6in4 with Hurricane Electric not working

oupsman45 · June 25, 2018, 5:58am

Hi,

Since my ISP does not provide native IPv6 connectivity, I’ve been struggling with 6in4 since last week.

I’ve found the official documentation here : https://doc.turris.cz/doc/cs/howto/ipv6tunnel

and configured my Omnia accordingly.

But so far, it seems that I can’t reach the outsite world, both from my Linux laptop and the Omnia :

root@turris:~# ping -6 2001:200:dff:fff1:216:3eff:feb1:44d7
PING 2001:200:dff:fff1:216:3eff:feb1:44d7: 56 data bytes
ping: sendto: Network unreachable

Relevant part in /etc/config/network :

config interface ‘wan6’
option proto ‘6in4’
option mtu ‘1480’
option peeraddr ‘216.66.84.42’
option ip6prefix ‘2001:470:1f13:f::/64’
option tunnelid ‘123456’
option username ‘oupsman’
option password ‘edited’

(as my public IPV4 address changes from time to time, I don’t put in in the configuration and I’m relying on the update mechanism provided by HE)

Relevant part in /etc/config/firewall :

config rule
option name ‘wan6in4’
option family ‘ipv4’
option src ‘wan’
option src_ip ‘216.66.84.42’ #Server IPv4 address
option proto ‘41’
option target ‘ACCEPT’

ipv6 routing table on the Omnia :

root@turris:~# ip -6 route list
default from 2001:470:1f12:f::/64 dev 6in4-wan6 proto static metric 1024
default from 2001:470:1f13:f::/64 dev 6in4-wan6 proto static metric 1024
2001:470:1f12:f::/64 dev 6in4-wan6 proto kernel metric 256
2001:470:1f13:f::/64 dev br-lan proto static metric 1024
unreachable 2001:470:1f13:f::/64 dev lo proto static metric 2147483647 error -113
fd28:ea48:df82::/64 dev br-lan proto static metric 1024
unreachable fd28:ea48:df82::/48 dev lo proto static metric 2147483647 error -113
fe80::/64 dev br-lan proto kernel metric 256
fe80::/64 dev wlan1 proto kernel metric 256
fe80::/64 dev eth2 proto kernel metric 256
fe80::/64 dev wlan0 proto kernel metric 256
fe80::/64 dev eth1 proto kernel metric 256
fe80::/64 dev 6in4-wan6 proto kernel metric 256

I don’t have any default gw for ipv6 but I don’t have any RA in the tunnel either, I’m trying to capture them with tcpdump :

root@turris:~# tcpdump -i 6in4-wan6 icmp6 and ‘ip6[40] = 134’
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 6in4-wan6, link-type RAW (Raw IP), capture size 262144 bytes

I let the capture running from 30 minutes, but not luck.

The tunnel is working because I can reach the other end of it from my laptop.

So if any of you guys have any idea, I’ll be very interested.

Thanks in advance.

oupsman45 · June 25, 2018, 10:27am

One more thing, it’s working now but I have to restart the firewall service after the tunnel gets up.

I don’t understand why.