From owner-freebsd-net@FreeBSD.ORG Mon Sep 26 13:49:53 2011 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7A5C2106564A for ; Mon, 26 Sep 2011 13:49:53 +0000 (UTC) (envelope-from matt@xtaz.co.uk) Received: from mail.xtaz.co.uk (xtaz.co.uk [87.194.206.163]) by mx1.freebsd.org (Postfix) with ESMTP id 2E6738FC12 for ; Mon, 26 Sep 2011 13:49:52 +0000 (UTC) Received: from mail-vx0-f182.google.com (mail-vx0-f182.google.com [209.85.220.182]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: gmail) by mail.xtaz.co.uk (Postfix) with ESMTPSA id B757FB07612; Mon, 26 Sep 2011 14:49:18 +0100 (BST) Received: by vcbf13 with SMTP id f13so3921792vcb.13 for ; Mon, 26 Sep 2011 06:49:15 -0700 (PDT) MIME-Version: 1.0 Received: by 10.52.71.99 with SMTP id t3mr6526832vdu.17.1317044955490; Mon, 26 Sep 2011 06:49:15 -0700 (PDT) Received: by 10.52.167.194 with HTTP; Mon, 26 Sep 2011 06:49:15 -0700 (PDT) In-Reply-To: <20110926132923.GB57708@in-addr.com> References: <20110926132923.GB57708@in-addr.com> Date: Mon, 26 Sep 2011 14:49:15 +0100 Message-ID: From: Matt Smith To: Gary Palmer Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-net@freebsd.org Subject: Re: gif interface not passing IPv6 packets X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 Sep 2011 13:49:53 -0000 On 26 September 2011 14:29, Gary Palmer wrote: > On Mon, Sep 26, 2011 at 10:27:53AM +0100, Matt Smith wrote: > Do you have access to any other IPv6 hosts on a separate link? =A0If so, > I would suggest trying a ping or traceroute back to your IP or > IPs across the tunnel and see if the packets are getting back to you. > It may be a problem at the other end somewhere. =A0Check with tcpdump > of both the IPv4 and IPv6 layers to see if the packets are getting > to the kernel but not to the gif interface. =A0Also see if your router > is passing packets. =A0If you had a power cut the router may have had > some issues and may not be passing the protocol 41 packets. > > Also, check the sixxs.net docs to make sure you're allowing through > necessary packets. =A0I use tunnelbroker.net and they require (or say > they do) some packets to get through for the tunnel to stay up, e.g. > an IPv4 ping. > The router is configured to just send all incoming traffic to 192.168.1.2, DMZ mode. This includes all protocols. I then use ipfw on the server to firewall it, though even flushing all rules and completely opening the firewall it still doesn't work. I think you're missing the main issue I have here, which is that the local side doesn't work. If the local side doesn't work then the remote side is irrelevant right now. Point is try this on any FreeBSD box and it will work (I did this earlier today on a friends FreeBSD server to verify): ifconfig gif0 create ifconfig gif0 tunnel 1.2.3.4 ifconfig gif0 inet6 2abc::2 2abc::1 prefixlen 128 ping6 2abc::2 ifconfig gif0 destroy With that config you should be able to talk locally to 2abc::2 because that's just a local IP on your box. The rest of the config or the state of the internet connection/NAT etc doesn't matter because you're talking to a non existent IP anyway. On my box this doesn't work since the power cut but worked perfectly well before. tcpdump of gif0 shows ping requests but no ping responses. It's as if all IPv6 traffic into gif0 is blackholed. However if I configure an IPv4 address on it with ifconfig gif0 10.1.1.2 10.1.1.1 then I can happily ping 10.1.1.2. So this just affects IPv6. It's a bizarre issue. I'm using exactly the same configuration that worked before the power cut. It's the kind of thing I might expect on a Windows box for something to randomly stop working but FreeBSD should just work! This is why I did a full buildworld/kernel thinking maybe a shared lib or something had become corrupt but to no avail. If there's no suggestions of something else which may have got screwed up I may have to resort to reinstalling the box with a fresh 9.0 install rather than a csup upgrade which would be a first!