brycec: Loading was easy too: /python load /path/to/blah.py
Aaaaand that's all it took
I configured it a bit, set a static port number, a prefix, but otherwise nothing fancy and it worked right out of gthe box. m0unds: neat. i'll give it a shot when i have a sec to mess with it. (been chatting via ssh on my eyepahd) ***: novae has quit IRC (Ping timeout: 250 seconds)
novae has joined #arpnetworks mnathani: I am having issues with my he.net ipv6 tunnel configured on an Ubuntu box
I can ping6 google.com, but traceroute6 to the same host results in 0.654 ms !H 0.679 ms !H 0.708 ms !H
ipv6 forwarding is enabled
and I can traceroute to a machine using the ubuntu box as its ipv6 router
How can I determine if its a firewall issue or perhaps a misconfiguration? meingtsla: hm that looks weird. do you have the full traceroute6 output? how far does it get before it stops? mnathani: meingtsla: >> http://pastebin.com/eWmehyqH meingtsla: but ping6 works though, right? hmmm.... are you doing any udp blocking in ip6tables? mnathani: don't think so
ping6 does work
root@x61:~# ping6 -n google.com brycec: mnathani: Just to check - disable ip6tables entirely mnathani: PING google.com(2404:6800:4002:802::1001) 56 data bytes
64 bytes from 2404:6800:4002:802::1001: icmp_seq=1 ttl=50 time=346 ms
awfully high pings though
root@x61:~# ufw disable
Firewall stopped and disabled on system startup
brycec: I ran iptables -F and iptables -F -t nat meingtsla: what about ip6tables
iptables is ipv4 mnathani: no dice
I flushed ip6tables rules also
this is one of the clients behind the ubuntu box >> 2001:470:1d:76e::2:2 brycec: I can mtr to that IP
about 70ms mnathani: I think it might have something to do with the ubuntu box using a private IP that is not getting translated correctly through the NAT / ipv6 tunnel ***: novae has quit IRC (Ping timeout: 245 seconds) brycec: What's a private IPv6 IP? link-local? mnathani: I mean my private ipv4 ip ***: novae has joined #arpnetworks mnathani: the packets go out, but get lost in translation on the way back is my theory brycec: I must not have understood your original problem... Thought we were talking v6-v6 mnathani: he.net ipv6 tunnel
protocol 41, 6in4 brycec: mnathani: if I can mtr to that v6 address, then your tunnel is good
Assuming that v6 address was on your end of the tunnel
Then the tunnel and its v4 underpinnings are working, packets in both directions. mnathani: that v6 was actually part of a routed /64 behind the tunnel
not sure why the traceroute6 was not working brycec: As far as v6 clients behind the tunnel, they never see the tunnel packets themselves, so private IPs have no bearing. Your "LAN" for lack of a better description is pure IPv6, it's just the router that takes the pure v6 and stuffs it over a tunnel.
(pure IPv6/dualstack)
(That IP is still being mtr'd too, so tcpdump and you'll see the traffic from an a650 address) mnathani: 17:15:18.163599 IP6 vps3.cobryce.com > 2001:470:1d:76e::2:2: ICMP6, echo request, seq 59572, length 64 brycec: Yep mnathani: 1. 2001:470:1d:76e::10:62 84.6% 14 0.3 0.3 0.3 0.3 0.0
mtr back to you brycec: http://sprunge.us/OTTB (it's wide, sorry) mnathani: http://pastebin.com/yMCrE9Gg brycec: mnathani: so you're dropping 85% of your packets on your first hop alone? mnathani: down to 30% now
but yes
for some reason brycec: mnathani: so that's an mtr running on ::2:2 right? mnathani: [root@compaq capture]# ping6 2001:470:1d:76e::10:62
PING 2001:470:1d:76e::10:62(2001:470:1d:76e::10:62) 56 data bytes
64 bytes from 2001:470:1d:76e::10:62: icmp_seq=1 ttl=64 time=0.175 ms
yes brycec: mnathani: So why is ::10:62 the gateway for ::2:2? Based on my inbound mtr, :;2:2 is routeable directly from ::2 (your endpoint) mnathani: Server IPv6 Address:2001:470:1c:76e::1/64 Client IPv6 Address:2001:470:1c:76e::2/64
Routed /64:2001:470:1d:76e::/64
1c vs 1d brycec: you mean 1d/1e?
nevermind ^
Anyways, my question stands, my inbound mtr hits 2001:470:1c:76e::2 and then the destination
2001:470:1d:76e::2:2
There's no 2001:470:1d:76e::10:62 anywhere in the inbound mtr
So I presume you've set that as ::2:2's gateway, hence why its outbound mtr tries to route through it (badly) mnathani: Destination Next Hop Flags Metric Ref Use Iface
*/0 2001:470:1d:76e::10:62 UG 1 10608 0 eth0
10:62 is the ubuntu box terminating the tunnel
that route is on 2:2 brycec: So somehow inbound traffic skips that ubuntu box mnathani: well that box has 2 ips
it has :2001:470:1c:76e::2 on the tunnel end brycec: It has both ::2:2 and ::10:62?
