6in4 with Hurricane Electric ping6 Permission denied

Software SW help
1

Hello,

I’ve configured 6in4 tunnel as mentioned in manuals.
I have a static IPv4 address, but it is implemented by the ISP as DNAT.
Even when I’ve added the optional tunnel ID… for dynamic IPv4 address when I try to ping6, I’m getting connect: Permission denied so it looks I did something wrong…

# cat /etc/turris-version 
5.3.4

root:~# uci show network.wan6
network.wan6=interface
network.wan6.enabled='0'
network.wan6.noserverunicast='1'
network.wan6.ifname='@wan'
network.wan6.proto='6in4'
network.wan6.mtu='1480'
network.wan6.peeraddr='216.66.86.122'
network.wan6.ip6addr=''
network.wan6.ip6prefix='2001:470:6f:3c::/64'
network.wan6.tunnelid='704xxx'
network.wan6.username='xxx'
network.wan6.password='xxx'

root@:~# uci show firewall.turris_wan_6in4_rule
firewall.turris_wan_6in4_rule=rule
firewall.turris_wan_6in4_rule.enabled='1'
firewall.turris_wan_6in4_rule.family='ipv4'
firewall.turris_wan_6in4_rule.proto='41'
firewall.turris_wan_6in4_rule.target='ACCEPT'
firewall.turris_wan_6in4_rule.src='wan'
firewall.turris_wan_6in4_rule.src_ip='216.66.86.122'

root@:~# nslookup nebezi.cz
Server:		127.0.0.1
Address:	127.0.0.1#53

*** Can't find nebezi.cz: No answer
Name:      nebezi.cz
Address 1: 2001:1528:132:70::ebe2
root@:~# ping6 nebezi.cz
connect: Permission denied

What mistake I did?

2

You did not used the reForis.

Can you paste here more info? routing table, ip addresses etc.

3

Actually, I did, but since it did not work, I searched for other manuals and found the mentioned page. BTW, the result was the same…

root:~# ip addr sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::da58:d7ff:fe00:37eb/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::da58:d7ff:fe00:37e9/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:d7:00:37:ea brd ff:ff:ff:ff:ff:ff
    inet 10.67.65.10/24 brd 10.67.65.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:37ea/64 scope link 
       valid_lft forever preferred_lft forever
5: lan0@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
6: lan1@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
7: lan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
9: lan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global lan4
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:37eb/64 scope link 
       valid_lft forever preferred_lft forever
10: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
    link/tunnel6 :: brd ::
11: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
12: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether f6:de:4f:0c:9a:5e brd ff:ff:ff:ff:ff:ff
13: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 86:df:2d:d6:61:bd brd ff:ff:ff:ff:ff:ff
14: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
15: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
19: br-guest_turris: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-guest_turris
       valid_lft forever preferred_lft forever
    inet6 fe80::4f0:21ff:fe22:da4c/64 scope link 
       valid_lft forever preferred_lft forever
20: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:37e9/64 scope link 
       valid_lft forever preferred_lft forever
29: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 04:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6f0:21ff:fe22:da4c/64 scope link 
       valid_lft forever preferred_lft forever
30: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 04:f0:21:24:09:ef brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6f0:21ff:fe24:9ef/64 scope link 
       valid_lft forever preferred_lft forever
36: guest_turris_1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest_turris state UP group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4f0:21ff:fe22:da4c/64 scope link 
       valid_lft forever preferred_lft forever
38: ifb4br-guest_tu: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN group default qlen 32
    link/ether 1e:5d:74:a1:1a:e9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::1c5d:74ff:fea1:1ae9/64 scope link 
       valid_lft forever preferred_lft forever
49: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/sit 10.67.65.10 peer 216.66.86.122
    inet6 fe80::a43:410a/64 scope link 
       valid_lft forever preferred_lft forever
50: tun_turris: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.111.111.1 peer 10.111.111.2/32 scope global tun_turris
       valid_lft forever preferred_lft forever
    inet6 fe80::53c2:9c0f:8af6:a578/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
root:~# ip route
default via 10.67.65.1 dev eth2 proto static 
10.67.65.0/24 dev eth2 proto kernel scope link src 10.67.65.10 
10.111.111.0/24 via 10.111.111.2 dev tun_turris 
10.111.111.2 dev tun_turris proto kernel scope link src 10.111.111.1 
38.142.177.19 via 10.67.65.1 dev eth2 proto static 
192.168.0.0/24 dev br-lan proto kernel scope link src 192.168.0.1 
192.168.1.0/24 dev lan4 proto static scope link 
192.168.2.0/24 dev br-guest_turris proto kernel scope link src 192.168.2.1 
192.168.15.0/24 via 192.168.1.1 dev lan4 proto static 
216.66.86.122 via 10.67.65.1 dev eth2 proto static

I’m surprised by the permission denied error.

