IPv6 Routing Problem [Solved, Typo removed...]

MelliTiger · 2017-06-06 19:15:20

Hello,

I have just switched over to archlinux, and i don't seem to be able to get my IPv6 routing right, IPv4 is working like a charm though.

I have got a router running arch linux with 3 interfaces plus an openvpn interface.

local addresses
interface    ipv6 local
enp1s0       fd03:ee:78:1000::16:1 (local LAN)
enp2s0f0     fd03:ee:78:1800::16:1 (local WLAN)
enp2s0f1     -no IPv6- (WAN)
tun0         fd03:ee:78:800::1000 (openvpn)

routes set:
fd03:ee:78:800::/64 dev tun0 proto kernel metric 256 pref medium
fd03:ee:78::/48 dev tun0 metric 1024 pref medium
fd0e:ee:78:1000::/64 dev enp1s0 proto kernel metric 256 pref medium
fd0e:ee:78:1800::/64 dev enp2s0f1 proto kernel metric 256 pref medium

When i try to ping a host inside the local LAN, the packet leaves via tun0.
If i add the interface to the ping-command, i only get an error message "connect: Das Netzwerk ist nicht erreichbar" (network unreachable)...

Any help or pointer would be greatly appreciated!

Andreas

Last edited by MelliTiger (2017-06-10 15:17:27)

fukawi2 · 2017-06-06 23:32:11

Post the output of these commands:

ip -6 a s
ip -6 r s

trytipARCH · 2017-06-07 02:25:55

...

Last edited by trytipARCH (2017-06-11 03:55:31)

fukawi2 · 2017-06-07 02:28:28

OP appears to be using a SiiXS tunnel, and enabling the router for IPv6 is what they're trying to do.

stronnag · 2017-06-07 16:32:45

fukawi2 wrote:

OP appears to be using a SiiXS tunnel, and enabling the router for IPv6 is what they're trying to do.

SIIXS shutdown all tunnel broker services 2017-06-06.

MelliTiger · 2017-06-07 19:16:56

fukawi2 wrote:

Post the output of these commands:
ip -6 a s
ip -6 r s

ip -6 a s

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd0e:ee:78:1000::16:1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::222:4dff:fe7c:7cab/64 scope link
       valid_lft forever preferred_lft forever
3: enp2s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::21b:78ff:fe57:c510/64 scope link
       valid_lft forever preferred_lft forever
4: enp2s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd0e:ee:78:1800::16:1/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::21b:78ff:fe57:c511/64 scope link
       valid_lft forever preferred_lft forever
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fd03:ee:78:800::1000/64 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::eec0:a416:af71:cf2d/64 scope link flags 800
       valid_lft forever preferred_lft forever

ip -6 r s

2a01:abc:121:2ffd::/64 dev tun0 metric 1024 pref medium
fd03:ee:78:800::/64 dev tun0 proto kernel metric 256 pref medium
fd03:ee:78::/48 dev tun0 metric 1024 pref medium
fd0e:ee:78:1000::/64 dev enp1s0 proto kernel metric 256 pref medium
fd0e:ee:78:1800::/64 dev enp2s0f1 proto kernel metric 256 pref medium
fe80::/64 dev enp2s0f1 proto kernel metric 256 pref medium
fe80::/64 dev enp2s0f0 proto kernel metric 256 pref medium
fe80::/64 dev enp1s0 proto kernel metric 256 pref medium
fe80::/64 dev tun0 proto kernel metric 256 pref medium
default via fe80::1 dev enp2s0f0 proto ra metric 1024 expires 119sec pref medium

I also did an ip6tables trace, thats how i figured out packets going out via the wrong interface
(trimmed down to reduce clutter...)

