|
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
![[de]](/s/countries/de.gif) Shadow Hawkins on Sunday, 20 April 2014 11:47:27
Dear all,
I had a AYIYA tunnel running on my Linux box behind a Fritzbox for several years now, though not using it very intensively.
Now I switched to a new Fritzbox 7390 which supports SIXXS natively.
I had to request a new tunnel from SIXXS with heartbeat support as the FB does not support AYIYA apparently.
After receiving the new tunnel information the Fritzbox sets up the tunnel correctly.
I've made all relevant changes to the Fritzbox as mentioned at http://service.avm.de/support/de/SKB/FRITZ-Box-7390/1239:IPv6-Subnetz-im-FRITZ-Box-Heimnetz-einrichten
Currently my Linux box gets a IPv6 address from the FB and also my Windows machine retrieves an address. However I am not able to connect to any IPv6 only website and the test pages in the internet also tell me that I am using IPv4 only. I cannot even ping an IPv6 address. What am I doing wrong?
Additional information:
The DHCP server for IPv4 is DISABLED on my FB, as this is performed by my Linux box. The Linux box does NOT handle IPv6 DHCP, this in turn is done by the Fritzbox
(see URL from service.avm.de for details)
I disabled the radvd daemon on the Linux box, as I understood, that this will be done by the FB? Correct? In addition I added IPv6 bindings to bind9 so it listens to IPv6 DNS requests as well.
Could it be that there is some problem due to the two DHCP servers? I've never used the DHCP server for IPv4 on the FB, and always used by Linux box for doing so.
I cannot even ping the IPv6 address of my FB from the machines in the LAN.
xxx@yyy:~$ ping6 2001:4dd0:ff00:18c9::2
connect: Network is unreachable
xxx@yyy:~$
Could it be that there is a problem, because the IPv6 address of the FB does not seem to be in the network of the IPv6 prefix?
Fritzbox:
---------
"verbunden seit xxx,
IPv6-Adresse: 2001:4dd0:ff00:18c9::2, Gltigkeit: 4294967295/4294967295s,
IPv6-Prfix: 2001:4dd0:ff00:98c9::/64, Gltigkeit: 4294967295/4294967295s
"
Windows box:
------------
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : asgard.de
Description . . . . . . . . . . . : Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
Physical Address. . . . . . . . . : 00-24-8C-FE-59-0B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:4dd0:ff00:98c9:b585:f915:8c91:a95a(Preferred)
Lease Obtained. . . . . . . . . . : Sonntag, 20. April 2014 09:35:12
Lease Expires . . . . . . . . . . : Sonntag, 20. April 2014 13:35:11
Link-local IPv6 Address . . . . . : fe80::b585:f915:8c91:a95a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sonntag, 20. April 2014 09:35:35
Lease Expires . . . . . . . . . . : Sonntag, 20. April 2014 21:35:34
Default Gateway . . . . . . . . . : 192.168.0.253
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 234890380
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-90-AA-8D-00-24-8C-FE-59-0B
DNS Servers . . . . . . . . . . . : 192.168.0.1
192.168.0.30
--> no IPv6 servers? Is this ok?
