All of lore.kernel.org
 help / color / mirror / Atom feed
* Ping over IPv6 IP6IP6 tunnels not working
@ 2024-03-22 10:57 Martin Maurer
  2024-03-28  3:36 ` Grant Taylor
  2024-03-28 10:29 ` Erik Auerswald
  0 siblings, 2 replies; 3+ messages in thread
From: Martin Maurer @ 2024-03-22 10:57 UTC (permalink / raw)
  To: lartc

Hello,

I am using 2 Raspberry Pis and trying to establish tunnels: 2 for IPv4 
and 2 for IPv6. I used separate ones, so in sum 4 tunnels.

I have done the following changes/calls:

$ cat /etc/network/interfaces.d/eth2
auto eth2

iface eth2 inet static
    address 192.168.180.2
    netmask 255.255.255.0
    up ip addr add 192.168.180.4/24 dev eth2

iface eth2 inet6 static
     address 5001:192:168:180::2
     netmask 4
     up ip addr add 5001:192:168:180::4/4 dev eth2
$

I get and see these IP addresses.


$ cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
102     mytunneltable2
101     mytunneltable1
0       unspec
#
# local
#
#1      inr.ruhep
$


$ cat install_ipip_tunnel_with_own_routing_tables.sh
#!/bin/sh

sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv6.conf.all.forwarding=1

ip tunnel del mytunnel1
ip tunnel add mytunnel1 mode ipip ttl 64 local 192.168.180.2 remote 
192.168.180.1 dev eth2
ip addr add 10.0.0.2/30 dev mytunnel1
ip link set mytunnel1 up

ip tunnel del mytunnel2
ip tunnel add mytunnel2 mode ipip ttl 64 local 192.168.180.4 remote 
192.168.180.3 dev eth2
ip addr add 10.0.0.4/30 dev mytunnel2
ip link set mytunnel2 up

# Setup tunnel 3 for IPv6
ifconfig mytunnel1ipv6 down
ifconfig mytunnel1ipv6 up
ip tunnel del mytunnel1ipv6
ip -6 tunnel add mytunnel1ipv6 mode ip6ip6 ttl 64 local 
5001:192:168:180::2 remote 5001:192:168:180::1 dev eth2
ip link set dev mytunnel1ipv6 up
ip -6 addr flush dev mytunnel1ipv6
ip -6 route flush dev mytunnel1ipv6 table mytunneltable1
ip -6 addr add 4001:192:168:180::2 dev mytunnel1ipv6
ip -6 route add 2001::/4 dev mytunnel1ipv6 table mytunneltable1

# Setup tunnel 4 for IPv6
ip tunnel del mytunnel2ipv6
ip -6 tunnel add mytunnel2ipv6 mode ip6ip6 ttl 64 local 
5001:192:168:180::4 remote 5001:192:168:180::3 dev eth2
ip link set dev mytunnel2ipv6 up
ip -6 addr flush dev mytunnel2ipv6
ip -6 route flush dev mytunnel2ipv6 table mytunneltable2
ip -6 addr add 3001:192:168:180::4 dev mytunnel2ipv6
ip -6 route add 2001::/4 dev mytunnel2ipv6 table mytunneltable2

$


$ ip -6 route
3001:192:168:180::4 dev mytunnel2ipv6 proto kernel metric 256 pref medium
4001:192:168:180::2 dev mytunnel1ipv6 proto kernel metric 256 pref medium
5000::/4 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev mytunnel1 proto kernel metric 256 pref medium
fe80::/64 dev mytunnel2 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 1024 pref medium
$ ip -6 route list table mytunneltable1
2000::/4 dev mytunnel1ipv6 metric 1024 pref medium
$ ip -6 route list table mytunneltable2
2000::/4 dev mytunnel2ipv6 metric 1024 pref medium
$


When trying to execute pings, I get an error message:

$ sudo ping -6 -I mytunnel1ipv6 2001:4860:4860::8888
ping: connect: Network is unreachable
$ sudo ping -6 -I mytunnel2ipv6 2001:4860:4860::8888
ping: connect: Network is unreachable
$

But the tunnels seems to be existing:

$ ip -6 tunnel show
ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit inherit 
tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
mytunnel1ipv6: ipv6/ipv6 remote 5001:192:168:180::1 local 
5001:192:168:180::2 dev eth2 encaplimit 4 hoplimit 64 tclass 0x00 
flowlabel 0x00000 (flowinfo 0x00000000)
mytunnel2ipv6: ipv6/ipv6 remote 5001:192:168:180::3 local 
5001:192:168:180::4 dev eth2 encaplimit 4 hoplimit 64 tclass 0x00 
flowlabel 0x00000 (flowinfo 0x00000000)
$

I can also ping the "outer" (real) addresses:

$ ping -6 5001:192:168:180::1 -c 1
PING 5001:192:168:180::1(5001:192:168:180::1) 56 data bytes
64 bytes from 5001:192:168:180::1: icmp_seq=1 ttl=64 time=1.70 ms

--- 5001:192:168:180::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.700/1.700/1.700/0.000 ms
$ ping -6 5001:192:168:180::3 -c 1
PING 5001:192:168:180::3(5001:192:168:180::3) 56 data bytes
64 bytes from 5001:192:168:180::3: icmp_seq=1 ttl=64 time=1.68 ms

--- 5001:192:168:180::3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.678/1.678/1.678/0.000 ms
$


I know the 2001::/4 in "route add" is not useable for all Internet IPv6 
addresses, but at least for these test pings that shall be enough?

Someone an idea, what could be wrong/missing?

Many thanks!

Best regards,

Martin


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Ping over IPv6 IP6IP6 tunnels not working
  2024-03-22 10:57 Ping over IPv6 IP6IP6 tunnels not working Martin Maurer
@ 2024-03-28  3:36 ` Grant Taylor
  2024-03-28 10:29 ` Erik Auerswald
  1 sibling, 0 replies; 3+ messages in thread
From: Grant Taylor @ 2024-03-28  3:36 UTC (permalink / raw)
  To: Linux Advanced Routing & Traffic Control

[-- Attachment #1: Type: text/plain, Size: 1335 bytes --]

On 3/22/24 05:57, Martin Maurer wrote:
> Hello,

Hi,

> I am using 2 Raspberry Pis and trying to establish tunnels: 2 for IPv4 
> and 2 for IPv6. I used separate ones, so in sum 4 tunnels.

I'm not sure why you're using two tunnels, but I seriously doubt that's 
causing any problems for you.

> I have done the following changes/calls:

I've quickly skimmed your commands and don't see anything that stands 
out as obviously wrong.

> $ sudo ping -6 -I mytunnel1ipv6 2001:4860:4860::8888
> ping: connect: Network is unreachable
> $ sudo ping -6 -I mytunnel2ipv6 2001:4860:4860::8888
> ping: connect: Network is unreachable
> $

I think "Network is unreachable" means that the kernel doesn't think it 
has a viable route to the network.

> I can also ping the "outer" (real) addresses:

Can you ping the inner IP address on the far side of the IP-IP tunnel?

If you can't ping the IP that you're trying to use as a gateway to get 
to the 2001::/4 network, the kernel would think that it doesn't have a 
functioning route.

> I know the 2001::/4 in "route add" is not useable for all Internet IPv6 
> addresses, but at least for these test pings that shall be enough?

Agreed.

> Someone an idea, what could be wrong/missing?

Start with basics, can you ping the far inside IP of the tunnel(s).

> Many thanks!

:-)



-- 
Grant. . . .

[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4033 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: Ping over IPv6 IP6IP6 tunnels not working
  2024-03-22 10:57 Ping over IPv6 IP6IP6 tunnels not working Martin Maurer
  2024-03-28  3:36 ` Grant Taylor
@ 2024-03-28 10:29 ` Erik Auerswald
  1 sibling, 0 replies; 3+ messages in thread
From: Erik Auerswald @ 2024-03-28 10:29 UTC (permalink / raw)
  To: lartc

Hi,

On Fri, Mar 22, 2024 at 11:57:29AM +0100, Martin Maurer wrote:
> I am using 2 Raspberry Pis and trying to establish tunnels: 2 for
> IPv4 and 2 for IPv6. I used separate ones, so in sum 4 tunnels.
> 
> I have done the following changes/calls:
> [...]
> Someone an idea, what could be wrong/missing?

I am not sure, but I did not notice any "ip rule add ..." to make use
of the new routing tables.

Erik

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2024-03-28 10:34 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-03-22 10:57 Ping over IPv6 IP6IP6 tunnels not working Martin Maurer
2024-03-28  3:36 ` Grant Taylor
2024-03-28 10:29 ` Erik Auerswald

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.