[00:54] <brycec> mnathani: install? it was already included with my weechat-plugins package, so very easy :P
[00:54] <brycec> Loading was easy too: /python load /path/to/blah.py
[00:55] <brycec> Aaaaand that's all it took
[00:55] <brycec> I configured it a bit, set a static port number, a prefix, but otherwise nothing fancy and it worked right out of gthe box.
[07:45] <m0unds> neat. i'll give it a shot when i have a sec to mess with it. (been chatting via ssh on my eyepahd)
[09:18] *** novae has quit IRC (Ping timeout: 250 seconds)
[09:21] *** novae has joined #arpnetworks
[11:28] <mnathani> I am having issues with my he.net ipv6 tunnel configured on an Ubuntu box
[11:29] <mnathani> I can ping6 google.com, but traceroute6 to the same host results in  0.654 ms !H  0.679 ms !H  0.708 ms !H
[11:29] <mnathani> ipv6 forwarding is enabled
[11:30] <mnathani> and I can traceroute to a machine using the ubuntu box as its ipv6 router
[11:31] <mnathani> How can I determine if its a firewall issue or perhaps a misconfiguration?
[11:35] <meingtsla> hm that looks weird. do you have the full traceroute6 output? how far does it get before it stops?
[11:38] <mnathani> meingtsla: >> http://pastebin.com/eWmehyqH
[11:41] <meingtsla> but ping6 works though, right?  hmmm.... are you doing any udp blocking in ip6tables?
[11:43] <mnathani> don't think so
[11:44] <mnathani> ping6 does work
[11:44] <mnathani> root@x61:~# ping6 -n google.com
[11:44] <brycec> mnathani: Just to check - disable ip6tables entirely
[11:44] <mnathani> PING google.com(2404:6800:4002:802::1001) 56 data bytes
[11:44] <mnathani> 64 bytes from 2404:6800:4002:802::1001: icmp_seq=1 ttl=50 time=346 ms
[11:44] <mnathani> awfully high pings though
[11:45] <mnathani> root@x61:~# ufw disable
[11:45] <mnathani> Firewall stopped and disabled on system startup
[11:46] <mnathani> brycec: I ran iptables -F and iptables -F -t nat
[11:46] <meingtsla> what about ip6tables
[11:46] <meingtsla> iptables is ipv4
[11:48] <mnathani> no dice
[11:49] <mnathani> I flushed ip6tables rules also
[11:49] <mnathani> this is one of the clients behind the ubuntu box >> 2001:470:1d:76e::2:2
[11:50] <brycec> I can mtr to that IP
[11:50] <brycec> about 70ms
[13:35] <mnathani> I think it might have something to do with the ubuntu box using a private IP that is not getting translated correctly through the NAT / ipv6 tunnel
[14:01] *** novae has quit IRC (Ping timeout: 245 seconds)
[14:05] <brycec> What's a private IPv6 IP? link-local?
[14:06] <mnathani> I mean my private ipv4 ip
[14:06] *** novae has joined #arpnetworks
[14:06] <mnathani> the packets go out, but get lost in translation on the way back is my theory
[14:08] <brycec> I must not have understood your original problem... Thought we were talking v6-v6
[14:09] <mnathani> he.net ipv6 tunnel
[14:09] <mnathani> protocol 41, 6in4
[14:10] <brycec> mnathani: if I can mtr to that v6 address, then your tunnel is good
[14:10] <brycec> Assuming that v6 address was on your end of the tunnel
[14:10] <brycec> Then the tunnel and its v4 underpinnings are working, packets in both directions.
[14:10] <mnathani> that v6 was actually part of a routed /64 behind the tunnel
[14:10] <mnathani> not sure why the traceroute6 was not working
[14:11] <brycec> As far as v6 clients behind the tunnel, they never see the tunnel packets themselves, so private IPs have no bearing. Your "LAN" for lack of a better description is pure IPv6, it's just the router that takes the pure v6 and stuffs it over a tunnel.
