All of lore.kernel.org
 help / color / mirror / Atom feed
From: Martin Maurer <martin.maurer@mmeacs.de>
To: lartc@vger.kernel.org
Subject: Ping over IPv6 IP6IP6 tunnels not working
Date: Fri, 22 Mar 2024 11:57:29 +0100	[thread overview]
Message-ID: <f7ae26b3-4a90-47ee-8d73-99be66651346@mmeacs.de> (raw)

Hello,

I am using 2 Raspberry Pis and trying to establish tunnels: 2 for IPv4 
and 2 for IPv6. I used separate ones, so in sum 4 tunnels.

I have done the following changes/calls:

$ cat /etc/network/interfaces.d/eth2
auto eth2

iface eth2 inet static
    address 192.168.180.2
    netmask 255.255.255.0
    up ip addr add 192.168.180.4/24 dev eth2

iface eth2 inet6 static
     address 5001:192:168:180::2
     netmask 4
     up ip addr add 5001:192:168:180::4/4 dev eth2
$

I get and see these IP addresses.


$ cat /etc/iproute2/rt_tables
#
# reserved values
#
255     local
254     main
253     default
102     mytunneltable2
101     mytunneltable1
0       unspec
#
# local
#
#1      inr.ruhep
$


$ cat install_ipip_tunnel_with_own_routing_tables.sh
#!/bin/sh

sysctl -w net.ipv4.conf.all.forwarding=1
sysctl -w net.ipv6.conf.all.forwarding=1

ip tunnel del mytunnel1
ip tunnel add mytunnel1 mode ipip ttl 64 local 192.168.180.2 remote 
192.168.180.1 dev eth2
ip addr add 10.0.0.2/30 dev mytunnel1
ip link set mytunnel1 up

ip tunnel del mytunnel2
ip tunnel add mytunnel2 mode ipip ttl 64 local 192.168.180.4 remote 
192.168.180.3 dev eth2
ip addr add 10.0.0.4/30 dev mytunnel2
ip link set mytunnel2 up

# Setup tunnel 3 for IPv6
ifconfig mytunnel1ipv6 down
ifconfig mytunnel1ipv6 up
ip tunnel del mytunnel1ipv6
ip -6 tunnel add mytunnel1ipv6 mode ip6ip6 ttl 64 local 
5001:192:168:180::2 remote 5001:192:168:180::1 dev eth2
ip link set dev mytunnel1ipv6 up
ip -6 addr flush dev mytunnel1ipv6
ip -6 route flush dev mytunnel1ipv6 table mytunneltable1
ip -6 addr add 4001:192:168:180::2 dev mytunnel1ipv6
ip -6 route add 2001::/4 dev mytunnel1ipv6 table mytunneltable1

# Setup tunnel 4 for IPv6
ip tunnel del mytunnel2ipv6
ip -6 tunnel add mytunnel2ipv6 mode ip6ip6 ttl 64 local 
5001:192:168:180::4 remote 5001:192:168:180::3 dev eth2
ip link set dev mytunnel2ipv6 up
ip -6 addr flush dev mytunnel2ipv6
ip -6 route flush dev mytunnel2ipv6 table mytunneltable2
ip -6 addr add 3001:192:168:180::4 dev mytunnel2ipv6
ip -6 route add 2001::/4 dev mytunnel2ipv6 table mytunneltable2

$


$ ip -6 route
3001:192:168:180::4 dev mytunnel2ipv6 proto kernel metric 256 pref medium
4001:192:168:180::2 dev mytunnel1ipv6 proto kernel metric 256 pref medium
5000::/4 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev mytunnel1 proto kernel metric 256 pref medium
fe80::/64 dev mytunnel2 proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 1024 pref medium
$ ip -6 route list table mytunneltable1
2000::/4 dev mytunnel1ipv6 metric 1024 pref medium
$ ip -6 route list table mytunneltable2
2000::/4 dev mytunnel2ipv6 metric 1024 pref medium
$


When trying to execute pings, I get an error message:

$ sudo ping -6 -I mytunnel1ipv6 2001:4860:4860::8888
ping: connect: Network is unreachable
$ sudo ping -6 -I mytunnel2ipv6 2001:4860:4860::8888
ping: connect: Network is unreachable
$

But the tunnels seems to be existing:

$ ip -6 tunnel show
ip6tnl0: ipv6/ipv6 remote :: local :: encaplimit 0 hoplimit inherit 
tclass 0x00 flowlabel 0x00000 (flowinfo 0x00000000)
mytunnel1ipv6: ipv6/ipv6 remote 5001:192:168:180::1 local 
5001:192:168:180::2 dev eth2 encaplimit 4 hoplimit 64 tclass 0x00 
flowlabel 0x00000 (flowinfo 0x00000000)
mytunnel2ipv6: ipv6/ipv6 remote 5001:192:168:180::3 local 
5001:192:168:180::4 dev eth2 encaplimit 4 hoplimit 64 tclass 0x00 
flowlabel 0x00000 (flowinfo 0x00000000)
$

I can also ping the "outer" (real) addresses:

$ ping -6 5001:192:168:180::1 -c 1
PING 5001:192:168:180::1(5001:192:168:180::1) 56 data bytes
64 bytes from 5001:192:168:180::1: icmp_seq=1 ttl=64 time=1.70 ms

--- 5001:192:168:180::1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.700/1.700/1.700/0.000 ms
$ ping -6 5001:192:168:180::3 -c 1
PING 5001:192:168:180::3(5001:192:168:180::3) 56 data bytes
64 bytes from 5001:192:168:180::3: icmp_seq=1 ttl=64 time=1.68 ms

--- 5001:192:168:180::3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.678/1.678/1.678/0.000 ms
$


I know the 2001::/4 in "route add" is not useable for all Internet IPv6 
addresses, but at least for these test pings that shall be enough?

Someone an idea, what could be wrong/missing?

Many thanks!

Best regards,

Martin


             reply	other threads:[~2024-03-22 11:19 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-03-22 10:57 Martin Maurer [this message]
2024-03-28  3:36 ` Ping over IPv6 IP6IP6 tunnels not working Grant Taylor
2024-03-28 10:29 ` Erik Auerswald

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f7ae26b3-4a90-47ee-8d73-99be66651346@mmeacs.de \
    --to=martin.maurer@mmeacs.de \
    --cc=lartc@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.