-01.de. UGSc tun0 localhost localhost UHL lo0 gw-5453.cgn-01.de. cl-5453.cgn-01.de. UHLr tun0 cl-5453.cgn-01.de. link#9 UHL lo0 fe80::%lo0 localhost UcI lo0 localhost link#1 UHLI lo0 fe80::%en1 link#5 UCI en1 birgit-redmonds-ma 0:26:8:e4:5d:ba UHLI lo0 skylas-airport-exp f0:d1:a9:9:31:23 UHLWI en1 fe80::%tun0 fe80::226:8ff:fe01 UcI tun0 fe80::226:8ff:fe01 link#9 UHLI lo0 ff01::%lo0 localhost UmCI lo0 ff01::%en1 link#5 UmCI en1 ff01::%tun0 fe80::226:8ff:fe01 UmCI tun0 ff02::%lo0 localhost UmCI lo0 ff02::%en1 link#5 UmCI en1 ff02::%tun0 fe80::226:8ff:fe01 UmCI tun0
The live tunnel status on Sixxs currently shows
Live Tunnel Status for T1xxxxx The PoP reports the following status for your tunnel: Tunnel Configuration Tunnel IDT1xxxxx TID0x154c Tunnel Debuggingno Inner Us2001:4dd0:ff00:154c::1 Inner Them2001:4dd0:ff00:154c::2 Outer Us78.35.24.124 Outer Them89.0.245.13 MTU1280 Tunnel Stateup Tunnel Typeayiya AYIYA AF2 (INET) AYIYA Socket Type2 (DGRAM (UDP)) AYIYA Protocol17 (UDP) AYIYA Port Us5072 AYIYA Port Them44317 AYIYA Hash2 (SHA-1) Heartbeat Information (Heartbeat and AYIYA protocols only) Last Heartbeat2013-10-28 10:48:03 (1382957283; 0 days 00:00:19 ago) Heartbeat Password1371bab05c459dbb59de0d7af49e1fb2 Tunnel Traffic (last 5 minutes) Packet In2013-10-28 10:47:58 (1382957278; 0 days 00:00:24 ago) Packets In3 Octets In3084 Packet Out2013-10-28 10:47:58 (1382957278; 0 days 00:00:24 ago) Packets Out3 Octets Out3300 Tunnel Latency (last 5 minutes) Latency Pkt Sent3 Latency Pkt Recv3 Latency Loss0.00 Latency Min39.42 ms Latency Avg138.01 ms Latency Max272.07 ms Encap.Pkt Too Bignone Errors seen for this tunnel Disabled tunnelnone Clock Offnone Encap.Pkt Send Errornone Same In&Out Interface1943, last: 2001:4dd0:ff00:154c::2 2013-10-27 12:31:33 (1382877093; 0 days 22:16:49 ago) Wrong Source IPv6none Wrong Source IPv4none Packet over uplinknone Non-IPv6 Payloadnone Non-IPv4 Payloadnone AYIYA Hash Failnone AYIYA-non-AYIYAnone AYIYA Invalid Forwardnone Heartbeat Hash Failnone HB-non-HBnone HB Missing IPv4none HB Sender Mismatchnone HB Missing Timenone ICMPv4 Errors Received132, last: 89.0.245.13 2013-10-28 10:42:58 (1382956978; 0 days 00:05:24 ago) ICMPv4 Echo Req. Recv.none
But it appears I still only have IPv4. I also assume I will have to do something with the firewall as well because as at the moment
sudo ipfw show
only returns
65535 0 0 allow ip from any to any
I tried to get something working like the example shown in this link: http://www.macshadows.com/kb/index.php?title=Firewall_Tunning_on_Mac_OS_X But after creating the Firewall file in /Library/StartupItems/Firewall/Firewall containing the same entries as in the example shown the above link I get an error message after re-start saying:
Unsafe start object deactivated /Library/StartupItems/Firewall wurde nicht gestartet, da das Objekt nicht die korrekten Sicherheitseinstellungen hat.