Primary WINS Server . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\xxx>route -6 print
===========================================================================
Interface List
17...00 ff 64 40 42 c9 ......TAP-Windows Adapter V9
11...00 24 8c fe 59 0b ......Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
1...........................Software Loopback Interface 1
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 266 2001:4dd0:ff00:98c9:b585:f915:8c91:a95a/128
On-link
11 266 fe80::/64 On-link
11 266 fe80::b585:f915:8c91:a95a/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
nslookup ipv6.google.com
Server: xxx
Address: 192.168.0.1
Non-authoritative answer:
Name: ipv6.l.google.com
Address: 2a00:1450:4008:c01::71
Aliases: ipv6.google.com
ping -6 ipv6.google.com
Ping request could not find hot ipv6.google.com: please check the name and try again
Linux Box:
----------
xxx@yyy:~$ ifconfig
br0 Link encap:Ethernet HWaddr 00:24:8c:4c:b0:d7
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::224:8cff:fe4c:b0d7/64 Scope:Link
inet6 addr: 2001:4dd0:ff00:98c9:224:8cff:fe4c:b0d7/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:34240083 errors:0 dropped:0 overruns:0 frame:0
TX packets:32490285 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30072623746 (30.0 GB) TX bytes:31073331847 (31.0 GB)
xxxi@yyy:~$ route -n -6
Kernel IPv6 routing table
Destination Next Hop Flag Met Ref Use If
2001:4dd0:ff00:98c9::/64 :: U 256 0 0 br0
fe80::/64 :: U 256 0 0 tap0
fe80::/64 :: U 256 0 0 br0
::/0 :: !n -1 1530382 lo
::1/128 :: Un 0 171457796 lo
2001:4dd0:ff00:98c9::/128 :: Un 0 1 0 lo
2001:4dd0:ff00:98c9:224:8cff:fe4c:b0d7/128 :: Un 0 1 6 lo
fe80::/128 :: Un 0 1 0 lo
fe80::/128 :: Un 0 1 0 lo
fe80::224:8cff:fe4c:b0d7/128 :: Un 0 1 288 lo
fe80::4cf:9ff:fe31:8a81/128 :: Un 0 1 0 lo
ff00::/8 :: U 256 0 0 tap0
ff00::/8 :: U 256 0 0 br0
::/0 :: !n -1 1530382 lo
Any support is greatly appreciated!
BR
Markus
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Now I switched to a new Fritzbox 7390 which supports SIXXS natively. I had to request a new tunnel from SIXXS with heartbeat support as the FB does not support AYIYA apparently.
You don't have to request a new tunnel. Tunnel types can be changed in the webinterface.
I disabled the radvd daemon on the Linux box, as I understood, that this will be done by the FB? Correct?
You can run radvd on the Linux box, you will then have to force the gateway to the FB.
You then also have to teach the Linux radvd to be able to tell that there is a DHCPv6 server.
If the FB supports that setup is a good question that likely only AVM can answer or trial and error.
Just note that for DHCPv6 you also need RA.
Could it be that there is some problem due to the two DHCP servers?
DHCPv4 and DHCPv6 are independent.
xxx@yyy:~$ ping6 2001:4dd0:ff00:18c9::2 connect: Network is unreachable
That tells you the answer already: no route.
Could it be that there is a problem, because the IPv6 address of the FB does not seem to be in the network of the IPv6 prefix?
The 2001:4dd0:ff00:18c9::2 address is on the tunnel interface; hence you need routing for it to work.
Linux Box:
You have no default route here, this is the problem. Your RA/DHCP setup should give that. Check the Fritz!Box settings for this. This might be because your host (Windows) does not support DHCPv6 while you might have enabled it.
11 266 2001:4dd0:ff00:98c9:b585:f915:8c91:a95a/128
Interesting, only a /128, no /64 for that prefix. Thus maybe you are receiving this prefix over DHCPv6 but you did not configure a gateway in there.
Linux box:
inet6 addr: 2001:4dd0:ff00:98c9:224:8cff:fe4c:b0d7/64 Scope:Global
Looks better, but also no default route through the FB. This might be because you have enabled forwarding on the host (check sysctl's etc)
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Sunday, 20 April 2014 14:09:22
Hi Jeroen,
Jeroen Massar wrote:
> Now I switched to a new Fritzbox 7390 which supports SIXXS natively.
Oh, good to hear... Didn't know that
I had to request a new tunnel from SIXXS with heartbeat support as the FB does not support AYIYA apparently.
You don't have to request a new tunnel. Tunnel types can be changed in the webinterface.
> I disabled the radvd daemon on the Linux box, as I understood, that this will be done by the FB? Correct?
You can run radvd on the Linux box, you will then have to force the gateway to the FB.
You then also have to teach the Linux radvd to be able to tell that there is a DHCPv6 server.
If the FB supports that setup is a good question that likely only AVM can answer or trial and error.
Just note that for DHCPv6 you also need RA.
So... if I understood correctly it is likely that AVM included a radvd on the FB it self? What startled me, is that I needed to configure the NICs on the Win and the Linux box for DHCP. As far as I remember, when I had radvd running on the box before with aiccu, all devices configured themselves fully automatic.
> Could it be that there is some problem due to the two DHCP servers?