Thanks, ales

4

Can you please paste output of ip -6 route show?

This is a sign that the device does not know the route to the Internet.

5

Here it is:

default from 2001:470:6f:3c::/64 dev 6in4-wan6 proto static metric 1024 pref medium
unreachable 2001:470:6f:3c::/64 dev lo proto static metric 2147483647 error 4294967183 pref medium
unreachable fd4f:2990:92af::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev lan4 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev br-guest_turris proto kernel metric 256 pref medium
fe80::/64 dev guest_turris_1 proto kernel metric 256 pref medium
fe80::/64 dev ifb4br-guest_tu proto kernel metric 256 pref medium
fe80::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
fe80::/64 dev tun_turris proto kernel metric 256 pref medium

So the error is ate least somewhat “expected”.

The difference I’m aware of is the fact, that the public static IPv4 is DNAT, so my Omnia WAN address is different, but for all other services it works like a charm.
Thanks ales

6

Okay.
Is this your first setup or has it been working before? DNAT should not be a problem, if your ISP forwards all protocols and not just a set of them.

By the way, I have noticed you have not assigned any IP address to your router - the router does know the default route, but does not know its IPv6 address. You need to assign some address from 2001:470:6f:3c::/64 to some interface.

7

Can you try to set it to '1'?

8

Here it is:

root@atom:~# uci set network.wan6.enabled=1
root@atom:~# uci commit network
root@atom:~# uci show network.wan6.enabled
network.wan6.enabled='1'
root@atom:~# ip -6 route show
default from 2001:470:6f:3c::/64 dev 6in4-wan6 proto static metric 1024 pref medium
unreachable 2001:470:6f:3c::/64 dev lo proto static metric 2147483647 error 4294967183 pref medium
unreachable fd4f:2990:92af::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev lan4 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev br-guest_turris proto kernel metric 256 pref medium
fe80::/64 dev guest_turris_1 proto kernel metric 256 pref medium
fe80::/64 dev ifb4br-guest_tu proto kernel metric 256 pref medium
fe80::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
fe80::/64 dev tun_turris proto kernel metric 256 pref medium

ip link:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 532
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 532
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 532
    link/ether d8:58:d7:00:37:ea brd ff:ff:ff:ff:ff:ff
5: lan0@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
6: lan1@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
7: lan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
9: lan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
10: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/tunnel6 :: brd ::
11: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
12: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether f6:de:4f:0c:9a:5e brd ff:ff:ff:ff:ff:ff
13: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether 86:df:2d:d6:61:bd brd ff:ff:ff:ff:ff:ff
14: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
15: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
19: br-guest_turris: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP mode DEFAULT group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
20: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
29: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 04:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
30: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 04:f0:21:24:09:ef brd ff:ff:ff:ff:ff:ff
36: guest_turris_1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest_turris state UP mode DEFAULT group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
38: ifb4br-guest_tu: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN mode DEFAULT group default qlen 32
    link/ether 1e:5d:74:a1:1a:e9 brd ff:ff:ff:ff:ff:ff
49: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/sit 10.67.65.10 peer 216.66.86.122
50: tun_turris: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 100
    link/none
9

You forgot to restart the network. service network restart

10

yup… sorry:

root@atom:~# service network restart
root@atom:~# ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 532
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 532
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 532
    link/ether d8:58:d7:00:37:ea brd ff:ff:ff:ff:ff:ff
5: lan0@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
6: lan1@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
7: lan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
9: lan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
10: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/tunnel6 :: brd ::
11: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
12: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether f6:de:4f:0c:9a:5e brd ff:ff:ff:ff:ff:ff
13: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 32
    link/ether 86:df:2d:d6:61:bd brd ff:ff:ff:ff:ff:ff
14: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
15: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
50: tun_turris: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN mode DEFAULT group default qlen 100
    link/none 
51: br-guest_turris: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
52: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
53: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/sit 10.67.65.10 peer 216.66.86.122
54: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 04:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
55: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP mode DEFAULT group default qlen 1000
    link/ether 04:f0:21:24:09:ef brd ff:ff:ff:ff:ff:ff
59: guest_turris_1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest_turris state UP mode DEFAULT group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
root@atom:~# ping nebezi.cz
ping: unknown host nebezi.cz
root@atom:~# ping6 nebezi.cz
connect: Permission denied
11

Uff… Can you paste the output with IP addresses?