[14:12] <brycec> (pure IPv6/dualstack)
[14:13] <brycec> (That IP is still being mtr'd too, so tcpdump and you'll see the traffic from an a650 address)
[14:15] <mnathani> 17:15:18.163599 IP6 vps3.cobryce.com > 2001:470:1d:76e::2:2: ICMP6, echo request, seq 59572, length 64
[14:16] <brycec> Yep
[14:16] <mnathani> 1. 2001:470:1d:76e::10:62                                                                                        84.6%    14    0.3   0.3   0.3   0.3   0.0
[14:17] <mnathani> mtr back to you
[14:17] <brycec> http://sprunge.us/OTTB (it's wide, sorry)
[14:17] <mnathani> http://pastebin.com/yMCrE9Gg
[14:17] <brycec> mnathani: so you're dropping 85% of your packets on your first hop alone?
[14:18] <mnathani> down to 30% now
[14:18] <mnathani> but yes
[14:18] <mnathani> for some reason
[14:18] <brycec> mnathani: so that's an mtr running on ::2:2 right?
[14:19] <mnathani> [root@compaq capture]# ping6 2001:470:1d:76e::10:62
[14:19] <mnathani> PING 2001:470:1d:76e::10:62(2001:470:1d:76e::10:62) 56 data bytes
[14:19] <mnathani> 64 bytes from 2001:470:1d:76e::10:62: icmp_seq=1 ttl=64 time=0.175 ms
[14:19] <mnathani> yes
[14:22] <brycec> mnathani: So why is ::10:62 the gateway for ::2:2? Based on my inbound mtr, :;2:2 is routeable directly from ::2 (your endpoint)
[14:24] <mnathani> Server IPv6 Address:2001:470:1c:76e::1/64     Client IPv6 Address:2001:470:1c:76e::2/64
[14:24] <mnathani> Routed /64:2001:470:1d:76e::/64
[14:25] <mnathani> 1c vs 1d
[14:26] <brycec> you mean 1d/1e?
[14:26] <brycec> nevermind ^
[14:26] <brycec> Anyways, my question stands, my inbound mtr hits 2001:470:1c:76e::2 and then the destination
[14:26] <brycec> 2001:470:1d:76e::2:2
[14:27] <brycec> There's no 2001:470:1d:76e::10:62 anywhere in the inbound mtr
[14:27] <brycec> So I presume you've set that as ::2:2's gateway, hence why its outbound mtr tries to route through it (badly)
[14:28] <mnathani> Destination                                 Next Hop                                Flags Metric Ref    Use Iface
[14:28] <mnathani> */0                                         2001:470:1d:76e::10:62                  UG    1      10608       0 eth0
[14:28] <mnathani> 10:62 is the ubuntu box terminating the tunnel
[14:29] <mnathani> that route is on 2:2
[14:29] <brycec> So somehow inbound traffic skips that ubuntu box
[14:30] <mnathani> well that box has 2 ips
[14:30] <mnathani> it has :2001:470:1c:76e::2 on the tunnel end
[14:30] <brycec> It has both ::2:2 and ::10:62?
[14:30] <brycec> Oh okay
[14:31] <brycec> (I meant to write ::2, not ::2:2)
[14:31] <mnathani> and 10:62 on th LAN end
[14:31] <brycec> The same subnet on two interfaces?
[14:31] <mnathani> different subnets
[14:31] <mnathani> 470:1c vs 470:1d
[14:31] <mnathani> don't know why he.net chose such close /64s
[14:32] <brycec> Heh, okay I can see the picture clearly now
[14:32] <brycec> and fwiw I can mtr 2001:470:1d:76e::10:62 just fine too
[14:35] <mnathani> I am using a bridge interface for ipv6, does that change anything?
[14:38] <brycec> Should be fine
[14:38] <brycec> And if it were an MTU issue, small pings should still be fine
[14:38] * brycec strokes his beard
[14:41] <mnathani> 23411.808529fe80::21d:72ff:fe8c:c519ff02::1:ff00:1ICMPv686Neighbor Solicitation for 2001:470:1d:76e::1 from 00:1d:72:8c:c5:19
[14:42] <mnathani> it got kinda squished there
[14:44] <mnathani> http://pastebin.com/W512MDZj
[14:44] <mnathani> I seem to be missing a next hop
[14:44] <brycec> Is x61 the ubuntu router?