DHCPv4 and DHCPv6 are independent.
Thats good to know
> xxx@yyy:~$ ping6 2001:4dd0:ff00:18c9::2
Yes, I also asumme that no routes have been setup up or not correctly. The question is: how would I change this? On the FB there was no way of actually defining any routes. Why do I even have to do this? I thought IPv6 was doing all this "automatically"?
Can you tell me how to properly set the "default route" for IPv6?
connect: Network is unreachable
That tells you the answer already: no route.
Could it be that there is a problem, because the IPv6 address of the FB does not seem to be in the network of the IPv6 prefix?
The 2001:4dd0:ff00:18c9::2 address is on the tunnel interface; hence you need routing for it to work.
Linux Box:
You have no default route here, this is the problem. Your RA/DHCP setup should give that. Check the Fritz!Box settings for this. This might be because your host (Windows) does not support DHCPv6 while you might have enabled it.
> 11 266 2001:4dd0:ff00:98c9:b585:f915:8c91:a95a/128
Interesting, only a /128, no /64 for that prefix. Thus maybe you are receiving this prefix over DHCPv6 but you did not configure a gateway in there.
Linux box:
Will try to lookup some more info and re-enable radvd as well. Maybe this will fix it.
Thx
Markus
inet6 addr: 2001:4dd0:ff00:98c9:224:8cff:fe4c:b0d7/64 Scope:Global
Looks better, but also no default route through the FB. This might be because you have enabled forwarding on the host (check sysctl's etc)
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
So... if I understood correctly it is likely that AVM included a radvd on the FB it self?
Both radvd and dhcpdv6 are included.
What startled me, is that I needed to configure the NICs on the Win and the Linux box for DHCP. As far as I remember, when I had radvd running on the box before with aiccu, all devices configured themselves fully automatic.
RA is the minimum one needs, and unless autoconfiguration is disabled, will just work (given some router gives out prefixes with RA, eg using radvd).
DHCP has to be separately enabled in clients though, most of them do not support DHCPv6 properly anyway.
The question is: how would I change this? On the FB there was no way of actually defining any routes. Why do I even have to do this? I thought IPv6 was doing all this "automatically"?
It should do this automatically indeed; maybe something is messed up with the FB; you could try doing a full-reset or so.
Can you tell me how to properly set the "default route" for IPv6?
That is likely Fritz!Box dependent, hence no idea.
Will try to lookup some more info and re-enable radvd as well. Maybe this will fix it.
On the FB when you enable DHCPv6, they should automatically enable RA as well...
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Monday, 21 April 2014 11:10:06
Dear Jeroen,
I did some more investigations and this is what I found out.
- On the FB, no radvd process is running. I enabled telnet to the box and had a look around. Independent of the settings in the FB web UI, no radvd is launched.
- On the Linux side, I need to configure the IPv6 interface for DHCP and do a "dhclient -6 br0" in order to pick up my IPv6. Just waiting for some kind of RA does not succeed. Same goes for the Windows side.
- Though I get the IPs I won't get any route settings. I have to setup the routing manually via:
Linux:
sudo ip -6 route add default via fe80::a96:d7ff:fe76:154f dev br0
Windows:
route -p add ::/0 fe80::a96:d7ff:fe76:154f
Afterwards my IPv6 setup works as expected :-D
So in the end there is only the problem that the FB does not announce the default route to the home network.
Is it also possible to have radvd running on the Linux box and announce the FB as the default router? Or may radvd only be run on the actual gateway machine?
In the past I had something like that on the Linux box:
interface br0
{
AdvSendAdvert on;
prefix 2a01:198:2df::/64
{
};
route ::/0
{
};
};
which worked flawlessly when I still ran aiccu on the Linux box for setting up the tunnel. What will I have to add to the "route" command above in order to send the information that the FB (fe80::a96:d7ff:fe76:154f) is the "next hop"?
I googled but did not find useful information for my particular setup.
When I leave it like that and start radvd, the clients pick up the Linux box's link local address as the default gateway, which is not what I want.
Thx!
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Monday, 21 April 2014 11:11:22
Note: The prefix 2a01:198.... in the radvd.conf above is the prefix of my old subnet. I am aware that I will have to replace it with the proper prefix later on.
