SixXS::Sunset 2017-06-06

Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Tuesday, 03 February 2015 13:40:05
Issue: IPv6 not working on LAN Devices. Unable to ping my provided PoP IPv6 or My IPv6 address provided. Also unable to ping using the ping -6 flag (e.g. 'ping google.com -6' returns no successful results - request timed out). My OpenWRT router can ping the PoP and it's own IPv6 address fine. Have I made a mistake in my config file? ###### /etc/config/network settings ####### config interface 'lan' option ifname 'eth0.1' option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option dns '111.118.***.**8 118.127.***.*** 119.63.***.***' option ip6addr '2001:****:****:**::3/62' option ip6gw '2001:****:****:**::1' config interface 'wan' option ifname 'eth1' option _orig_ifname 'eth1' option _orig_bridge 'false' option proto 'pppoe' option username '*******' option password '*******' option peerdns '0' option dns '111.118.175.56 118.127.33.48 119.63.213.7' config interface 'wan6' option ifname @wan option proto '6in4' option mtu '1280' option peeraddr '66.**.***.**' option ip6addr '2001:****:****:**::2/64' option ip6prefix '2001:****:****:****::/64' option tunnelid 'T******'
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Tuesday, 03 February 2015 13:44:22
I forgot to mention above, I can not ping google from OpenWRT. ############## root@OpenWrt:~# traceroute google.com -6 traceroute to google.com (2404:6800:4006:801::200e), 30 hops max, 16 byte packets 1 2001:****:****:**::3 (2001:****:****:**::3) 2998.771 ms !H 2994.697 ms !H 2999.640 ms !H root@OpenWrt:~# ping google.com -6 PING google.com (2404:6800:4006:801::200e): 56 data bytes
Open WRT Config Issues - Barrier Breaker r39296
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 February 2015 16:47:08
1 2001:****:****:**::3 (2001:****:****:**::3) 2998.771 ms !H 2994.697 ms !H 2999.640 ms !H
That is your host telling you it cannot reach anything. Check with 'ip -6 ro show" what your routing really looks like. Also, masking out all the addresses, is very very useless as it won't uncover anything odd there either.
Open WRT Config Issues - Barrier Breaker r39296
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 February 2015 16:45:54
My OpenWRT router can ping the PoP and it's own IPv6 address fine.
Are you sure that "the PoP" is really "the PoP"? Check latency and routing. Note that the 'written config' might not match the 'running config'. As OpenWRT is just another Linux, check with "ip -6 ro show" and friends what the real details are.
option ip6addr '2001:****:****:**::3/62'
A /62, are you sure about that? Very few setups use anything else but a /64.
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Tuesday, 03 February 2015 19:42:41
Jeroen Massar wrote:
> My OpenWRT router can ping the PoP and it's own IPv6 address fine. Are you sure that "the PoP" is really "the PoP"? Check latency and routing. Note that the 'written config' might not match the 'running config'. As OpenWRT is just another Linux, check with "ip -6 ro show" and friends what the real details are.
option ip6addr '2001:****:****:**::3/62'
A /62, are you sure about that? Very few setups use anything else but a /64.
The /62 was a typo that I missed, sorry about that (I was doing this setup very late at night after a long day when I really shouldn't have been touching computers haha). I have fixed this up now. I have been rebooting after making config changes to make sure the changes have been applied. See below ipv6 routing table results: root@OpenWrt:~# ip -6 ro show 2001:4830:1300:10::/64 dev br-lan proto kernel metric 256 2001:4830:1300:10::/64 dev 6in4-wan6 proto kernel metric 256 unreachable 2001:4830:1300:8010::/64 dev lo proto static metric 2147483647 error -128 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev br-lan proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev ifb0 proto kernel metric 256
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Tuesday, 03 February 2015 19:52:19
Jeroen Massar wrote:
> My OpenWRT router can ping the PoP and it's own IPv6 address fine. Are you sure that "the PoP" is really "the PoP"? Check latency and routing. Note that the 'written config' might not match the 'running config'. As OpenWRT is just another Linux, check with "ip -6 ro show" and friends what the real details are.
option ip6addr '2001:****:****:**::3/62'
A /62, are you sure about that? Very few setups use anything else but a /64.
Since my last post I have changed the IPv6 Prefix. New results below. root@OpenWrt:~# ip -6 ro show 2001:4830:1300:10::/64 dev br-lan proto kernel metric 256 2001:4830:1300:10::/64 dev 6in4-wan6 proto kernel metric 256 unreachable 2001:4830:1300:10::/64 dev lo proto static metric 2147483647 error -128 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev br-lan proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev ifb0 proto kernel metric 256
Open WRT Config Issues - Barrier Breaker r39296
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 February 2015 21:41:25
[..]
root@OpenWrt:~# ip -6 ro show
2001:4830:1300:10::/64 dev br-lan proto kernel metric 256
That is a tunnel prefix, why do you have that on your local network? Note that you have a _routed_ subnet 2001:4830:1300:8010::/64 which should be here.