Jun 07 21:07:31 wall.netz.xa kernel: TRACE: raw:PREROUTING:policy:3 IN=enp1s0 OUT= MAC=xxx SRC=fd03:ee:78:1000:5072:cb78:deaf:e8c7 DST=fd03:ee:78:0400:0000:0000:0185:0001 LEN=80 TC=0 HOPLIMIT=128 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: mangle:PREROUTING:policy:1 IN=enp1s0 OUT= MAC=xxx SRC=fd03:ee:78:1000:5072:cb78:deaf:e8c7 DST=fd03:ee:78:0400:0000:0000:0185:0001 LEN=80 TC=0 HOPLIMIT=128 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: mangle:FORWARD:policy:1 IN=enp1s0 OUT=tun0 MAC=xxx SRC=fd03:ee:78:1000:5072:cb78:deaf:e8c7 DST=fd03:ee:78:0400:0000:0000:0185:0001 LEN=80 TC=0 HOPLIMIT=127 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: filter:FORWARD:rule:3 IN=enp1s0 OUT=tun0 MAC=xxx SRC=fd03:ee:78:1000:5072:cb78:deaf:e8c7 DST=fd03:ee:78:0400:0000:0000:0185:0001 LEN=80 TC=0 HOPLIMIT=127 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: mangle:POSTROUTING:policy:1 IN= OUT=tun0 SRC=fd03:ee:78:1000:5072:cb78:deaf:e8c7 DST=fd03:ee:78:0400:0000:0000:0185:0001 LEN=80 TC=0 HOPLIMIT=127 FLOWLBL=0 PROTO=ICMPv6 TYPE=128 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: raw:PREROUTING:policy:3 IN=tun0 OUT= MAC= SRC=fd03:ee:78:0400:0000:0000:0185:0001 DST=fd03:ee:78:1000:5072:cb78:deaf:e8c7 LEN=80 TC=0 HOPLIMIT=63 FLOWLBL=457592 PROTO=ICMPv6 TYPE=129 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: mangle:PREROUTING:policy:1 IN=tun0 OUT= MAC= SRC=fd03:ee:78:0400:0000:0000:0185:0001 DST=fd03:ee:78:1000:5072:cb78:deaf:e8c7 LEN=80 TC=0 HOPLIMIT=63 FLOWLBL=457592 PROTO=ICMPv6 TYPE=129 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: mangle:FORWARD:policy:1 IN=tun0 OUT=tun0 MAC= SRC=fd03:ee:78:0400:0000:0000:0185:0001 DST=fd03:ee:78:1000:5072:cb78:deaf:e8c7 LEN=80 TC=0 HOPLIMIT=62 FLOWLBL=457592 PROTO=ICMPv6 TYPE=129 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: filter:FORWARD:rule:3 IN=tun0 OUT=tun0 MAC= SRC=fd03:ee:78:0400:0000:0000:0185:0001 DST=fd03:ee:78:1000:5072:cb78:deaf:e8c7 LEN=80 TC=0 HOPLIMIT=62 FLOWLBL=457592 PROTO=ICMPv6 TYPE=129 CODE=0 ID=1 SEQ=2
Jun 07 21:07:31 wall.netz.xa kernel: TRACE: mangle:POSTROUTING:policy:1 IN= OUT=tun0 SRC=fd03:ee:78:0400:0000:0000:0185:0001 DST=fd03:ee:78:1000:5072:cb78:deaf:e8c7 LEN=80 TC=0 HOPLIMIT=62 FLOWLBL=457592 PROTO=ICMPv6 TYPE=129 CODE=0 ID=1 SEQ=2

I suppose that the firewall rules are good, as they have been running on the former ubuntu router without trouble...

Thanks again for the help...

Andreas

MelliTiger · 2017-06-07 19:20:07

stronnag wrote:

fukawi2 wrote:
OP appears to be using a SiiXS tunnel, and enabling the router for IPv6 is what they're trying to do.
SIIXS shutdown all tunnel broker services 2017-06-06.

Yes, i used to have a SIXXS tunnel. No longer.

What i am trying to achieve is to connect via a VPN server to a second LAN, so only local IPv6 adresses. As i have converted all my scripts to IPv6 (i.e. pings), these scripts are currently not running.
And i don't really want to change all these scripts again...

Andreas

Last edited by MelliTiger (2017-06-07 19:21:08)

MelliTiger · 2017-06-10 15:20:19

ip -6 a s

2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fd0e:ee:78:1000::16:1/64 scope global
5: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 1000
    inet6 fd03:ee:78:800::1000/64 scope global

After some digging around, i found some slight difference in these two interfaces.
Might have been the problem.

I just have a lie down right now, and some soothing music afterwards...

Thanks for the help.

Andreas

Arch Linux

#1 2017-06-06 19:15:20

IPv6 Routing Problem [Solved, Typo removed...]

#2 2017-06-06 23:32:11

Re: IPv6 Routing Problem [Solved, Typo removed...]

#3 2017-06-07 02:25:55

Re: IPv6 Routing Problem [Solved, Typo removed...]

#4 2017-06-07 02:28:28

Re: IPv6 Routing Problem [Solved, Typo removed...]

#5 2017-06-07 16:32:45

Re: IPv6 Routing Problem [Solved, Typo removed...]

#6 2017-06-07 19:16:56

Re: IPv6 Routing Problem [Solved, Typo removed...]

#7 2017-06-07 19:20:07

Re: IPv6 Routing Problem [Solved, Typo removed...]

#8 2017-06-10 15:20:19

Re: IPv6 Routing Problem [Solved, Typo removed...]

Board footer