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
- On the FB, no radvd process is running. I enabled telnet to the box and had a look around. Independent of the settings in the FB web UI, no radvd is launched.
There does not have to be one; AVM has implemented a variety of tools themselves.
You really need to check the UI of the FB, it contains various GUI elements for this.
Did you maybe setup a Guest network, as that might cause the FB to require a /48 and not the /64 that you per default get...
- Though I get the IPs I won't get any route settings. I have to setup the routing manually via:
Routing setup (distribution of the default gateway) is done per RA.
Is it also possible to have radvd running on the Linux box and announce the FB as the default router? Or may radvd only be run on the actual gateway machine?
RA is also used to indicate that that gateway (router) is alive and able to forward packets.
Hence, it cannot be run on another host.
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Monday, 21 April 2014 12:34:13
Hi,
the link "http://service.avm.de/support/de/SKB/FRITZ-Box-7390/1239:IPv6-Subnetz-im-FRITZ-Box-Heimnetz-einrichten" describes a situation, where a second IPv6 router RT2 connects to another LAN2:
INTERNET ---- YOUR FRITZBOX 7390/RT1 ---LAN1--- RT2 ---LAN2
In this situation RT2 has to be configured to ask RT1 via DHCP-PD for an IPv6 address block (a /62) for use within LAN2 (a /64 out of this address block) and tell RT1 routing information within RA, so RT1 can dynamically learn an IPv6 route to LAN2 via RT2 (in the moment FRITZBOX allows the configuration of static IPv6 routes only via TELNET).
I'm not sure if this is what you want, probably not...
Here is the configuration I use with my FRITZ!Box 7390 and which works fine:
Internet | Zugangsdaten | IPv6:
[x] Unterstuetzung fr IPv6 aktiv
(o) Immer ein Tunnelprotokoll fuer die IPv6-Anbindung nutzen
Verbindungseinstellungen: Waehlen Sie ein Tunnelprotokoll
(o) SixXS (using TIC password here because having several tunnels)
Benutzername: NNNN-SIXXS/TYYYYY
Kennwort: *****
Tunnel-ID: TYYYYY
[x] MTU manuell einstellen: 1472 (PPPoE, must fit MTU settings within SixXS )
Internet | Zugangsdaten | DNS-Server:
DNSv6-Server
(o) Andere DNSv6-Server verwenden: (from https://www.sixxs.net/tools/dnscache/)
2001:16d8:aaaa:3::2
2001:1418:10:2::2
Heimnetz | Netzwerk | Netzwerkeinstellungen:
Weitere IPv6-Router im Heimnetzwerk
[ ] Auch IPv6-Prfixe zulassen, die andere IPv6-Router im Heimnetzwerk bekanntgeben
[x] DNSv6-Server auch ber Router Advertisement bekanntgeben (RFC 5006)
Praeferenz des FRITZ!Box DHCPv6-Servers: 0
Heimnetz | Netzwerk | IPv6-Adressen:
Unique Local Adresses:
(o) Unique Local Addresses (ULA) zuweisen, solange keine IPv6-Internetverbindung besteht (empfohlen)
[x] ULA-Prfix manuell festlegen: fd0d:zzzz:zzzz::/64
DHCPv6-Server im Heimnetz:
(o) DHCPv6-Server in der FRITZ!Box fr das Heimnetz aktivieren:
(o) Nur DNS-Server zuweisen
=================================================
With these settings my FRITZ!Box 7390 sends router advertisements and a client Windows configuration looks like this:
C:\>ipconfig /all
Windows-IP-Konfiguration
Hostname . . . . . . . . . . . . : QUAD1
Primres DNS-Suffix . . . . . . . :
Knotentyp . . . . . . . . . . . . : Hybrid
IP-Routing aktiviert . . . . . . : Nein
WINS-Proxy aktiviert . . . . . . : Nein
DNS-Suffixsuchliste . . . . . . . : fritz.box
Ethernet-Adapter ETHERNET:
Verbindungsspezifisches DNS-Suffix: fritz.box
Beschreibung. . . . . . . . . . . : Intel(R) 82566DC-2 Gigabit Network Connection
Physikalische Adresse . . . . . . : 00-1C-C0-dd-dd-dd