Oh okay
(I meant to write ::2, not ::2:2) mnathani: and 10:62 on th LAN end brycec: The same subnet on two interfaces? mnathani: different subnets
470:1c vs 470:1d
don't know why he.net chose such close /64s brycec: Heh, okay I can see the picture clearly now
and fwiw I can mtr 2001:470:1d:76e::10:62 just fine too mnathani: I am using a bridge interface for ipv6, does that change anything? brycec: Should be fine
And if it were an MTU issue, small pings should still be fine -: brycec strokes his beard mnathani: 23411.808529fe80::21d:72ff:fe8c:c519ff02::1:ff00:1ICMPv686Neighbor Solicitation for 2001:470:1d:76e::1 from 00:1d:72:8c:c5:19
it got kinda squished there
http://pastebin.com/W512MDZj
I seem to be missing a next hop brycec: Is x61 the ubuntu router? mnathani: it is brycec: You do.
Gotta love when stuff works (or half-works) when it doesn't seem like it should work at all... mnathani: [root@compaq capture]# ping6 google.com
PING google.com(pd-in-x71.1e100.net) 56 data bytes
64 bytes from pd-in-x71.1e100.net: icmp_seq=1 ttl=53 time=69.8 ms
64 bytes from pd-in-x71.1e100.net: icmp_seq=2 ttl=53 time=70.1 ms
64 bytes from pd-in-x71.1e100.net: icmp_seq=3 ttl=53 time=69.2 ms
I mean how can we explain that ^ brycec: MAGIC
Clearly x61 put the packets on the wire, and somehow, by magic, HE slurped them up and routed them
Oh right, MAGIC == ICMP6 router solicitation
Your box was even doing an ND request │14:41:16 mnathani | 23411.808529fe80::21d:72ff:fe8c:c519ff02::1:ff00:1ICMPv686Neighbor Solicitation for 2001:470:1d:76e::1 from 00:1d:72:8c:c5:19
Granted, you might think such a route would show in the kernel routing table... mnathani: finally!!!
root@x61:~# traceroute6 google.com
traceroute to google.com (2800:3f0:4002:801::1007) from 2001:470:1c:76e::2, 30 hops max, 24 byte packets
1 mnathani-1.tunnel.tserv21.tor1.ipv6.he.net (2001:470:1c:76e::1) 13.642 ms 12.51 ms 12.374 ms
2 ge2-5.core1.tor1.he.net (2001:470:0:c0::1) 12.204 ms 20.327 ms 9.21 ms
3 2001:478:245:1::6 (2001:478:245:1::6) 10.333 ms 10.331 ms 11.015 ms
4 2001:4860::1:0:28 (2001:4860::1:0:28) 11.455 ms 28.471 ms 15.783 ms
5 2001:4860::8:0:4398 (2001:4860::8:0:4398) 23.643 ms 26.754 ms 23.326 ms
6 2001:4860::8:0:6375 (2001:4860::8:0:6375) 30.327 ms 30.09 ms 29.767 ms
7 2001:4860::1:0:9ff (2001:4860::1:0:9ff) 38.428 ms 31.84 ms 40.867 ms
8 2001:4860::1:0:69e7 (2001:4860::1:0:69e7) 180.457 ms 186.376 ms 178.459 ms
9 2001:4860::1:0:e (2001:4860::1:0:e) 208.799 ms 198.93 ms 197.848 ms
10 2001:4860:0:1::d8 (2001:4860:0:1::d8) 199.453 ms 196.398 ms 199.431 ms
11 2800:3f0:4002:801::4 (2800:3f0:4002:801::4) 197.8 ms 196.636 ms 195.845 ms
If only I had noticed and used the provided configuration from he.net directly ***: toeshred has quit IRC (Ping timeout: 245 seconds)
toeshred has joined #arpnetworks