When I run the file in the terminal it seems to want a sudo command in front of each line in the script. I tried chown and chmod but no luck. But anyway one thing at a time. Lets please get the tunnel working first and then worry about the firewall I guess. I have tried to be as verbose as I can. Sorry I am obviously tapping in the dark a little. Please be patient with me as I really appreciate your help. I am doing my best to get my head around the whole thing. Please also try to be verbose as possible in telling me how to get any further information that might still be missing. I dont know too many terminal commands.
AICCU Test 5/8 fails
[ch] Jeroen Massar SixXS Staff on Monday, 28 October 2013 11:07:34
I dont know where the inet6 addresses are coming from as aiccu obviously didnt automatically start because tun0 didnt appear.
inet6 fe80:...... Any address in fe80::/10 are Link Local addresses. An interface with IPv6 enabled will always have an address like that.
I do have a file called net.sixxs.Aiccu.plist located in /Library/LaunchDaemons directory with the following contents:
Please remove that. It is likely added by MacPorts but it only causes AICCU to be restarted over and over again, which is wrong.
But it appears I still only have IPv4.
Why do you think that? What part is not working?
AICCU Test 5/8 fails
[de] Shadow Hawkins on Tuesday, 29 October 2013 19:55:06
Jeroen Massar wrote:
> I dont know where the inet6 addresses are coming from as aiccu obviously didnt automatically start because tun0 didnt appear. inet6 fe80:...... Any address in fe80::/10 are Link Local addresses. An interface with IPv6 enabled will always have an address like that.
I do have a file called net.sixxs.Aiccu.plist located in /Library/LaunchDaemons directory with the following contents:
Please remove that. It is likely added by MacPorts but it only causes AICCU to be restarted over and over again, which is wrong.
But it appears I still only have IPv4.
Why do you think that? What part is not working?
OK I deleted the net.sixxs.Aiccu.plist file and re-booted. Ifconfig showed
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=3<RXCSUM,TXCSUM> inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=1<PERFORMNUD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4> ether 00:26:08:01:aa:72 media: autoselect (<unknown type>) en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280 ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1<PERFORMNUD> media: autoselect status: active fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078 lladdr 00:26:08:ff:fe:01:aa:72 media: autoselect <full-duplex> status: inactive p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 02:26:08:e4:5d:ba media: autoselect status: inactive
Now I definitely dont get aiccu to start automatically. Entering
sudo aiccu start
then got the following ifconfig output:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 options=3<RXCSUM,TXCSUM> inet6 ::1 prefixlen 128 inet 127.0.0.1 netmask 0xff000000 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 nd6 options=1<PERFORMNUD> gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280 stf0: flags=0<> mtu 1280 en0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 1500 options=27<RXCSUM,TXCSUM,VLAN_MTU,TSO4> ether 00:26:08:01:aa:72 media: autoselect (<unknown type>) en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1280 ether 00:26:08:e4:5d:ba inet6 fe80::226:8ff:fee4:5dba%en1 prefixlen 64 scopeid 0x5 inet 10.0.0.24 netmask 0xffffff00 broadcast 10.0.0.255 nd6 options=1<PERFORMNUD> media: autoselect status: active fw0: flags=8822<BROADCAST,SMART,SIMPLEX,MULTICAST> mtu 4078 lladdr 00:26:08:ff:fe:01:aa:72 media: autoselect <full-duplex> status: inactive p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304 ether 02:26:08:e4:5d:ba media: autoselect status: inactive tun0: flags=8851<UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1280 inet6 fe80::226:8ff:fe01:aa72%tun0 prefixlen 64 scopeid 0x9 inet6 2001:4dd0:ff00:154c::2 --> 2001:4dd0:ff00:154c::1 prefixlen 128 nd6 options=1<PERFORMNUD> open (pid 322)