DHCP aktiviert. . . . . . . . . . : Ja
Autokonfiguration aktiviert . . . : Ja
IPv6-Adresse. . . . . . . . . . . : 2001:????:????:0:21c:c0ff:fedd:dddd(Bevorzugt)
Temporaere IPv6-Adresse . . . . . : 2001:????:????:0:3caf:324b:96b4:e4e5(Bevorzugt)
Verbindungslokale IPv6-Adresse . : fe80::21c:c0ff:fedd:dddd%11(Bevorzugt)
IPv4-Adresse . . . . . . . . . . : 192.168.178.3(Bevorzugt)
Subnetzmaske . . . . . . . . . . : 255.255.255.224
Lease erhalten. . . . . . . . . . : Montag, 21. April 2014 13:01:27
Lease laeuft ab . . . . . . . . . : Donnerstag, 1. Mai 2014 13:01:31
Standardgateway . . . . . . . . . : fe80::9ec7:a6ff:fe39:d15%11
192.168.178.1
DHCP-Server . . . . . . . . . . . : 192.168.178.1
DHCPv6-IAID . . . . . . . . . . . : 234888384
DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-19-52-66-0F-00-1C-C0-19-56-F3
DNS-Server . . . . . . . . . . . : fd0d:zzzz:zzzz:0:9ec7:a6ff:fe39:d15
192.168.178.1
NetBIOS ueber TCP/IP. . . . . . . : Aktiviert
The client learns the IPv6 default gateway (fe80::...) from RA sent by my FRITZ!Box as well as the IPv6-DNS-Server address (fd0d: ... the ULA address of my FRITZ!Box which is working as a DNS relay forwarding to SixXS DNS servers) via DHCPv6 information request. Addresses are autoconfigured via SLAAC.
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Thursday, 24 April 2014 19:03:50
Hi all,
thanks for these detailed configuration hints.
First of all, @Jeroen:
I checked the FB UI for the relevant IPv6 settings. No, I did not yet set up a guest network. OK, so I understand that I must not try to run radvd on the Linux box as well, as this will interfere with the FBs's RAs.
@Andreas:
I've checked all my settings and changed them according to your description:
There are however some slight differences:
"Benutzername: NNNN-SIXXS/TYYYYY" --> When I "/<TunnelID>" I get a "Check your PW" error message and the tunnel will not connect, if I leave the "/<TunnelID>" away (just the NNNN-SIXXS as username) the tunnel is setup.
I DID NOT set the MTU manually but I presume, that this has nothing to do with the problem, right? The MTU is on its default (Not ticked and 1280 bytes)
I've added the SIXXS' IPv6 DNS servers (was empty before) according to your description.
I did not check the "ULA-Prfix manuell festlegen: fd0d:zzzz:zzzz::/64". Is this needed?
All clients get the ULA-Prefix themselves automatically. (fe80:b5585:f915:.... (see above))
Apart from this, everything is exactly like your setup.
When I save this config, NO default route is advertised and I DO NOT get a 2001:????:????:???? anymore...
Why do you not provide the IPv6 prefix (2001:xxx:yyy:...) via the FB?
Fritzbox 7390, Fritz!OS 6.03...
Best regards,
Markus
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
"Benutzername: NNNN-SIXXS/TYYYYY" --> When I "/<TunnelID>" I get a "Check your PW" error message and the tunnel will not connect, if I leave the "/<TunnelID>" away (just the NNNN-SIXXS as username) the tunnel is setup.
You need to specify the per-tunnel password if you use that format.
See also FAQ: passwords
I've added the SIXXS' IPv6 DNS servers (was empty before) according to your description.
We actually kinda recommend against this. There is no need for them anymore now that Google + Wikipedia both publish AAAA records for everybody. Hence using your local resolver will be better, especially latency wise.
I did not check the "ULA-Prfix manuell festlegen: fd0d:zzzz:zzzz::/64". Is this needed? All clients get the ULA-Prefix themselves automatically. (fe80:b5585:f915:.... (see above))
I would stay away from ULA as much as possible, it just introduces strange routing/connection issues.
