|
AYIYA tunnel not working
![[lu]](/s/countries/lu.gif) Shadow Hawkins on Monday, 01 September 2014 13:44:58
Hi all,
I have just setup a new tunnel. After a bit of fiddling (TUN driver installation, etc), I'm able to start the AICCU utility. However, I cannot get any connectivity to the outside world with IPv6.
OS: Windows 7 64b
NAT: Yes
aiccu.conf
username XXX
password XXX
tunnel_id TXXX
verbose true
automatic true
ipv6_interface aiccu
PoP: https://www.sixxs.net/pops/ptlu/ (marked as "Up" at this time)
netsh int ipv6 show address
...
Interface 29: aiccu
Addr Type DAD State Valid Life Pref. Life Address
--------- ----------- ---------- ---------- ------------------------
Manual Preferred infinite infinite 2001:7e8:2200:63::2
Other Preferred infinite infinite fe80::2109:b2f:1149:3334%29
netsh int ipv6 show route
Publish Type Met Prefix Idx Gateway/Interface Name
------- -------- --- ------------------------ --- ------------------------
Yes Manual 256 ::/0 29 2001:7e8:2200:63::1
No Manual 256 ::1/128 1 Loopback Pseudo-Interface 1
No Manual 256 2001:7e8:2200:63::/64 29 aiccu
No Manual 256 2001:7e8:2200:63::2/128 29 aiccu
No Manual 256 fe80::/64 28 IP6Tunnel
No Manual 256 fe80::/64 24 VirtualBox Host-Only Network
No Manual 256 fe80::/64 18 Local Area Connection 2
No Manual 256 fe80::/64 29 aiccu
No Manual 256 fe80::/64 15 Wireless Network Connection 2
No Manual 256 fe80::/64 25 Wireless Network Connection 3
No Manual 256 fe80::e:2c9f:7f72:6609/128 24 VirtualBox Host-Only Network
No Manual 256 fe80::2109:b2f:1149:3334/128 29 aiccu
No Manual 256 fe80::2138:5bd3:9a83:b368/128 25 Wireless Network Connection 3
No Manual 256 fe80::306f:e03b:907e:b432/128 28 IP6Tunnel
No Manual 256 fe80::41cf:538d:c6d2:1e0d/128 18 Local Area Connection 2
No Manual 256 fe80::682a:7fb:452a:ba2c/128 15 Wireless Network Connection 2
No Manual 256 ff00::/8 1 Loopback Pseudo-Interface 1
No Manual 256 ff00::/8 28 IP6Tunnel
No Manual 256 ff00::/8 24 VirtualBox Host-Only Network
No Manual 256 ff00::/8 18 Local Area Connection 2
No Manual 256 ff00::/8 29 aiccu
No Manual 256 ff00::/8 15 Wireless Network Connection 2
No Manual 256 ff00::/8 25 Wireless Network Connection 3
I tried running aiccu-2012-02-02-windows-console.exe autotest (or just test), but I don't get anything meaningful. I don't get anything like https://www.sixxs.net/tickets/?msg=tickets-3370881 . However, I tried some of the tests manually:
- I can ping my pop in IPv4: ping -4 lulux01.sixxs.net
- I can tracerout to it as well: tracert -4 lulux01.sixxs.net
- I can ping localhost: ping -6 ::1
- I can ping my endpoint: ping -6 2001:7e8:2200:63::2
- I can't ping my PoP: ping -6 2001:7e8:2200:63::1
From there, things go downhill. I cannot traceroute to the PoP, ping an external IPv6 server or contact it on HTTP.
Wireshark shows that the ICMPv6 requests are leaving on the right interface. HTTP requests from Firefox too (SYN is sent, never gets the ACK).
I have disabled my Windows firewall and NOD32 altogether, but cannot guarantee that my network administrator isn't blocking something else (although they have unblocked access according to https://www.sixxs.net/faq/connectivity/?faq=firewalled ). Since the tunnel is established, could the firewall still be an issue?
Any idea or other input you would need?
Thanks.
AYIYA tunnel not working
No Manual 256 fe80::/64 28 IP6Tunnel
Where is that from?
- I can't ping my PoP: ping -6 2001:7e8:2200:63::1
And if you would check the Live Tunnel page you would see that the PoP also did not receive a single packet.
You might want to start checking things like firewalls.
From there, things go downhill
Not downhill. If you can't reach the PoP you simply do not have connectivity.
I have disabled my Windows firewall and NOD32 altogether,
Ah NOD32... you might want to uninstall that software completely.
Check this thread from 11 years ago:
It was my anti-virus program NOD32 that blocked IE from working with ipv6. Simply disabling the program didn't help, I had to completely remove it. :(
or this from two years ago:
IPv6 select fails error on windows XP (NOD32 blocks IPv6)
In most situations it is just outdated and pretty useless altogether, as one random datasource:
http://www.av-comparatives.org/wp-content/uploads/2013/09/avc_fdt_201309_en.pdf
AYIYA tunnel not working
Shadow Hawkins on Tuesday, 02 September 2014 10:19:07> No Manual 256 fe80::/64 28 IP6Tunnel
Where is that from?
No idea. Possibly from another VPN client. I'm tempted to remove it, but I don't think it's linked to my issue.
> - I can't ping my PoP: ping -6 2001:7e8:2200:63::1
And if you would check the Live Tunnel page you would see that the PoP also did not receive a single packet.
I had not checked but I thought as much. Obviously, it never received the heartbeat either.
You might want to start checking things like firewalls.
OK, thanks.
> From there, things go downhill
Not downhill. If you can't reach the PoP you simply do not have connectivity.
Bad choice of words :)
I meant that since I couldn't reach that point, I did not expect other tests to work.
> I have disabled my Windows firewall and NOD32 altogether,
Ah NOD32... you might want to uninstall that software completely.
Check this thread from 11 years ago:
It was my anti-virus program NOD32 that blocked IE from working with ipv6. Simply disabling the program didn't help, I had to completely remove it. :(
or this from two years ago:
IPv6 select fails error on windows XP (NOD32 blocks IPv6)
In most situations it is just outdated and pretty useless altogether, as one random datasource:
http://www.av-comparatives.org/wp-content/uploads/2013/09/avc_fdt_201309_en.pdf
I can't. Company policy.
From what you're saying, I guess that the problem is not linked to the tunnel at all. I'll see what I can do about bypassing NOD32 and/or the firewall.
Thanks a lot for your feedback.
AYIYA tunnel not working
No idea. Possibly from another VPN client. I'm tempted to remove it, but I don't think it's linked to my issue.
Debugging becomes really tricky when there are possibly affecting problems there...
I can't. Company policy.
If it is company policy to not run a working viruschecker, then it is likely also company policy to not allow public access / tunnelling on that host.
Which might be another reason why things do not work: your company is explicitly blocking it.
You really should not be attempting to bypass company policy; people sometimes get fired for that as they open up the company to possible external attacks.
Hence, before you go any further, talk to your IT department, which you should have done already anyway to ask why they do not have IPv6 in their network yet.
AYIYA tunnel not working
Shadow Hawkins on Tuesday, 02 September 2014 13:04:44> No idea. Possibly from another VPN client. I'm tempted to remove it, but I don't think it's linked to my issue.
Debugging becomes really tricky when there are possibly affecting problems there...
Yes. I will delete the rule and try again. You never know.
> I can't. Company policy.
If it is company policy to not run a working viruschecker, then it is likely also company policy to not allow public access / tunnelling on that host.
Which might be another reason why things do not work: your company is explicitly blocking it.
You really should not be attempting to bypass company policy; people sometimes get fired for that as they open up the company to possible external attacks.
No, it's OK. They know everything about this and it was their idea to open up a tunnel. I wouldn't reach the TIC server without their help (the port was firewalled).
Speaking of which, do you see what kind of rule would block the tunnel? For example, would blocking ICMPv6 at the edge of the network cause the ping requests that go through the tunnel to fail? I have already requested that they re-check the UDP ports mentioned in the FAQ.
Thank for your concern, though.
Hence, before you go any further, talk to your IT department, which you should have done already anyway to ask why they do not have IPv6 in their network yet.
Our ISP doesn't seem to provide IPv6 access, and I think our infrastructure team hasn't had the need to seek an alternative until now.
AYIYA tunnel not working
Speaking of which, do you see what kind of rule would block the tunnel?
As we do not operate your infrastructure, we have no idea what kind of rules are in place.
I have already requested that they re-check the UDP ports mentioned in the FAQ.
Your problem is already locally on your host: NOD32 causes all IPv6 packets to be dropped.
Our ISP doesn't seem to provide IPv6 access,
Did you contact them, it is 2014...
AYIYA tunnel not working
Shadow Hawkins on Wednesday, 03 September 2014 09:40:21> Speaking of which, do you see what kind of rule would block the tunnel?
As we do not operate your infrastructure, we have no idea what kind of rules are in place.
Bad ones. The rules that allow UDP traffic to the PoP on the AYIYA port had been incorrectly set up.
The tunnel is now working perfectly :)
> I have already requested that they re-check the UDP ports mentioned in the FAQ.
Your problem is already locally on your host: NOD32 causes all IPv6 packets to be dropped.
It doesn't anymore, apparently. After trying on a Debian box to rule out the AV issue, I retried on my original setup and it works just as fine.
> Our ISP doesn't seem to provide IPv6 access,
Did you contact them, it is 2014...
Not for everyone, apparently.
Thanks a lot for your support. Everything works now.
|
![[ch]](/s/countries/ch.gif)
on Monday, 01 September 2014 14:01:53
Posting is only allowed when you are