12

Here they are:

root@atom:~# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::da58:d7ff:fe00:37eb/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::da58:d7ff:fe00:37e9/64 scope link 
       valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 532
    link/ether d8:58:d7:00:37:ea brd ff:ff:ff:ff:ff:ff
    inet 10.67.65.10/24 brd 10.67.65.255 scope global eth2
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:37ea/64 scope link 
       valid_lft forever preferred_lft forever
5: lan0@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
6: lan1@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
7: lan2@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
8: lan3@eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
9: lan4@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc noqueue state UP group default qlen 1000
    link/ether d8:58:d7:00:37:eb brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global lan4
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:37eb/64 scope link 
       valid_lft forever preferred_lft forever
10: ip6tnl0@NONE: <NOARP> mtu 1452 qdisc noop state DOWN group default qlen 1000
    link/tunnel6 :: brd ::
11: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
    link/sit 0.0.0.0 brd 0.0.0.0
12: ifb0: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether f6:de:4f:0c:9a:5e brd ff:ff:ff:ff:ff:ff
13: ifb1: <BROADCAST,NOARP> mtu 1500 qdisc noop state DOWN group default qlen 32
    link/ether 86:df:2d:d6:61:bd brd ff:ff:ff:ff:ff:ff
14: gre0@NONE: <NOARP> mtu 1476 qdisc noop state DOWN group default qlen 1000
    link/gre 0.0.0.0 brd 0.0.0.0
15: gretap0@NONE: <BROADCAST,MULTICAST> mtu 1462 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
16: erspan0@NONE: <BROADCAST,MULTICAST> mtu 1450 qdisc noop state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
51: br-guest_turris: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-guest_turris
       valid_lft forever preferred_lft forever
    inet6 fe80::4f0:21ff:fe22:da4c/64 scope link 
       valid_lft forever preferred_lft forever
52: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d8:58:d7:00:37:e9 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.1/24 brd 192.168.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fe80::da58:d7ff:fe00:37e9/64 scope link 
       valid_lft forever preferred_lft forever
53: 6in4-wan6@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1480 qdisc noqueue state UNKNOWN group default qlen 1000
    link/sit 10.67.65.10 peer 216.66.86.122
    inet6 fe80::a43:410a/64 scope link 
       valid_lft forever preferred_lft forever
54: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 04:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6f0:21ff:fe22:da4c/64 scope link 
       valid_lft forever preferred_lft forever
55: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 04:f0:21:24:09:ef brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6f0:21ff:fe24:9ef/64 scope link 
       valid_lft forever preferred_lft forever
59: guest_turris_1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-guest_turris state UP group default qlen 1000
    link/ether 06:f0:21:22:da:4c brd ff:ff:ff:ff:ff:ff
    inet6 fe80::4f0:21ff:fe22:da4c/64 scope link 
       valid_lft forever preferred_lft forever
63: ifb4br-guest_tu: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb state UNKNOWN group default qlen 32
    link/ether 8a:6f:44:b5:93:57 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::886f:44ff:feb5:9357/64 scope link 
       valid_lft forever preferred_lft forever
70: tun_turris: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
    link/none 
    inet 10.111.111.1 peer 10.111.111.2/32 scope global tun_turris
       valid_lft forever preferred_lft forever
    inet6 fe80::21fe:a3f7:99b1:9cb6/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
13

Yes, still the same problem. Assign some IPv6 address to your lan interface.

14

Magic :slight_smile: enabling IPv6 on LAN0 and it seem to work:

root@atom:~# ping6 2001:470:6f:3c::1
PING 2001:470:6f:3c::1(2001:470:6f:3c::1) 56 data bytes
64 bytes from 2001:470:6f:3c::1: icmp_seq=1 ttl=64 time=0.101 ms
64 bytes from 2001:470:6f:3c::1: icmp_seq=2 ttl=64 time=0.100 ms
^C
--- 2001:470:6f:3c::1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1042ms
rtt min/avg/max/mdev = 0.100/0.100/0.101/0.010 ms
root@atom:~# ping6 nebezi.cz
PING nebezi.cz(www.nebezi.cz) 56 data bytes
64 bytes from www.nebezi.cz: icmp_seq=1 ttl=60 time=8.27 ms
64 bytes from www.nebezi.cz: icmp_seq=2 ttl=60 time=6.58 ms
^C
--- nebezi.cz ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 6.581/7.428/8.275/0.847 ms

Thanks a lot for you incredible patience and support!