The tun0 interface seems to be working, but something is still wrong. When I ry to test the connectivity on it fails on both sites. One additional funny thing: aiccu auto test & test dont work anymore?? This led me to think that aiccu was maybe not installed properly. I decided to try and delete all references to aiccu and start again! Building aiccu again gave the followings errors:
Building : aiccu - Automatic IPv6 Connectivity Configuration Utility Copyright : SixXS Version : 2007.01.15 ../common/hash_md5.c:134:24: warning: 'memset' call operates on objects of type 'struct MD5Context' while the size is based on a different type 'struct MD5Context *' [-Wsizeof-pointer-memaccess] memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ ~~~ ^~~ ../common/hash_md5.c:134:24: note: did you mean to dereference the argument to 'sizeof' (and multiply it by the number of elements)? memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ ^~~ 1 warning generated. ../common/hash_sha1.c:64:10: warning: cast from 'const sha1_byte *' (aka 'const unsigned char *') to 'BYTE64QUAD16 *' (aka 'union _BYTE64QUAD16 *') increases required alignment from 1 to 4 [-Wcast-align] block = (BYTE64QUAD16*)buffer; ^~~~~~~~~~~~~~~~~~~~~ 1 warning generated. ../common/common.c:194:58: warning: for loop has empty body [-Wempty-body] for (i=0; (i < (*filled-1)) && (rbuf != '\n'); i++); ^ ../common/common.c:194:58: note: put the semicolon on a separate line to silence this warning 1 warning generated. ../common/heartbeat.c:90:17: warning: explicitly assigning a variable of type 'const char *' to itself [-Wself-assign] sIPv4Interface = sIPv4Interface; ~~~~~~~~~~~~~~ ^ ~~~~~~~~~~~~~~ 1 warning generated. ../common/ayiya.c:84:25: warning: cast from 'char *' to 'struct pseudo_ayh *' increases required alignment from 1 to 4 [-Wcast-align] struct pseudo_ayh *s = (struct pseudo_ayh *)buf, s2; ^~~~~~~~~~~~~~~~~~~~~~~~ ../common/ayiya.c:159:25: warning: cast from 'unsigned char *' to 'struct pseudo_ayh *' increases required alignment from 1 to 4 [-Wcast-align] struct pseudo_ayh *s = (struct pseudo_ayh *)buf; ^~~~~~~~~~~~~~~~~~~~~~~~ ../common/ayiya.c:377:29: warning: cast from 'struct sockaddr *' to 'struct sockaddr_in *' increases required alignment from 1 to 4 [-Wcast-align] ...memcpy(&ayiya_ipv4_pop, &((struct sockaddr_in *)res->ai_addr)->sin_addr... ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy' __builtin___memcpy_chk (dest, src, len, __darwin_obsz0 (dest)) ^ ../common/ayiya.c:402:31: warning: cast from 'struct sockaddr *' to 'struct sockaddr_in6 *' increases required alignment from 1 to 4 [-Wcast-align] ...memcpy(&ayiya_ipv6_local, &((struct sockaddr_in6 *)res->ai_addr)->sin6_a... ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy' __builtin___memcpy_chk (dest, src, len, __darwin_obsz0 (dest)) ^ ../common/ayiya.c:427:29: warning: cast from 'struct sockaddr *' to 'struct sockaddr_in6 *' increases required alignment from 1 to 4 [-Wcast-align] ...memcpy(&ayiya_ipv6_pop, &((struct sockaddr_in6 *)res->ai_addr)->sin6_add... ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /usr/include/secure/_string.h:65:33: note: expanded from macro 'memcpy' __builtin___memcpy_chk (dest, src, len, __darwin_obsz0 (dest)) ^ 5 warnings generated. ../common/resolver.c:33:21: warning: cast from 'unsigned char *' to 'HEADER *' increases required alignment from 1 to 4 [-Wcast-align] HEADER *header = (HEADER *)answer; ^~~~~~~~~~~~~~~~ 1 warning generated. ../common/aiccu_darwin.c:75:10: warning: explicitly assigning a variable of type 'struct TIC_Tunnel *' to itself [-Wself-assign] hTunnel = hTunnel; ~~~~~~~ ^ ~~~~~~~ 1 warning generated. Building done
After this frustration led me to go through my harddrive deleting any reference to aiccu I could find and I then tried apparently too often to get it going because your (by the way not very friendly or constructive) robot deactivated me. I can obviously understand that there are people out there who might missue your service, but I am not one of them. I answered the robot mail and asked how to go about uninstalling aiccu completely so that I can start over, but as I dont know if you follow up answers tot he robot I thought it best to return here in the hope that you are still willing to help.

Please note Posting is only allowed when you are logged in.

Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker