|
No connectivity behind openWRT router
![[de]](/s/countries/de.gif) Shadow Hawkins on Sunday, 03 March 2013 17:17:27
Hello together,
I am experiencing problems when trying to set up a router with openWRT which I would like to use an IPv6 gateway.
The openWRT router is placed behind a NAT-router from my provider with a dynamic IPv4 address. The router connects to the PoP using aiccu, which works fine so far.
The openWRT router is able to ping IPv6 addresses on the internet and can ping pinged from those as well.
I assigned the router an IP from a subnet I was assigned on the LAN interface. Radvd is configured and working.
My Windows 7 client and the openWRT router can ping each other using their global and their link local addresses.
Now this is the problem: From the Windows machine is not possible to reach addresses on the internet or vice versa. If I try to ping something I get an ICMP message "Destination net unreachable" from my openWRT router.
As I already spend several hours trying to fix this alone without any success I would like to ask you for help.
Thanks in advance.
Best regards
Benedikt
Here is some of my configuration:
ifconfig
br-lan Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet addr:10.25.1.61 Bcast:10.25.1.63 Mask:255.255.255.192
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
inet6 addr: 2001:4dd0:fbc8::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3052 errors:0 dropped:0 overruns:0 frame:0
TX packets:2563 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:442243 (431.8 KiB) TX bytes:1130022 (1.0 MiB)
eth0 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2302 errors:0 dropped:0 overruns:0 frame:0
TX packets:2913 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1141465 (1.0 MiB) TX bytes:512202 (500.1 KiB)
Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:694 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:121838 (118.9 KiB)
eth0.1 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2299 errors:0 dropped:0 overruns:0 frame:0
TX packets:2213 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1098743 (1.0 MiB) TX bytes:374854 (366.0 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:686 (686.0 B) TX bytes:686 (686.0 B)
sixxs0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:4dd0:ff00:11f1::2/64 Scope:Global
inet6 addr: fe80::4cd0:ff00:11f1:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:24 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:18132 (17.7 KiB) TX bytes:18304 (17.8 KiB)
wl0 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:F1
inet6 addr: fe80::21d:7eff:fec6:9bf1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3039 errors:0 dropped:0 overruns:0 frame:91728
TX packets:3197 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:483645 (472.3 KiB) TX bytes:1270084 (1.2 MiB)
Interrupt:2 Base address:0x5000
/etc/config/network
config 'switch' 'eth0'
option 'enable' '1'
config 'switch_vlan' 'eth0_0'
option 'device' 'eth0'
option 'vlan' '0'
option 'ports' '0 1 2 3 5'
config 'switch_vlan' 'eth0_1'
option 'device' 'eth0'
option 'vlan' '1'
option 'ports' '4 5'
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'type' 'bridge'
option 'ifname' 'eth0.0'
option 'proto' 'static'
option 'ipaddr' '10.25.1.61'
option 'netmask' '255.255.255.192'
option 'defaultroute' '0'
option 'peerdns' '0'
option 'ip6addr' '2001:4dd0:fbc8::1/64'
config 'interface' 'wan'
option 'ifname' 'eth0.1'
option 'proto' 'dhcp'
config 'interface' 'wan6'
option 'proto' 'static'
option 'ifname' 'sixxs0'
option 'auto' '1'
option 'ip6addr' 2001:4dd0:ff00:11f1::2/64
option 'send_rs' '0'
openWRT router routing table
2001:4dd0:fbc8::/64 dev br-lan metric 256 mtu 1500 advmss 1440
2001:4dd0:ff00:11f1::/64 dev sixxs0 metric 256 mtu 1280 advmss 1220
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1440
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev sixxs0 metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1440
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs0 metric 256 mtu 1280 advmss 1220
default via 2001:4dd0:ff00:11f1::1 dev sixxs0 metric 1024 mtu 1280 advmss 1220
unreachable default dev lo proto none metric -1 error -128
windows 7 ipconfig
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : lan
IPv6 Address. . . . . . . . . . . : 2001:4dd0:fbc8:0:b4b1:d621:5c83:b86a
Temporary IPv6 Address. . . . . . : 2001:4dd0:fbc8:0:4837:1e2d:ec19:9907
Link-local IPv6 Address . . . . . : fe80::b4b1:d621:5c83:b86a%13
IPv4 Address. . . . . . . . . . . : 10.25.1.37
Subnet Mask . . . . . . . . . . . : 255.255.255.192
Default Gateway . . . . . . . . . : fe80::200:ff:fe00:0%13
10.25.1.61
windows 7 route print
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 281 ::/0 fe80::200:ff:fe00:0
1 306 ::1/128 On-link
13 33 2001:4dd0:fbc8::/64 On-link
13 281 2001:4dd0:fbc8:0:4837:1e2d:ec19:9907/128
On-link
13 281 2001:4dd0:fbc8:0:b4b1:d621:5c83:b86a/128
On-link
13 281 fe80::/64 On-link
13 281 fe80::b4b1:d621:5c83:b86a/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2001:4dd0:ff00:11f1::/64 On-link
0 4294967295 ::/0 2001:4dd0:ff00:11f1::1
===========================================================================
No connectivity behind openWRT router
Now this is the problem: From the Windows machine is not possible to reach addresses on the internet or vice versa
You will want to perform a traceroute to see where the problem is.
config 'interface' 'wan6'
Why are you configuring an interface when you are using AICCU?
13 281 ::/0 fe80::200:ff:fe00:0
You have a MAC address with a lot of 0's there, that is rather odd. I wonder if that can give issues.
The IPv6 address is also not present in the output from the OpenWRT address
You might want to check what is going wrong there.
0 4294967295 ::/0 2001:4dd0:ff00:11f1::1
That seem to be a persistent route that is not being used.
You might want to try a 'netsh ipv6 reset' and reboot the box and see if that helps.
No connectivity behind openWRT router
Shadow Hawkins on Monday, 04 March 2013 19:54:30
Hi Jeroen,
thanks for your advice.
For simplyfing the troubleshooting I decided to setup my router again (once more). This time I decided to use kamikaze instead of backfire.
I did the following:
opkg update
opkg install kmod-ipv6
opkg install kmod-ip6tables
opkg install ip6tables
opkg install ip
opkg install kmod-tun
opkg install aiccu
opkg install radvd
opkg install ntpclient
After this I configured an IP to the local facing interface:
br-lan Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
inet6 addr: 2001:4dd0:fbc8::1/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:64229 errors:0 dropped:0 overruns:0 frame:0
TX packets:110151 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5155332 (4.9 MiB) TX bytes:108778333 (103.7 MiB)
I also configured radvd:
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
option ignore 0
config prefix
option interface 'lan'
# If not specified, a non-link-local prefix of the interface is used
option prefix '2001:4dd0:fbc8::/64'
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 0
config rdnss
option interface 'lan'
# If not specified, the link-local address of the interface is used
option addr ''
option ignore 1
And of cause I configured AICCU which provides me the following:
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:4dd0:ff00:11f1::2/64 Scope:Global
inet6 addr: fe80::4cd0:ff00:11f1:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:99465 errors:0 dropped:0 overruns:0 frame:0
TX packets:56596 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:94886485 (90.4 MiB) TX bytes:4394377 (4.1 MiB)
Btw: I guess the as the interface "sixxs" is on a virtual point-to-point interface a hardware address consisting of only zeros should not be a problem. The router now has full network connectivity.
Further I enabled IPv6 forwarding in /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1
Windows 7:
From this point on it is possible to ping the local facing interface of the router, the wan facing interface of the router and my providers PoP.
Tracerouting an address of 2001:4860:4860::8888 does not deliver anything valueable.
From a former post of yours I added the following:
ip -6 ro add 2000::/3 via 2001:4dd0:ff00:11f1::1
http://www.sixxs.net/forum/?msg=setup-658563
Now I have got IPv6 connectivity for my clients behind the OpenWrt router.
Do you maybe know a way to get the route set automatically some seconds after the tunnel has come up? At present I always have to set the route manually.
I would really appreciate if we could get this solved. Afterall I would like to write a straightforward approach to get an OpenWrt router with working to help others with similar problems. I would be happy if it would be possible to publish this in the SIXXS wiki.
Have a beautiful evening.
Kind regards
Benedikt
No connectivity behind openWRT router
This time I decided to use kamikaze instead of backfire.
What is the numeric version of those editions? And more importantly how old are they as lots and lots changes with OpenWRT.
a virtual point-to-point interface a hardware address consisting of only zeros should not be a problem.
Correct
ip -6 ro add 2000::/3 via 2001:4dd0:ff00:11f1::1 http://www.sixxs.net/forum/?msg=setup-658563 Now I have got IPv6 connectivity for my clients behind the OpenWrt router.
What ancient kernel version do you have that you need that and better question: what does the routing table look like (ip -6 route show) ?
Also, how is AICCU started as the OpenWRT people did not like our comments to them automatically restarting (and therefor effectively DoSing out TIC servers) and thus just decided to remove the complete init script some while ago (instead of just leaving the init script there)
I would be happy if it would be possible to publish this in the SIXXS wiki.
The wiki can be edited by every user, thus go ahead; though I think there is already an OpenWRT article there...
No connectivity behind openWRT router
Shadow Hawkins on Tuesday, 05 March 2013 22:18:08
Hi Jeroen,
unfortunately my router seems to work now. When I came home I had full connectivity. Several reboots could not change that anyway.
Nevertheless I have got some answers for you.
This time I decided to use kamikaze instead of backfire. What is the numeric version of those editions? And more importantly how old are they as lots and lots changes with OpenWRT.
Version 8.09.2 from 29-Dec-2009 - very old indeed
What ancient kernel version do you have that you need that
Linux version 2.4.35.4 (agb@arrakis) (gcc version 3.4.6 (OpenWrt-2.0)) #12 Tue Dec 29 15:30:20 UTC 2009
and better question: what does the routing table look like (ip -6 route show) ?
2001:4dd0:fbc8::/64 dev br-lan metric 256 mtu 1500 advmss 1440
2001:4dd0:ff00:11f1::/64 dev sixxs metric 256 mtu 1280 advmss 1220
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1440
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev sixxs metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1440
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1440
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220
default via 2001:4dd0:ff00:11f1::1 dev sixxs metric 1024 mtu 1280 advmss 1220
Also, how is AICCU started as the OpenWRT people did not like our comments to them automatically restarting (and therefor effectively DoSing out TIC servers) and thus just decided to remove the complete init script some while ago (instead of just leaving the init script there)
I did not change something concerning this. It should still have the default values. May I ask you why a scripted restart of AICCU DoSes your servers?
The wiki can be edited by every user, thus go ahead;
What a dump question of mine. Somehow this is the idea of operating a wiki ;-)
though I think there is already an OpenWRT article there...
Yes, you are right. In my opinion it it quite confusing to read and I would like to help new users not having to do as much research as I had to. Now I know it can be much easier as the ways I chose originally.
I guess I will reset my router to its factory defaults in the next few days. When reconfiguring it I will write a short documention about how to get basic IPv6 connectivity with a routed subnet behind the router.
Would it be okay if I asked you for further assistance?
Greetings to Suisse
Benedikt Wollenweber
No connectivity behind openWRT router
I did not change something concerning this. It should still have the default values. May I ask you why a scripted restart of AICCU DoSes your servers?
Because AICCU retrieves it's configuration from our TIC server and thus every time it will make a connection to that, fetch the details.
There are various projects (Macports, OpenWRT to name a few) and even products (Draytek, Astaro/Sophos UTM) that automatically restart AICCU when it exits because there was something wrong. As they directly restart AICCU, they contact our TIC servers again, and again and again and again....
As you are talking about tens to hundreds of connections per second here, yes that is a DoS.
And note that AICCU exited with a reason: there was a problem that needs to be resolved.
Note also that it is clearly stated both in the README of AICCU and on it's webpage that one should never restart AICCU..... as well, it exits because there is an issue that it cannot resolve, restarting it does not resolve that.
Would it be okay if I asked you for further assistance?
The forums are there so that any user can help any other user....
No connectivity behind openWRT router
Shadow Hawkins on Wednesday, 06 March 2013 19:24:22
Good evening Jeroen,
I just found the time to upgrade my router to the latest version of OpenWrt. It is now running "OpenWrt Backfire 10.03.1" with Kernel 2.4.37.9.
This is what i did:
opkg update
opkg install kmod-ipv6
opkg install kmod-ip6tables
opkg install ip6tables
opkg install ip
opkg install kmod-tun
opkg install aiccu
opkg install radvd
opkg install ntpclient
reboot
vi /etc/config/network
#### LAN configuration
config interface lan
option type bridge
option ifname "eth0.0"
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
option ip6addr 2001:4dd0:fbc8::1/64
vi /etc/config/radvd
config interface
option interface 'lan'
option AdvSendAdvert 1
option AdvManagedFlag 0
option AdvOtherConfigFlag 0
option ignore 0
config prefix
option interface 'lan'
# If not specified, a non-link-local prefix of the interface is used
option prefix '2001:4dd0:fbc8::/64'
option AdvOnLink 1
option AdvAutonomous 1
option AdvRouterAddr 0
option ignore 0
config rdnss
option interface 'lan'
# If not specified, the link-local address of the interface is used
option addr ''
option ignore 1
vi /etc/config/aiccu
config aiccu
option username 'USERNAME'
option password 'PASSWORD'
option protocol ''
option server ''
option interface 'sixxs'
option tunnel_id ''
option requiretls '0'
option defaultroute '1'
option nat '1'
option heartbeat '1'
vi /etc/sysctl.conf
net.ipv6.conf.all.forwarding=1
/etc/init.d/aiccu enable
/etc/init.d/radvd enable
reboot
This leads to the following interface configuration and routing table:
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2001:4dd0:fbc8::1/64 Scope:Global
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4947 errors:0 dropped:0 overruns:0 frame:0
TX packets:5041 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:707072 (690.5 KiB) TX bytes:2477021 (2.3 MiB)
eth0 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3684 errors:0 dropped:0 overruns:0 frame:0
TX packets:3555 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2180781 (2.0 MiB) TX bytes:683158 (667.1 KiB)
Interrupt:4
eth0.0 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:128 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:14004 (13.6 KiB)
eth0.1 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:EF
inet addr:192.168.0.102 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::21d:7eff:fec6:9bef/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3684 errors:0 dropped:0 overruns:0 frame:0
TX packets:3416 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2114469 (2.0 MiB) TX bytes:644927 (629.8 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:31 errors:0 dropped:0 overruns:0 frame:0
TX packets:31 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2716 (2.6 KiB) TX bytes:2716 (2.6 KiB)
sixxs Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2001:4dd0:ff00:11f1::2/64 Scope:Global
inet6 addr: fe80::4cd0:ff00:11f1:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:21 errors:0 dropped:0 overruns:0 frame:0
TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:15120 (14.7 KiB) TX bytes:15244 (14.8 KiB)
wl0 Link encap:Ethernet HWaddr 00:1D:7E:C6:9B:F1
inet6 addr: fe80::21d:7eff:fec6:9bf1/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4934 errors:0 dropped:0 overruns:0 frame:1800
TX packets:5125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:775004 (756.8 KiB) TX bytes:2527471 (2.4 MiB)
Interrupt:2 Base address:0x5000
root@OpenWrt:~# ip -6 ro show
2001:4dd0:fbc8::/64 dev br-lan metric 256 mtu 1500 advmss 1440
2001:4dd0:ff00:11f1::/64 dev sixxs metric 256 mtu 1280 advmss 1220
fe80::/64 dev eth0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev eth0.1 metric 256 mtu 1500 advmss 1440
fe80::/64 dev br-lan metric 256 mtu 1500 advmss 1440
fe80::/64 dev wl0 metric 256 mtu 1500 advmss 1440
fe80::/64 dev sixxs metric 256 mtu 1280 advmss 1220
ff00::/8 dev eth0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev eth0.1 metric 256 mtu 1500 advmss 1440
ff00::/8 dev br-lan metric 256 mtu 1500 advmss 1440
ff00::/8 dev wl0 metric 256 mtu 1500 advmss 1440
ff00::/8 dev sixxs metric 256 mtu 1280 advmss 1220
default via 2001:4dd0:ff00:11f1::1 dev sixxs metric 1024 mtu 1280 advmss 1220
unreachable default dev lo proto none metric -1 error -128
The router then has full connectivity and can ping IPv6 addresses on the internet.
This is what happens on my Windows 7 client:
C:\Users\benedikt>tracert 2001:4860:4860::8888
Tracing route to google-public-dns-a.google.com [2001:4860:4860::8888]
over a maximum of 30 hops:
1 Destination net unreachable.
Trace complete.
After adding
ip -6 ro add 2000::/3 via 2001:4dd0:ff00:11f1::1
to the router it changes to this
Tracing route to google-public-dns-a.google.com [2001:4860:4860::8888]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 2001:4dd0:fbc8::1
2 Destination protocol unreachable.
Trace complete.
This is the interface configuration and the routing table:
Windows ipconfig:
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : lan
IPv6 Address. . . . . . . . . . . : 2001:4dd0:fbc8:0:224:d7ff:fed0:201c
Link-local IPv6 Address . . . . . : fe80::224:d7ff:fed0:201c%13
IPv4 Address. . . . . . . . . . . : 192.168.1.205
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : fe80::21d:7eff:fec6:9bef%13
192.168.1.1
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 281 ::/0 fe80::21d:7eff:fec6:9bef
1 306 ::1/128 On-link
13 33 2001:4dd0:fbc8::/64 On-link
13 281 2001:4dd0:fbc8:0:224:d7ff:fed0:201c/128
On-link
13 281 fe80::/64 On-link
13 281 fe80::224:d7ff:fed0:201c/128
On-link
1 306 ff00::/8 On-link
13 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2001:4dd0:ff00:11f1::/64 On-link
0 4294967295 ::/0 2001:4dd0:ff00:11f1::1
===========================================================================
Have you got an idea what could cause the issue?
Best regards
Benedikt
No connectivity behind openWRT router
Btw, use [ code ] instead of [ quote ], as the first is for code and cmd output, the latter is for quoting what other people state, eg as in a reply, similar to indenting with '> ' as happens with emails.
Also, there might be other people reading and wanting to reply to this forum.
I just found the time to upgrade my router to the latest version of OpenWrt. It is now running "OpenWrt Backfire 10.03.1" with Kernel 2.4.37.9.
Thus that kernel is from 2010, good that there where no major security holes in it since then.
After adding ip -6 ro add 2000::/3 via 2001:4dd0:ff00:11f1::1 to the router it changes to this
Should not matter, that was only needed long time ago as 2000::/3 was the only unicast space, and then the Linux kernel would ignore a 'default' (::/0) route when forwarding was enabled.
Your sysctl entry should have caused forwarding to be enabled, do check this with a:
sysctl -a |grep forwarding
Have you got an idea what could cause the issue?
Firewall on the Windows box or on OpenWRT? Forwarding not working, quite a few possibilities.
No connectivity behind openWRT router
Shadow Hawkins on Thursday, 07 March 2013 21:36:06Btw, use [ code ] instead of [ quote ], as the first is for code and cmd output, the latter is for quoting what other people state, eg as in a reply, similar to indenting with '> ' as happens with emails.
Okay, got it. Thanks for the advice ;-)
Your sysctl entry should have caused forwarding to be enabled, do check this with a:
sysctl -a |grep forwarding
root@OpenWrt:~# sysctl -a |grep forwarding
net.ipv6.conf.sixxs.forwarding = 1
net.ipv6.conf.wl0.forwarding = 1
net.ipv6.conf.br-lan.forwarding = 1
net.ipv6.conf.eth0.1.forwarding = 1
net.ipv6.conf.eth0.0.forwarding = 1
net.ipv6.conf.eth0.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
sysctl: error reading key 'net.ipv6.route.flush': Invalid argument
net.ipv4.conf.wl0.mc_forwarding = 0
net.ipv4.conf.wl0.forwarding = 1
net.ipv4.conf.br-lan.mc_forwarding = 0
net.ipv4.conf.br-lan.forwarding = 1
net.ipv4.conf.eth0.1.mc_forwarding = 0
net.ipv4.conf.eth0.1.forwarding = 1
net.ipv4.conf.eth0.0.mc_forwarding = 0
net.ipv4.conf.eth0.0.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.eth0.mc_forwarding = 0
net.ipv4.conf.eth0.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.all.forwarding = 1
sysctl: error reading key 'net.ipv4.route.flush': Invalid argument
I guess this should be correct. What is your opinion?
Firewall on the Windows box or on OpenWRT? Forwarding not working, quite a few possibilities.
Turning off both firewalls does not change anything.
As my Windows 7 client worked with my router when using the kamikaze image I would like to focus on the router. When there is nothing left to check I can get me another client to verify the router is not the culprit.
No connectivity behind openWRT router
I guess this should be correct. What is your opinion?
Looks good indeed.
Turning off both firewalls does not change anything.
Turning off which firewalls exactly? Please note that there are for Windows a lot of "antivirus" products which break IPv6 in unexpected ways...
As my Windows 7 client worked with my router when using the kamikaze image I would like to focus on the router
It could be that the broke multicast or something. Best step is to start wiresharking and see where the packets go wrong.
No connectivity behind openWRT router
Shadow Hawkins on Friday, 08 March 2013 19:05:43Turning off which firewalls exactly? Please note that there are for Windows a lot of "antivirus" products which break IPv6 in unexpected ways...
I turned off ip6tables in the router and the Windows firewall. Additionally I disabled my antivirus product which btw does not include an own firewall.
It could be that the broke multicast or something. Best step is to start wiresharking and see where the packets go wrong.
Great idea. I did so using a span port.
When generating traffic from the router towards the internet you can see it being encapsulated in AYIYA PDUs.
Traffic sourced from the Windows machine can only be seen between the machine itself and the router terminating the tunnel. Between the router and the ISP there cannot be seen anything being forwarded.
Regarding this I would assume that there is something going wrong in the router. Do you know if there is a debug mode available? Or is there something in the configuration that I should verify?
Best regards
Benedikt
No connectivity behind openWRT router
Additionally I disabled my antivirus product which btw does not include an own firewall.
That unfortunately is a typical misconception. Lot of 'antivirus' tools link into the NDIS drivers and then intercept traffic to see if it is malicious. That layer tends to also break IPv6 as they do not understand it.
Note that disabling it in that case will not resolve it, as they do not remove themselves from the driver list and thus keep on breaking stuff.
Which Antivirus+version is it? On Windows, typically it is good enough to just run the Microsoft Security Essentials that comes with it.
Great idea. I did so using a span port.