15

Laptop, unlike the router is not able to to use IPv6

Shall I change some of the DHCP setting for LAN interface?

image
image910×456 28.8 KB

Thanks

16

Yes. I guess you have already tried and figured out the correct settings. For the others - RA and DHCPv6 must be set to ‘server’

17

Thanks for your support!

18

I am trying to reproduce your configuration. But I am failing.
I managed to get IPv6 connectivity somehow but only on the router:

root@router:~# ping6 nebezi.cz
PING nebezi.cz(www.nebezi.cz) 56 data bytes
64 bytes from www.nebezi.cz: icmp_seq=1 ttl=58 time=44.9 ms
64 bytes from www.nebezi.cz: icmp_seq=2 ttl=58 time=43.2 ms
64 bytes from www.nebezi.cz: icmp_seq=3 ttl=58 time=40.4 ms
64 bytes from www.nebezi.cz: icmp_seq=4 ttl=58 time=37.0 ms
64 bytes from www.nebezi.cz: icmp_seq=5 ttl=58 time=55.6 ms
^C
--- nebezi.cz ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 37.070/44.252/55.627/6.283 ms

But from the client (my laptop) I cannot ping IPv6 only website:

areyouloco@studio:~$ ping6 nebezi.cz
PING nebezi.cz(www.nebezi.cz (2001:1528:132:70::ebe2)) 56 data bytes
From _gateway (fe80::da58:d7ff:fe00:20ac%enp0s25) icmp_seq=34 Destination unreachable: No route
From _gateway (fe80::da58:d7ff:fe00:20ac%enp0s25) icmp_seq=35 Destination unreachable: No route
From fd00:1337:bad:c0de:4:11fe:0:254 (fd00:1337:bad:c0de:4:11fe:0:254) icmp_seq=36 Destination unreachable: No route
From fd00:1337:bad:c0de:4:11fe:0:254 (fd00:1337:bad:c0de:4:11fe:0:254) icmp_seq=37 Destination unreachable: No route
From fd00:1337:bad:c0de:4:11fe:0:254 (fd00:1337:bad:c0de:4:11fe:0:254) icmp_seq=38 Destination unreachable: No route
From fd00:1337:bad:c0de:4:11fe:0:254 (fd00:1337:bad:c0de:4:11fe:0:254) icmp_seq=39 Destination unreachable: No route
From fd00:1337:bad:c0de:4:11fe:0:254 (fd00:1337:bad:c0de:4:11fe:0:254) icmp_seq=40 Destination unreachable: No route
^CFrom fd00:1337:bad:c0de:4:11fe:0:254 icmp_seq=41 Destination unreachable: No route

--- nebezi.cz ping statistics ---
41 packets transmitted, 0 received, +8 errors, 100% packet loss, time 40791ms

Any ideas? It says no route. Where should I set the route?

19

Surprisingly, it stopped working for me as well. It looks that the IPv6 tunnel for whatever reason ends up to my guest network.

root@atom:~# ip -6 route
default from 2001:470:6f:3c::/64 dev 6in4-wan6 proto static metric 1024 pref medium
2001:470:6f:3c::/64 dev br-guest_turris proto static metric 1024 pref medium
unreachable 2001:470:6f:3c::/64 dev lo proto static metric 2147483647 error 4294967183 pref medium
fd4f:2990:92af::/64 dev br-guest_turris proto static metric 1024 pref medium
fd4f:2990:92af:1::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd4f:2990:92af::/48 dev lo proto static metric 2147483647 error 4294967183 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev lan4 proto kernel metric 256 pref medium
fe80::/64 dev eth2 proto kernel metric 256 pref medium
fe80::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev br-guest_turris proto kernel metric 256 pref medium
fe80::/64 dev guest_turris_1 proto kernel metric 256 pref medium
fe80::/64 dev ifb4br-guest_tu proto kernel metric 256 pref medium
fe80::/64 dev tun_turris proto kernel metric 256 pref medium
20

I also had this problem. Set your public IP in Local IPv4 address