Just give everything a public IP and use a firewall or /dev/null-routing to stop access from places you do not want it from.
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Thursday, 24 April 2014 20:37:16
Just for clarification:
Even if you switch off ULA within FRITZ!Box ("do not assign ULA"), it always uses an ULA (default: fd00::<modified EUI64>, or if you specify the 40 bits next to fd as I did, the address fdxx:xxxx:xxxx:0:<modified EUI64>) to address its DNS forwarder. And this ULA is deployed as IPv6 DNS server address via stateful or stateless DHCPv6 or RDNSS, hence each automatically configured LAN client uses this ULA as IPv6 DNS server address.
The default setting concerning ULA is to deploy an ULA prefix only when there is no IPv6 Internet connection and hence no other global IPv6 prefix available. As soon as an IPv6 Internet connection is available the ULA prefix gets withdrawn and replaced by a the global prefix (derived from DHCP-PD or TIC in case of SixXS).
The third choice is to always deploy an ULA prefix even if another global prefix is available (I don't use this).
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Saturday, 26 April 2014 20:02:50
Hi Markus
I DID NOT set the MTU manually but I presume, that this has nothing to do with the problem, right? The MTU is on its default (Not ticked and 1280 bytes)
No, MTU setting has nothing to do with your problem. For details see MTU FAQ
I did not check the "ULA-Prfix manuell festlegen: fd0d:zzzz:zzzz::/64". Is this needed?
No, it isn't needed. For more details about ULA look here
All clients get the ULA-Prefix themselves automatically. (fe80:b5585:f915:.... (see above)
Addresses starting with fe80::... are link local addresses not ULA. With FRITZ!Box's standard settings an ULA prefix is only advertised (causing clients to autoconfigure ULA addresses fd...) if FRITZ!Box couldn't connect to the IPv6 Internet and hence no other global IPv6 prefix is available.
Why do you not provide the IPv6 prefix (2001:xxx:yyy:...) via the FB?
If I look into my FRITZ!Box configuration I can't find any setting where I could configure the IPv6 prefix for use inside my LAN. Obviously this prefix must come automatically, e.g. via DHCP-PD in case of native IPv6 Internet access or via TIC in case of your Heartbeat SixXS tunnel.
Fritzbox 7390, Fritz!OS 6.03...
Same here.
Andreas
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Saturday, 26 April 2014 21:34:15
For illustration purposes I'll add a TIC conversation I derived from a packet trace I did within FRITZ!Box (using http://fritz.box/html/capture.html) about one year ago while FRITZ!Box was performing an IPv6 connection setup:
200 SixXS TIC Service on nlhaa01.sixxs.net ready (http://www.sixxs.net)
client TIC/draft-00 FRITZ!Box/84.05.50 Linux/2.6.28.10
200 Client Identity accepted
get unixtime
200 1369935269
username UUUU-SIXXS/Tnnnnn
200 UUUU-SIXXS/Tnnnnn choose your authentication challenge please
challenge md5
200 b891f847af5fe617d0d6ba3ef53c283d
authenticate md5 xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
200 Successfully logged in using md5 as UUUU-SIXXS (my name)
tunnel show Tnnnnn
201 Showing tunnel information for Tnnnnn
TunnelId: Tnnnnn
Type: 6in4-heartbeat
IPv6 Endpoint: 2001:4dd0:tttt:tttt::2
IPv6 POP: 2001:4dd0:tttt:tttt::1
IPv6 PrefixLength: 64
Tunnel MTU: 1472
Tunnel Name: PRIVATE
POP Id: decgn01
IPv4 Endpoint: heartbeat
IPv4 POP: 78.35.24.124
UserState: enabled
AdminState: enabled
Password: xxxxxxxxxxxxxxxxxxxxxxxxxxxx
Heartbeat_Interval: 60
