Tunnel ipv6 traffic of clients over aiccu tunnel

Hi,
does anyone managed to setup aiccu to tunnel all IPv6 traffic of the internal network over the aiccu tunnel? Somehow I can’t get it working.

Here is my config for the wan6 interface:

config interface 'wan6'
    option _orig_ifname '@wan'
    option _orig_bridge 'false'
    option proto 'aiccu'
    option username 'M*****-SIXXS' #sixxs username
    option password '*******' #sixxs password
    option tunnelid 'T*****' # tunnelid
    option ip6prefix '2001:6f8:900:XXXX::/64'
    option heartbeat '0'
    option ip6addr '2001:6f8:900:YYY::2'
    option nat '1'

Ping6 from the omnia to sixxs.net and ipv6.google.com is working.
When trying to ping ipv6.google.com from a client behind the omnia I get a timeout.

Here is an tcpdump from the omnia when I try to ping ipv6.google.com(shown as muc03s14-in-x0e.1e100.net) from a client (has 2001:6f8:900:903d:5999:ac85:6d72:a945 assigned by the omnia, which is in the ipv6 subnet of the tunnel). At the same time some other connection are also tried to established.

root@turris:~# tcpdump -i aiccu-wan6
tcpdump: WARNING: aiccu-wan6: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on aiccu-wan6, link-type RAW (Raw IP), capture size 65535 bytes    
02:30:47.692583 IP6 www.turris.cz.443 > 2001:6f8:900:903d:5999:ac85:6d72:a945.12899: Flags [.], ack 16584, win 1439, length 0
02:30:47.876875 IP6 2001:6f8:900:903d:5999:ac85:6d72:a945 > muc03s14-in-x0e.1e100.net: HBH ICMP6, echo request, seq 47, length 40
02:30:52.395740 IP6 2001:6f8:900:903d:5999:ac85:6d72:a945 > muc03s14-in-x0e.1e100.net: HBH ICMP6, echo request, seq 48, length 40
02:30:57.393909 IP6 2001:6f8:900:903d:5999:ac85:6d72:a945 > muc03s14-in-x0e.1e100.net: HBH ICMP6, echo request, seq 49, length 40
02:30:57.983752 IP6 2001:6f8:900:903d:5999:ac85:6d72:a945.4907 > wb-in-xbc.1e100.net.5228: Flags [.], seq 0:1, ack 1, win 253, length 1
02:30:58.057278 IP6 wb-in-xbc.1e100.net.5228 > 2001:6f8:900:903d:5999:ac85:6d72:a945.4907: Flags [.], ack 1, win 357, options [nop,nop,sack 1 {0:1}], length 0

As you can see the ipv6 ping packets from the client get to omnia but the omnia somehow does not receive the responses.
The same ping from the omnia shows this:

02:28:21.564752 IP6 cl-4158.ham-01.de.sixxs.net > muc03s14-in-x0e.1e100.net: ICMP6, echo request, seq 0, length 64
02:28:21.624460 IP6 muc03s14-in-x0e.1e100.net > cl-4158.ham-01.de.sixxs.net: ICMP6, echo reply, seq 0, length 64
02:28:22.564844 IP6 cl-4158.ham-01.de.sixxs.net > muc03s14-in-x0e.1e100.net: ICMP6, echo request, seq 1, length 64
02:28:22.624381 IP6 muc03s14-in-x0e.1e100.net > cl-4158.ham-01.de.sixxs.net: ICMP6, echo reply, seq 1, length 64
02:28:23.564993 IP6 cl-4158.ham-01.de.sixxs.net > muc03s14-in-x0e.1e100.net: ICMP6, echo request, seq 2, length 64
02:28:23.624391 IP6 muc03s14-in-x0e.1e100.net > cl-4158.ham-01.de.sixxs.net: ICMP6, echo reply, seq 2, length 64

As you can see here the omnia receives the response.

Edit: cleaned up output of the tcpdump and added tcpdump for successful ping from omnia.

Your configuration looks OK. Just make sure you’ve set up correct IPv6 prefixes - there should be different prefix for the tunnel itself (option ip6addr) and the subnet delegated to home network (option ip6prefix - it is by default 0x8000 higher). See the example in czech guide.

If you don’t get response from the tunnel, chances are your source address is not the one expected by SixXS PoP and therefore it is dropped.

2001:6f8:900:XXXX::/64 is the subnet that is shown as subnet on the sixxs page
2001:6f8:900:YYY::2 is the ipv6 address of the tunnel endpoint

Do I have to set it somewhere else than in the wan6 interface?

This should be sufficient. Maybe there’s some intermittent outage on the SixXS side.

You could check the configuration is properly applied with commands:

• ip addr show
• ip route show
• ip6tables -vL

Do it on both Omnia and the client.

I don’t realy know why it didn’t work but after a factory reset it is working now.
Thanks for your help.