If you can do span ports, you likely also have other nice features like VLANs and the ability to disable multicast. Please do check that that is not interfering with the multicast used for IPv6. Note that there are older 'smart' switches which broke IPv6 that way as they did not understand it and thus just dropped it.
Between the router and the ISP there cannot be seen anything being forwarded.
Of course not. Your (IPv4) ISP is not involved in anything IPv6. The tunnel is providing you IPv6 connectivity.
Or is there something in the configuration that I should verify?
You should verify everything.... the best thing to do is make the setup as simple as possible and then expand from there.
No connectivity behind openWRT router
Shadow Hawkins on Saturday, 09 March 2013 10:55:18
Hi Benedikt,
if you are using a configuration as I described in
https://www.sixxs.net/wiki/Aiccu/OpenBSD#Network_Concepts
you have to reconfigure radvd. ipv6 is provisioned from the WAN interface of your OpenWRT router into the lan of your ipv4 router.
You may change the interface used for radvd then.
But anyway if you want to run double NAT for ipv4 behind in your OpenWRT lan check if the firewall is configured properly as described in
https://www.sixxs.net/wiki/Aiccu/Installing_on_OpenWRT#Firewalling_.28using_OpenWrt_firewall2_configuration.29
Check if wan6, as described there, come up propperly
root@OpenWrt:~# logread | grep firewall
.....
.....
Jan 20 17:11:12 OpenWrt user.info firewall: adding wan6 (sixxs0) to zone wan6
It take me some time to make it working for me when I'm starting to implement my SIXXS tunnel.
I'm current on OpenBSD, which compared to other implementations I have tried, work like a charm and for weeks now. Even my tunnel is not responding, which may an issue of my Internetprovider (cable) it turn on without an intervention.
Otherwise we can make a call via Skype?
Thomas
No connectivity behind openWRT router
Shadow Hawkins on Monday, 11 March 2013 18:41:27
Good evening Thomas,
thanks for your reply.
if you are using a configuration as I described in
https://www.sixxs.net/wiki/Aiccu/OpenBSD#Network_Concepts
you have to reconfigure radvd. ipv6 is provisioned from the WAN interface of your OpenWRT router into the lan of your ipv4 router.
You may change the interface used for radvd then.
My topology looks like this:
Internet ---> (Public IP) Provider Edge Router (Private IP) ---> (Private IP)Customer Edge Router terminating AYIYA tunnel (Private IP) ---> Dual stacked stations
Thus it is correct to distribute the IPv6 adresses to the local facing interface.
But anyway if you want to run double NAT for ipv4 behind in your OpenWRT lan check if the firewall is configured properly as described in
https://www.sixxs.net/wiki/Aiccu/Installing_on_OpenWRT#Firewalling_.28using_OpenWrt_firewall2_configuration.29
Check if wan6, as described there, come up propperly
root@OpenWrt:~# logread | grep firewall
.....
.....
Jan 20 17:11:12 OpenWrt user.info firewall: adding wan6 (sixxs0) to zone wan6
Till now I did not configure the firewall. First if all i wanted to use the router for terminating the tunnel and I planned to deploy a Cisco ASA as an edge firewall.
I'm current on OpenBSD, which compared to other implementations I have tried, work like a charm and for weeks now. Even my tunnel is not responding, which may an issue of my Internetprovider (cable) it turn on without an intervention.
This was a good hint indeed. I always thought my configuration was erroneos. When I had some minutes left yesterday I made the transition from OpenWrt to DD-WRT. It was kind of exchausting, but it is working stable so far (As I can tell at this moment).
Now I am waiting for my Rasperry Pi to arrive and then I will try to set it up like this:
https://www.sixxs.net/wiki/Aiccu/OpenBSD#Network_Concepts
Otherwise we can make a call via Skype?
This is very kind of you. Thank you lots. I really appreciated this if my problem persisted.
Best regards
Benedikt
|
![[ch]](/s/countries/ch.gif)
on Monday, 04 March 2013 07:59:32
Posting is only allowed when you are