202 Done
route list
201 Listing routes
Rrrrrrr Tnnnnn 2001:4dd0:pppp::/48
202 <route_id> <tunnel_id> <route_prefix>
QUIT thank you
200 Thank you for using this SixXS Service
Here you can see that the IPv6 addresses I can use within my LAN come from the 'route list' request with a '2001:4dd0:pppp::/48' reply (in your case with your new tunnel this should be 2001:4dd0:ff00:98c9::/64). Hence from this address range my FRITZ!Box forms a 2001:4dd0:pppp:0::/64 prefix and advertises it within RA into my LAN (Wireshark trace, specific to my FRITZ!Box configuration as described within my first posting):
No. Time Source Destination Protocol Length Info
1819 528.504183000 fe80::9ec7:a6ff:fe39:d15 ff02::1 ICMPv6 166 Router Advertisement from 9c:c7:a6:39:0d:15
Frame 1819: 166 bytes on wire (1328 bits), 166 bytes captured (1328 bits) on interface 0
Ethernet II, Src: Avm_39:0d:15 (9c:c7:a6:39:0d:15), Dst: IPv6mcast_00:00:00:01 (33:33:00:00:00:01)
Internet Protocol Version 6, Src: fe80::9ec7:a6ff:fe39:d15 (fe80::9ec7:a6ff:fe39:d15), Dst: ff02::1 (ff02::1)
Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0x2aa7 [correct]
Cur hop limit: 255
Flags: 0x48
0... .... = Managed address configuration: Not set
.1.. .... = Other configuration: Set
..0. .... = Home Agent: Not set
...0 1... = Prf (Default Router Preference): High (1)
.... .0.. = Proxy: Not set
.... ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0
ICMPv6 Option (Prefix information : 2001:4dd0:pppp::/64)
Type: Prefix information (3)
Length: 4 (32 bytes)
Prefix Length: 64
Flag: 0xc0
1... .... = On-link flag(L): Set
.1.. .... = Autonomous address-configuration flag(A): Set
..0. .... = Router address flag(R): Not set
...0 0000 = Reserved: 0
Valid Lifetime: 7200
Preferred Lifetime: 3600
Reserved
Prefix: 2001:4dd0:pppp:: (2001:4dd0:pppp::)
ICMPv6 Option (Recursive DNS Server fd0d:cf1e:63ee:0:9ec7:a6ff:fe39:d15)
Type: Recursive DNS Server (25)
Length: 3 (24 bytes)
Reserved
Lifetime: 1200
Recursive DNS Servers: fd0d:cf1e:63ee:0:9ec7:a6ff:fe39:d15 (fd0d:cf1e:63ee:0:9ec7:a6ff:fe39:d15)
ICMPv6 Option (MTU : 1472)
Type: MTU (5)
Length: 1 (8 bytes)
Reserved
MTU: 1472
ICMPv6 Option (Route Information : High ::/0)
Type: Route Information (24)
Length: 1 (8 bytes)
Prefix Length: 0
Flag: 0x08
...0 1... = Route Preference: High (1)
000. .000 = Reserved: 0
Route Lifetime: 1800
ICMPv6 Option (Route Information : High 2001:4dd0:pppp::/64)
Type: Route Information (24)
Length: 2 (16 bytes)
Prefix Length: 64
Flag: 0x08
...0 1... = Route Preference: High (1)
000. .000 = Reserved: 0
Route Lifetime: 1800
Prefix: 2001:4dd0:pppp:: (2001:4dd0:pppp::)
ICMPv6 Option (Source link-layer address : 9c:c7:a6:39:0d:15)
Type: Source link-layer address (1)
Length: 1 (8 bytes)
Link-layer address: Avm_39:0d:15 (9c:c7:a6:39:0d:15)
From this information a LAN client especially learns:
IPv6 default gateway (from source address of RA and because 'Router lifetime' > 0): fe80::9ec7:a6ff:fe39:d15 (with MAC address 9c:c7:a6:39:0d:15 from 'Source link-layer address' option)
From Flags: M=0, O=1: Do SLAAC (no stateful DHCPv6) and ask for other parameters (DNS servers) via stateless DHCPv6.
Advertised Prefix: 2001:4dd0:pppp::/64 with L=1 (being 'on link') and A=1 (do address autoconfiguration and form your address from this prefix)
MTU=1472
With Windows 7 clients RDNSS is not used to learn IPv6 DNS Server (fd0d:cf1e:63ee:0:9ec7:a6ff:fe39:d15) because RDNSS is not supported with Win7. Instead stateless DHCPv6 (information request) is uses to learn this information.