2001:4830:1300:10::/64 dev 6in4-wan6 proto kernel metric 256
That is the same prefix, which belongs on a tunnel interface, hence this one looks okay (if 6in4-wan6 is your tunnel interface).
unreachable 2001:4830:1300:10::/64 dev lo proto static metric 2147483647 error -128
Why do you have a null route too for this prefix? Likely similar to having the wrong prefix as the LAN prefix... Fix that up and things should change over. Note that you are then still missing a default prefix (could be related to the double prefix, hence fix that first).
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Wednesday, 04 February 2015 10:38:25
Jeroen Massar wrote:
[..]
root@OpenWrt:~# ip -6 ro show
2001:4830:1300:10::/64 dev br-lan proto kernel metric 256
That is a tunnel prefix, why do you have that on your local network? Note that you have a _routed_ subnet 2001:4830:1300:8010::/64 which should be here.
2001:4830:1300:10::/64 dev 6in4-wan6 proto kernel metric 256
That is the same prefix, which belongs on a tunnel interface, hence this one looks okay (if 6in4-wan6 is your tunnel interface).
unreachable 2001:4830:1300:10::/64 dev lo proto static metric 2147483647 error -128
Why do you have a null route too for this prefix? Likely similar to having the wrong prefix as the LAN prefix... Fix that up and things should change over. Note that you are then still missing a default prefix (could be related to the double prefix, hence fix that first).
Halfway there now :) Routing table: root@OpenWrt:~# ip -6 ro show 2001:4830:1300:10::/64 dev 6in4-wan6 proto kernel metric 256 2001:4830:1300:8010::/64 dev br-lan proto kernel metric 256 unreachable 2001:4830:1300:8010::/64 dev lo proto static metric 2147483647 error -128 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev br-lan proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev ifb0 proto kernel metric 256 The rest of these results you probably don't need and can guess based on the above info. Router ping results. root@OpenWrt:~# ping 2001:4830:1300:10::1 PING 2001:4830:1300:10::1 (2001:4830:1300:10::1): 56 data bytes 64 bytes from 2001:4830:1300:10::1: seq=0 ttl=64 time=23.117 ms 64 bytes from 2001:4830:1300:10::1: seq=1 ttl=64 time=30.076 ms ^C --- 2001:4830:1300:10::1 ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 23.117/26.596/30.076 ms root@OpenWrt:~# root@OpenWrt:~# root@OpenWrt:~# root@OpenWrt:~# ping aubne01.sixxs.net -6 PING aubne01.sixxs.net (2001:4830:ab:7::2): 56 data bytes 64 bytes from 2001:4830:ab:7::2: seq=0 ttl=64 time=22.651 ms 64 bytes from 2001:4830:ab:7::2: seq=1 ttl=64 time=22.684 ms ^C --- aubne01.sixxs.net ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 22.651/22.667/22.684 ms root@OpenWrt:~# root@OpenWrt:~# root@OpenWrt:~# root@OpenWrt:~# ping google.com -6 PING google.com (2404:6800:4006:801::200e): 56 data bytes 64 bytes from 2404:6800:4006:801::200e: seq=0 ttl=56 time=37.327 ms 64 bytes from 2404:6800:4006:801::200e: seq=1 ttl=56 time=36.785 ms ^C --- google.com ping statistics --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 36.785/37.056/37.327 ms Windows Client Ping and Trace route results. C:\Users\*****>ping 2001:4830:1300:10::2 Pinging 2001:4830:1300:10::2 with 32 bytes of data: Reply from 2001:4830:1300:10::2: time<1ms Reply from 2001:4830:1300:10::2: time<1ms Reply from 2001:4830:1300:10::2: time<1ms Reply from 2001:4830:1300:10::2: time<1ms Ping statistics for 2001:4830:1300:10::2: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms C:\Users\*****>ping 2001:4830:1300:10::1 Pinging 2001:4830:1300:10::1 with 32 bytes of data: Destination port unreachable. Destination port unreachable. Destination port unreachable. Destination port unreachable. Ping statistics for 2001:4830:1300:10::1: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss), C:\Users\*****>tracert 2001:4830:1300:10::1 Tracing route to gw-17.bne-01.au.sixxs.net [2001:4830:1300:10::1] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 2001:4830:1300:8010::1 2 Destination protocol unreachable. Trace complete.
Open WRT Config Issues - Barrier Breaker r39296
[ch] Jeroen Massar SixXS Staff on Wednesday, 04 February 2015 13:18:36
unreachable 2001:4830:1300:8010::/64 dev lo proto static metric 2147483647 error -128
What causes that entry to be created? That will only mess up your LAN prefix (the route above it) You still do not have a default route. Also check 'ip -6 addr show' to see which addresses are assigned where. Quite likely you are using a '::' ending address somewhere.
The rest of these results you probably don't need and can guess based on the above info.
Which 'rest'?
64 bytes from 2001:4830:ab:7::2: seq=0 ttl=64 time=22.651 ms
How do you reach that address without a default route?
2 Destination protocol unreachable.
That could be a firewall rule
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Thursday, 05 February 2015 09:22:10
unreachable 2001:4830:1300:8010::/64 dev lo proto static metric 2147483647 error -128
What causes that entry to be created? That will only mess up your LAN prefix (the route above it)
You still do not have a default route.
Also check 'ip -6 addr show' to see which addresses are assigned where.
Quite likely you are using a '::' ending address somewhere.
I don't know.
The rest of these results you probably don't need and can guess based on the above info.
Which 'rest'?
The ping results that I posted after that sentence.
64 bytes from 2001:4830:ab:7::2: seq=0 ttl=64 time=22.651 ms
How do you reach that address without a default route?
I'm not sure, do these results help? root@OpenWrt:~# traceroute google.com -6 traceroute to google.com (2404:6800:4006:801::200e), 30 hops max, 16 byte packets 1 2001:4830:1300:10::1 (2001:4830:1300:10::1) 22.833 ms 20.483 ms 21.165 ms 2 aubne01.sixxs.net (2001:4830:ab:7::2) 23.545 ms 22.032 ms 21.207 ms 3 sixxs.bris01.occaid.net (2001:4830:ab:7::1) 21.212 ms 25.958 ms 21.014 ms 4 bbr01-g0-1.bris01.occaid.net (2001:4830:fd:641::1) 22.544 ms 22.506 ms 22.197 ms 5 bbr01-v264.sydn01.occaid.net (2001:4830:fd:640::2) 35.118 ms 35.298 ms 34.396 ms 6 ibr01-g0-1.sydn01.occaid.net (2001:4830:fd:644::2) 35.964 ms 35.878 ms 35.172 ms 7 15169.syd.equinix.com (2001:de8:6::1:5169:1) 36.646 ms 37.316 ms 36.207 ms 8 2001:4860::1:0:8613 (2001:4860::1:0:8613) 41.767 ms 36.015 ms 47.272 ms 9 2001:4860:0:1::789 (2001:4860:0:1::789) 35.514 ms 36.481 ms 36.160 ms 10 2404:6800:4006:801::200e (2404:6800:4006:801::200e) 36.898 ms 44.188 ms 36.070 ms
2 Destination protocol unreachable.
That could be a firewall rule
Any rules I should be adding on my router or PC?
Open WRT Config Issues - Barrier Breaker r39296
[ch] Jeroen Massar SixXS Staff on Thursday, 05 February 2015 09:58:55
[..]
Also check 'ip -6 addr show' to see which addresses are assigned where.
Quite likely you are using a '::' ending address somewhere.
I don't know.
Easily checked with 'ip -6 addr show' ;)
How do you reach that address without a default route?
I'm not sure, do these results help?
Checking 'ip -6 ro show' would be the best way to check this. You need a routing entry before routing can work.
2 Destination protocol unreachable.
That could be a firewall rule
Any rules I should be adding on my router or PC?
Depends on what you want to firewall. It can also just be some other kind of brokenness. Definitely check the firewall rules on your gateway though.
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Thursday, 05 February 2015 10:32:44
Jeroen Massar wrote:
[..]
Also check 'ip -6 addr show' to see which addresses are assigned where.
Quite likely you are using a '::' ending address somewhere.
I don't know.
Easily checked with 'ip -6 addr show' ;)
How do you reach that address without a default route?
I'm not sure, do these results help?
Checking 'ip -6 ro show' would be the best way to check this. You need a routing entry before routing can work.
2 Destination protocol unreachable.
That could be a firewall rule
Any rules I should be adding on my router or PC?
Depends on what you want to firewall. It can also just be some other kind of brokenness. Definitely check the firewall rules on your gateway though.
Sorry, I actually ran ip -6 addr show then when replying to your post forgot to include the results *facepalm*. root@OpenWrt:~# ip -6 addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::c43d:c7ff:fe8b:7e55/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qlen 1000 inet6 fe80::c63d:c7ff:fe8b:7e56/64 scope link valid_lft forever preferred_lft forever 11: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 inet6 2001:4830:1300:8010::1/64 scope global valid_lft forever preferred_lft forever inet6 fe80::c43d:c7ff:fe8b:7e55/64 scope link valid_lft forever preferred_lft forever 16: 6in4-wan6: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 inet6 2001:4830:1300:10::2/64 scope global valid_lft forever preferred_lft forever inet6 fe80::1b21:1a9/128 scope link valid_lft forever preferred_lft forever 17: ifb0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qlen 5 inet6 fe80::3434:43ff:fe41:1aba/64 scope link valid_lft forever preferred_lft forever Admittedly I never added any routing entries manually (this may be causing issues by the sounds of it?). Basically I've just followed the "6in4 tunnel (HEnet tunnelbroker, sixxs static tunnel, ...)" part of this page: http://wiki.openwrt.org/doc/uci/network6 Regarding how I want to firewall, typical home network setup really at this stage. Once I get the basics up and running I might worry about adding rules for more specific things. I'll do some further investigation into the firewall settings. By the way I will be on holidays in a couple days, so if I suddenly don't respond for a week that's why.
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Thursday, 05 February 2015 10:43:25
Jeroen Massar wrote:
[..]
Also check 'ip -6 addr show' to see which addresses are assigned where.
Quite likely you are using a '::' ending address somewhere.
I don't know.
Easily checked with 'ip -6 addr show' ;)
How do you reach that address without a default route?
I'm not sure, do these results help?
Checking 'ip -6 ro show' would be the best way to check this. You need a routing entry before routing can work.
2 Destination protocol unreachable.
That could be a firewall rule
Any rules I should be adding on my router or PC?
Depends on what you want to firewall. It can also just be some other kind of brokenness. Definitely check the firewall rules on your gateway though.
Btw just read your bio by the way after being curious who this person is with so much patience to help me. You're like a hero of the Internet (probably irl Batman), good work man and thanks :)
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Thursday, 05 February 2015 11:01:55
Jeroen Massar wrote:
[..]
Also check 'ip -6 addr show' to see which addresses are assigned where.
Quite likely you are using a '::' ending address somewhere.
I don't know.
Easily checked with 'ip -6 addr show' ;)
How do you reach that address without a default route?
I'm not sure, do these results help?
Checking 'ip -6 ro show' would be the best way to check this. You need a routing entry before routing can work.
2 Destination protocol unreachable.
That could be a firewall rule
Any rules I should be adding on my router or PC?
Depends on what you want to firewall. It can also just be some other kind of brokenness. Definitely check the firewall rules on your gateway though.
All fixed and working now :) Basically the one last thing I had to do was add the wan6 interface to the wan firewall zone (I thought it was already in this zone, however it wasn't). I did this the easy mode way via the web UI Lucy: Network > Interfaces > Edit Wan6 > Firewall settings > Change zone from unspecified to wan > save & apply. Let me know if you want me to document my solution for the wiki, I will make some time to do this once I get back from my break.
Open WRT Config Issues - Barrier Breaker r39296
[au] Shadow Hawkins on Tuesday, 03 February 2015 20:07:26
Jeroen Massar wrote:
> My OpenWRT router can ping the PoP and it's own IPv6 address fine. Are you sure that "the PoP" is really "the PoP"? Check latency and routing. Note that the 'written config' might not match the 'running config'. As OpenWRT is just another Linux, check with "ip -6 ro show" and friends what the real details are.
option ip6addr '2001:****:****:**::3/62'
A /62, are you sure about that? Very few setups use anything else but a /64.
Ping results to the PoP IPv6 and IPv4 server. Apologies if I've butchered the terminology again there. I waited a few minutes after running the first ping below and stopped it to run the next after not getting any results. root@OpenWrt:~# ping 2001:4830:1300:10::1 PING 2001:4830:1300:10::1 (2001:4830:1300:10::1): 56 data bytes ^C --- 2001:4830:1300:10::1 ping statistics --- 73 packets transmitted, 0 packets received, 100% packet loss root@OpenWrt:~# ping 66.186.206.70 PING 66.186.206.70 (66.186.206.70): 56 data bytes 64 bytes from 66.186.206.70: seq=0 ttl=59 time=21.653 ms 64 bytes from 66.186.206.70: seq=1 ttl=59 time=20.640 ms 64 bytes from 66.186.206.70: seq=2 ttl=59 time=20.246 ms 64 bytes from 66.186.206.70: seq=3 ttl=59 time=20.846 ms ^C --- 66.186.206.70 ping statistics --- 4 packets transmitted, 4 packets received, 0% packet loss round-trip min/avg/max = 20.246/20.846/21.653 ms
Open WRT Config Issues - Barrier Breaker r39296
[ch] Jeroen Massar SixXS Staff on Tuesday, 03 February 2015 21:42:01
root@OpenWrt:~# ping 2001:4830:1300:10::1
As that prefix is on both the tunnel and the LAN, those packets are not going to make it anywhere useful, hence it won't ping.

Please note Posting is only allowed when you are logged in.
Static Sunset Edition of SixXS
©2001-2017 SixXS - IPv6 Deployment & Tunnel Broker