[14:44] <mnathani> it is
[14:45] <brycec> You do.
[14:46] <brycec> Gotta love when stuff works (or half-works) when it doesn't seem like it should work at all...
[14:46] <mnathani> [root@compaq capture]# ping6 google.com
[14:46] <mnathani> PING google.com(pd-in-x71.1e100.net) 56 data bytes
[14:46] <mnathani> 64 bytes from pd-in-x71.1e100.net: icmp_seq=1 ttl=53 time=69.8 ms
[14:46] <mnathani> 64 bytes from pd-in-x71.1e100.net: icmp_seq=2 ttl=53 time=70.1 ms
[14:46] <mnathani> 64 bytes from pd-in-x71.1e100.net: icmp_seq=3 ttl=53 time=69.2 ms
[14:46] <mnathani> I mean how can we explain that ^
[14:47] <brycec> MAGIC
[14:47] <brycec> Clearly x61 put the packets on the wire, and somehow, by magic, HE slurped them up and routed them
[14:48] <brycec> Oh right, MAGIC == ICMP6 router solicitation
[14:50] <brycec> Your box was even doing an ND request â”‚14:41:16       mnathani | 23411.808529fe80::21d:72ff:fe8c:c519ff02::1:ff00:1ICMPv686Neighbor Solicitation for 2001:470:1d:76e::1 from 00:1d:72:8c:c5:19
[14:50] <brycec> Granted, you might think such a route would show in the kernel routing table...
[15:52] <mnathani> finally!!!
[15:52] <mnathani> root@x61:~# traceroute6 google.com
[15:52] <mnathani> traceroute to google.com (2800:3f0:4002:801::1007) from 2001:470:1c:76e::2, 30 hops max, 24 byte packets
[15:52] <mnathani>  1  mnathani-1.tunnel.tserv21.tor1.ipv6.he.net (2001:470:1c:76e::1)  13.642 ms  12.51 ms  12.374 ms
[15:52] <mnathani>  2  ge2-5.core1.tor1.he.net (2001:470:0:c0::1)  12.204 ms  20.327 ms  9.21 ms
[15:52] <mnathani>  3  2001:478:245:1::6 (2001:478:245:1::6)  10.333 ms  10.331 ms  11.015 ms
[15:52] <mnathani>  4  2001:4860::1:0:28 (2001:4860::1:0:28)  11.455 ms  28.471 ms  15.783 ms
[15:52] <mnathani>  5  2001:4860::8:0:4398 (2001:4860::8:0:4398)  23.643 ms  26.754 ms  23.326 ms
[15:52] <mnathani>  6  2001:4860::8:0:6375 (2001:4860::8:0:6375)  30.327 ms  30.09 ms  29.767 ms
[15:53] <mnathani>  7  2001:4860::1:0:9ff (2001:4860::1:0:9ff)  38.428 ms  31.84 ms  40.867 ms
[15:53] <mnathani>  8  2001:4860::1:0:69e7 (2001:4860::1:0:69e7)  180.457 ms  186.376 ms  178.459 ms
[15:53] <mnathani>  9  2001:4860::1:0:e (2001:4860::1:0:e)  208.799 ms  198.93 ms  197.848 ms
[15:53] <mnathani> 10  2001:4860:0:1::d8 (2001:4860:0:1::d8)  199.453 ms  196.398 ms  199.431 ms
[15:53] <mnathani> 11  2800:3f0:4002:801::4 (2800:3f0:4002:801::4)  197.8 ms  196.636 ms  195.845 ms
[15:53] <mnathani> If only I had noticed and used the provided configuration from he.net directly
[19:50] *** toeshred has quit IRC (Ping timeout: 245 seconds)
[19:55] *** toeshred has joined #arpnetworks