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Tuesday, 29 April 2014 21:16:38
Hi,
thanks for you continued support in remediating this AVM strangeness ;-)
Sorry for the delay in my reply.
Yes, by "Why do you not set the 2001:... prefix automatically" I meant: Why do you not allow the FB to issue the prefix via DHCPv6. Yes, the prefix seems to be auto-configured with the info from SIXXS. You cannot specify the prefix implicitly.
I"ll try to investigate further why the clients do not pick up the default router, especially if a wireshark dump will show, that the FB actually send the corresponding announcement. I"ve already tried sniffing on the wire once, but I wasn't able to pick up relevant packets. Will check again. I presume you only set "dhcpv6" as the filter? (If I remember correctly)
If it won't turn out, it is not to bad: I can always configure the static route for the default gateway manually, but as always: "If it is considered to do this automatically lets tweak it until it does so" :-)
BR
Markus
Sixxs via Fritzbox 7390 - Tunnel is up and running but not able to connect any IPv6 site.
Shadow Hawkins on Wednesday, 30 April 2014 20:49:39
Hi,
Why do you not allow the FB to issue the prefix via DHCPv6?
In contrast to DHCPv4, which has options for "Subnet Mask" and "Default Gateway", these options are missing in DHCPv6 by design. DHCPv6 only issues 128 bit IPv6 addresses without saying where the network part ends and the host identifier starts (there is no default for a client saying: /64).
Hence DHCPv6 must always be paired with a router interface sending router advertisements (RA), which DHCPv6 clients use to learn the prefix (equivalent to DHCPv4 "Subnet Mask" option) and the default gateway (source address of the RA, always the link lokal address of the router interface, equivalent to DHCPv4 "Default Gateway" option). Ideally the A-flag of the advertised prefix should be set to "0" to prevent a DHCPv6 client to derive a second IPv6 address via SLAAC in addition to the IPv6 address it got through DHCPv6.
The routing tables of your DHCPv6 clients show that there is neither a default route nor an entry for the global prefix (/64). This clearly proves that the client didn't receive any RA.
This may be due to local reasons hence I would recommend that you reset the IPv6 stack of your Windows clients to Windows defaults:
1. Open a command prompt with administrative rights.
2. Enter the following command: netsh int ipv6 reset
3. Restart the computer.
If this does not solve the problem, you should check if your FRITZ!Box is sending RA.
I've already tried sniffing on the wire once, but I wasn't able to pick up relevant packets. Will check again. I presume you only set "dhcpv6" as the filter?
When Wireshark is sniffing you should set the filter icmpv6.type==134 to see only RA. Be patient, it may last up to about 10 minutes until you see an RA arriving. If you want to save an RA as text file you can do it this way:
Mark the packet and select File | Export Packet Dissections | as "Plain Text" file - "Export File" dialogue opens: Select the following here:
Packet Range: (o) Selected packet
Packet Format: [x] Packet details: All expanded
If no RA are seen, you can try to trace the TIC dialogue your FRITZ!box executes when setting up the SixXS tunnel, in order to see if it works the same as the example I posted earlier. Do the following:
Open two tabs within your browser. In one tab connect to
http://fritz.box/html/capture.html
and login to your FRITZ!Box. Press "Start" for "1. Internetverbindung" and wait until a file store dialoge appears. Select storing the file "fritzbox-vcc0_<date>_<time>.eth" to your local disk. After this FRITZ!Box traces your Internet connection and writes the results straight into your local eth file.
Change to the other browser tab and connect to http://fritz.box. Select "Internet | Online-Monitor" and press "Neu verbinden".
FRITZ!Box stopps Internet Connection and reconnects to the Internet this way also reestablishing the SixXS tunnel.
When done (IPv6 Internet Connection ready) change back to the other browser tab and press "Stopp" to stop packet tracing.
Open the locally stored eth file with Wireshark. Look for TCP packets with port 3874 (sixxsconfig). Right click such a packet and select "Follow TCP stream" from the context menu. In a new window you will see the TIC conversation you can copy and paste here.
PT
|
![[ch]](/s/countries/ch.gif)
on Sunday, 20 April 2014 12:03:15
Posting is only allowed when you are