Charter 6RD connection not working in latest snaps
-
Do you have wan_stf on your definition of WAN in rules.debug?
Can you show the /tmp/rules.debug contents?
UPDATE: Can you try with a snapshot from tomorrow and report?
-
@ermal:
Do you have wan_stf on your definition of WAN in rules.debug?
Can you show the /tmp/rules.debug contents?
UPDATE: Can you try with a snapshot from tomorrow and report?
CMB has access to the box, but yes I'll try tomorrow's snapshot :)
-
After the Tue Mar 19 16:39:04 EDT 2013 build, I did have to go to the Interfaces menu for both the Wan and Lan and hit save and apply for the Ipv6 portion to update. No changes were made to either interfaces.
ifcongfig output:
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether 00:1c:c0:7f:64:57 inet6 fe80::21c:c0ff:fe7f:6457%re0 prefixlen 64 scopeid 0x1 inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255 inet6 fe80::1:1%re0 prefixlen 64 scopeid 0x1 inet6 2602:100:44b8:yyyy::1 prefixlen 64 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:48 inet6 fe80::207:e9ff:fe1f:a948%em0 prefixlen 64 scopeid 0x2 inet 68.184.84.xxx netmask 0xfffffc00 broadcast 255.255.255.255 nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500 options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:07:e9:1f:a9:49 media: Ethernet autoselect status: no carrier enc0: flags=0<> metric 0 mtu 1536 pfsync0: flags=0<> metric 0 mtu 1460 syncpeer: 224.0.0.240 maxupd: 128 syncok: 1 lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384 options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6 nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33664 ue0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80008 <vlan_mtu,linkstate>ether 00:50:b6:0d:38:9d inet6 fe80::250:b6ff:fe0d:389d%ue0 prefixlen 64 scopeid 0x8 nd6 options=1 <performnud>media: Ethernet autoselect (100baseTX <full-duplex>) status: active ue1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 options=80000 <linkstate>ether 00:14:d1:1b:86:e1 inet6 fe80::214:d1ff:fe1b:86e1%ue1 prefixlen 64 scopeid 0x9 inet 192.168.10.1 netmask 0xfffffff0 broadcast 192.168.10.15 nd6 options=1 <performnud>media: Ethernet autoselect (10baseT/UTP <half-duplex>) status: active wan_stf: flags=4001 <up,link2>metric 0 mtu 1280 inet6 2602:100:44b8:yyyy:: prefixlen 32 nd6 options=3<performnud,accept_rtadv></performnud,accept_rtadv></up,link2></half-duplex></performnud></linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud></vlan_mtu,linkstate></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></broadcast,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast>netstat -rn output:
netstat -rn Routing tables Internet: Destination Gateway Flags Refs Use Netif Expire default 68.184.84.1 UGS 0 1671 em0 8.8.8.8 68.184.84.1 UGHS 0 2616 em0 24.197.160.17 68.184.84.1 UGHS 0 2606 em0 68.114.165.1 68.184.84.1 UGHS 0 0 em0 68.184.84.0/22 link#2 U 0 39934 em0 68.184.84.xxx link#2 UHS 0 0 lo0 127.0.0.1 link#6 UH 0 126 lo0 192.168.1.0/24 link#1 U 0 275560 re0 192.168.1.1 link#1 UHS 0 0 lo0 192.168.10.0/28 link#9 U 0 817 ue1 192.168.10.1 link#9 UHS 0 0 lo0 205.171.2.65 68.184.84.1 UGHS 0 2606 em0 Internet6: Destination Gateway Flags Netif Expire default 2602:100:4472:a501:: UGS wan_stf ::1 ::1 UH lo0 2602:100::/32 link#10 U wan_stf 2602:100:44b8:yyyy:: link#10 UHS lo0 => 2602:100:44b8:yyyy::/64 link#1 U re0 2602:100:44b8:yyyy::1 link#1 UHS lo0 fe80::%re0/64 link#1 U re0 fe80::1:1%re0 link#1 UHS lo0 fe80::21c:c0ff:fe7f:6457%re0 link#1 UHS lo0 fe80::%em0/64 link#2 U em0 fe80::207:e9ff:fe1f:a948%em0 link#2 UHS lo0 fe80::%lo0/64 link#6 U lo0 fe80::1%lo0 link#6 UHS lo0 fe80::%ue0/64 link#8 U ue0 fe80::250:b6ff:fe0d:389d%ue0 link#8 UHS lo0 fe80::%ue1/64 link#9 U ue1 fe80::214:d1ff:fe1b:86e1%ue1 link#9 UHS lo0 ff01::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff01::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff01::%lo0/32 ::1 U lo0 ff01::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff01::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1 ff02::%re0/32 fe80::21c:c0ff:fe7f:6457%re0 U re0 ff02::%em0/32 fe80::207:e9ff:fe1f:a948%em0 U em0 ff02::%lo0/32 ::1 U lo0 ff02::%ue0/32 fe80::250:b6ff:fe0d:389d%ue0 U ue0 ff02::%ue1/32 fe80::214:d1ff:fe1b:86e1%ue1 U ue1tcpdumps:
tcpdump -nnvvi re0 proto 41 tcpdump: listening on re0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 2020 packets received by filter 0 packets dropped by kernel tcpdump -nnvvi em0 proto 41 tcpdump: listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes ^C 0 packets captured 1802 packets received by filter 0 packets dropped by kernel tcpdump -ni wan_stf tcpdump: WARNING: wan_stf: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on wan_stf, link-type NULL (BSD loopback), capture size 96 bytes ^C 0 packets captured 0 packets received by filter 0 packets dropped by kernel/tmp/rules.debug
#System aliases loopback = "{ lo0 }" WAN = "{ em0 wan_stf }" LAN = "{ re0 }" WLAN = "{ ue1 }" PHONEDMZ = "{ ue0 }" # Gateways GWWAN_6RD = " route-to ( wan_stf 2602:100:4472:a501:: ) " GWWAN_DHCP = " route-to ( em0 68.184.84.1 ) " # IPv6 ICMP is not auxilary, it is required for operation # See man icmp6(4) # 1 unreach Destination unreachable # 2 toobig Packet too big # 128 echoreq Echo service request # xxx echorep Echo service reply # 133 routersol Router solicitation # 134 routeradv Router advertisement # 135 neighbrsol Neighbor solicitation # 136 neighbradv Neighbor advertisement pass quick inet6 proto ipv6-icmp from any to any icmp6-type {1,2,135,136} keep state # Allow only bare essential icmpv6 packets (NS, NA, and RA, echoreq, echorep) pass out quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {xxx,133,134,135,136} keep state pass out quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {xxx,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type {128,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type {128,133,134,135,136} keep state pass in quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type {128,133,134,135,136} keep state # We use the mighty pf, we cannot be fooled. block quick inet proto { tcp, udp } from any port = 0 to any block quick inet proto { tcp, udp } from any to any port = 0 block quick inet6 proto { tcp, udp } from any port = 0 to any block quick inet6 proto { tcp, udp } from any to any port = 0 # loopback pass in on $loopback inet all label "pass IPv4 loopback" pass out on $loopback inet all label "pass IPv4 loopback" pass in on $loopback inet6 all label "pass IPv6 loopback" pass out on $loopback inet6 all label "pass IPv6 loopback" # let out anything from the firewall host itself and decrypted IPsec traffic pass out inet all keep state allow-opts label "let out anything IPv4 from firewall host itself" pass out inet6 all keep state allow-opts label "let out anything IPv6 from firewall host itself" pass out route-to ( em0 68.184.84.1 ) from 68.184.84.xxx to !68.184.84.0/22 keep state allow-opts label "let out anything from firewall host itself" pass out route-to ( wan_stf 2602:100:4472:a501:: ) inet6 from 2602:100:44b8:yyyy:: to !2602:100:44b8:yyyy::/64 keep state allow-opts label "let out anything from firewall host itself" # make sure the user cannot lock himself out of the webConfigurator or SSH pass in quick on re0 proto tcp from any to (re0) port { 443 22 } keep state label "anti-lockout rule"radvd.conf :
# Automatically Generated, do not edit # Generated for DHCPv6 Server lan interface re0 { AdvSendAdvert on; MinRtrAdvInterval 5; MaxRtrAdvInterval 20; AdvLinkMTU 1500; AdvDefaultPreference medium; prefix 2602:100:44b8:5481::/64 { DeprecatePrefix on; }; route ::/0 { RemoveRoute on; }; RDNSS 2602:100:44b8:5481::1 { }; DNSSL localdomain { }; };dhcpdv6.conf :
option domain-name "localdomain"; option ldap-server code 95 = text; option domain-search-list code 119 = text; default-lease-time 7200; max-lease-time 86400; log-facility local7; ddns-update-style none; one-lease-per-client true; deny duplicates; ping-check true; authoritative; subnet6 2602:100:44b8:5481::/64 { range6 2602:100:44b8:5481::1000 2602:100:44b8:5481::2000; option dhcp6.name-servers 2602:100:44b8:5481::1; } -
What have you configured as your 6rd border ipv4 gateway?
-
6RD Configuration Settings
As part of Charter's IPv6 Trials we have made available a Public 6rd Border Relay. If you are interested in participating in our early trials and own a device that supports 6RD use this configuration information to begin experiencing the Next Generation Internet:6rd Prefix = 2602
:/32
Border Relay Address = 68.114.165.1
6rd prefix length = 32
IPv4 mask length = 0Primary DNS Address = 2607:f428:1::5353:1
Secondary DNS Address = 2607:f428:2::5353:1
-
Can you try issuing these commands until it works:
1- route add -inet6 default 260244b8:yyyy::1
Check if it works
2 - ifconfig wan_stf inet6 260244b8:yyyy:0::1/32
Check if it works
3 - route add -inet6 default 260244b8:yyyy::68.114.165.1
Check if it works -
Didn't have much luck, none of those worked.
route add -inet6 default 2602
44b8:yyyy::1
route: writing to routing socket: File exists
add net default: gateway 260244b8:yyyy::1: route already in tableping6 2607:f428:1::5353:1
–- 2607:f428:1::5353:1 ping6 statistics ---
12 packets transmitted, 0 packets received, 100.0% packet lossping6 ipv6.google.com
--- ipv6.l.google.com ping6 statistics ---
12 packets transmitted, 0 packets received, 100.0% packet lossifconfig wan_stf inet6 2602
44b8:yyyy:0::1/32
ifconfig: ioctl (SIOCAIFADDR): File existsping6 2607:f428:1::5353:1
–- 2607:f428:1::5353:1 ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet lossping6 ipv6.google.com
--- ipv6.l.google.com ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet lossroute add -inet6 default 2602
44b8:yyyy::68.114.165.1
route: writing to routing socket: File exists
add net default: gateway 260244b8:yyyy::68.114.165.1: route already in tableping6 2607:f428:1::5353:1
–- 2607:f428:1::5353:1 ping6 statistics ---
6 packets transmitted, 0 packets received, 100.0% packet lossping6 ipv6.google.com
--- ipv6.l.google.com ping6 statistics ---
10 packets transmitted, 0 packets received, 100.0% packet loss -
Ah you should delete the default gateway before trying route add :)
or issue 'route change' instead of 'route add'
-
Same result
route change -inet6 default 2602
44b8:yyyy::1
change net default: gateway 260244b8:yyyy::1ping6 2607:f428:1::5353:1
6 packets transmitted, 0 packets received, 100.0% packet lossifconfig wan_stf inet6 2602
44b8:yyyy:0::1/32
ifconfig: ioctl (SIOCAIFADDR): File existsping6 2607:f428:1::5353:1
3 packets transmitted, 0 packets received, 100.0% packet lossroute change -inet6 default 2602
44b8:yyyy::68.114.165.1
change net default: gateway 260244b8:yyyy::68.114.165.1ping6 2607:f428:1::5353:1
7 packets transmitted, 0 packets received, 100.0% packet loss -
Can you give me access to the system as well its easier that way.
-
I'm pretty sure the 6rd patch change on January 25 broke these. I just reverted those.
edit: change backed out, don't upgrade to Saturday's snapshot if using 6rd.
-
Don't upgrade if using 6rd at all for the moment. That change resulted in a kernel panic reboot loop when connecting to 6rd on Saturday's snapshot. I reverted things back to where they were a couple days ago. Sunday's snapshot should be fine, but probably want to wait to hear back from someone here.
-
No Panic with the latest, but no IPv6. I've run the tests prescribed earlier (manually setting routes) with no effect.
-
Hi guys,
Just tried the April 4th snapshot and it looks like 6RD is still broken.
Is there anything I can do to help you get the information you need to resolve this? Log files, remote access? Just let me know what you need and I would be happy to provide it.
-Will
-
Ermal has access to a system on my network that's now broken and can work from that.
-
It looks like it's still broken with the April 17th snapshot. I get a IP from my ISP tunnel, but i cant ping any other machine on the internet using ping6 through ssh.
-
I have the same issue with 6RD tunnel on Rogers.
-
Still not working with charter 6rd as of the May 10th build. Any updates on this?
-
Hi ddggttff3,
The ticket I opened back on 3\15 was accepted, but hasn't been touched since. The only thing I've heard (via another post) is that they have a box that exhibits the same issue at the shop & they can work on it in-house, so there's no need for remote access to a customer machine.
-Will
-
Anyone know where I can find the January 27th snapshot to revert so I can test the 6RD with it? I'm running it with Centrylink/Quest.