Re: [Mikrotik] HE Tunnel Broker Setup
On Wed, 2015-07-15 at 14:08 -0500, Christopher Tyler wrote: > Just putting this out there for anyone else that might stumble across > this thread. It's an issue on at least Debian (and it's derivatives > like Ubuntu) that supposedly has been addressed upstream, but has yet > to make it into the downstream packages. The workaround is to run > this command as root.. > > $ echo 64 > /proc/sys/net/ipv6/conf/eth0/hop_limit > > The catch is that only works until a reboot or the interface is > restarted or unplugged. I am not familiar with the debian system, but you should be able to add this command to the ifcfg-eth0 file (or whatever interface). Even if not, you can add it to the ifup scripts. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/ ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
Thanks that will make my life a lot easier when I reboot next time and forget the reason why it doesn't work and have to troubleshoot it all again :) -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Jonathan Wright" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 2:19:06 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup Chris, Add the following line to your /etc/sysctl.conf file, or (preferably) to a custom .conf file under /etc/sysctl.d, e.g. /etc/sysctl.d/99-ipv6.conf: net.ipv6.conf.all.hop_limit=64 net.ipv6.conf.eth0.hop_limit=64 and the value will restored on reboot. Running sysctl with the parameter name will print the current value to confirm. On Wed, Jul 15, 2015 at 8:08 PM Christopher Tyler wrote: > Just putting this out there for anyone else that might stumble across this > thread. It's an issue on at least Debian (and it's derivatives like Ubuntu) > that supposedly has been addressed upstream, but has yet to make it into > the downstream packages. The workaround is to run this command as root.. > > $ echo 64 > /proc/sys/net/ipv6/conf/eth0/hop_limit > > The catch is that only works until a reboot or the interface is restarted > or unplugged. > > -- > Christopher Tyler > MTCRE/MTCNA/MTCTCE/MTCWE > Total Highspeed Internet Services > 417.851.1107 > > - Original Message - > From: "Christopher Tyler" > To: "Mikrotik discussions" > Sent: Wednesday, July 15, 2015 1:56:36 PM > Subject: Re: [Mikrotik] HE Tunnel Broker Setup > > Tried on my MAC and it works fine. This is an issue with my PC not the Tik > or the he tunnel. Thanks for the assistance I really appreciate it. > > -- > Christopher Tyler > MTCRE/MTCNA/MTCTCE/MTCWE > Total Highspeed Internet Services > 417.851.1107 > > ----- Original Message ----- > From: "Christopher Tyler" > To: "Mikrotik discussions" > Sent: Wednesday, July 15, 2015 1:45:03 PM > Subject: Re: [Mikrotik] HE Tunnel Broker Setup > > Pinging 2607:f8b0:400d:c04::93 works fine from the router. > >From the PC I can ping my side of the tunnel but not the remote side. > > >From the PC to any IP on the router, pings work fine. I only get > timeout/Hop Limit on IP's past the router. > > -- > Christopher Tyler > MTCRE/MTCNA/MTCTCE/MTCWE > Total Highspeed Internet Services > 417.851.1107 > > - Original Message - > From: "Butch Evans" > To: "Mikrotik discussions" > Sent: Wednesday, July 15, 2015 1:35:51 PM > Subject: Re: [Mikrotik] HE Tunnel Broker Setup > > On Wed, 2015-07-15 at 13:48 -0400, Scott Reed wrote: > > Default route is from the link local address, not the global address. > > > That is normal for some OS. Specifically, Linux will do that every > time (or has with my RedHat varieties). Here's my pbx: > > default via fe80::260:e0ff:fe44:2a06 dev eth0 proto kernel metric > 1024 expires 1554sec mtu 1500 advmss 1440 hoplimit 4294967295 > > So this is not the issue > > > > > > > > First off, I followed the manual at > > > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > > > > > The tunnel is working fine and from the router at least everything > > > works fine. I can ping 2001:4860:4860:: and other sites. So I > > > proceeded to set up a /48 subnet on he.net and added one /64 subnet > > > to my router with advertise=yes. > > >From the router, you can ping anything? I mean, you can ping beyond > the gateway. Verify you can ping some other of google's V6 address: > 2607:f8b0:400d:c04::93 > > > > > > > The PC gets a link local and a global address and I can ping the > > > PC's addresses from the router, and the PC can ping the routers > > > address. > > >From the PC, try to ping the router's v6 address on the tunnel. This > will verify the routing from the PC toward the internet. If it works, > then the problem is not in your PC. If not, then there is a routing > issue on the PC. > > > > Here is the problem, I cannot get the PC to ping or access anything > > > past the router. > > > > > > $ ping6 -c 5 2001:4860:4860:: > > > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > > > > From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > > >
Re: [Mikrotik] HE Tunnel Broker Setup
Chris, Add the following line to your /etc/sysctl.conf file, or (preferably) to a custom .conf file under /etc/sysctl.d, e.g. /etc/sysctl.d/99-ipv6.conf: net.ipv6.conf.all.hop_limit=64 net.ipv6.conf.eth0.hop_limit=64 and the value will restored on reboot. Running sysctl with the parameter name will print the current value to confirm. On Wed, Jul 15, 2015 at 8:08 PM Christopher Tyler wrote: > Just putting this out there for anyone else that might stumble across this > thread. It's an issue on at least Debian (and it's derivatives like Ubuntu) > that supposedly has been addressed upstream, but has yet to make it into > the downstream packages. The workaround is to run this command as root.. > > $ echo 64 > /proc/sys/net/ipv6/conf/eth0/hop_limit > > The catch is that only works until a reboot or the interface is restarted > or unplugged. > > -- > Christopher Tyler > MTCRE/MTCNA/MTCTCE/MTCWE > Total Highspeed Internet Services > 417.851.1107 > > - Original Message - > From: "Christopher Tyler" > To: "Mikrotik discussions" > Sent: Wednesday, July 15, 2015 1:56:36 PM > Subject: Re: [Mikrotik] HE Tunnel Broker Setup > > Tried on my MAC and it works fine. This is an issue with my PC not the Tik > or the he tunnel. Thanks for the assistance I really appreciate it. > > -- > Christopher Tyler > MTCRE/MTCNA/MTCTCE/MTCWE > Total Highspeed Internet Services > 417.851.1107 > > - Original Message - > From: "Christopher Tyler" > To: "Mikrotik discussions" > Sent: Wednesday, July 15, 2015 1:45:03 PM > Subject: Re: [Mikrotik] HE Tunnel Broker Setup > > Pinging 2607:f8b0:400d:c04::93 works fine from the router. > >From the PC I can ping my side of the tunnel but not the remote side. > > >From the PC to any IP on the router, pings work fine. I only get > timeout/Hop Limit on IP's past the router. > > -- > Christopher Tyler > MTCRE/MTCNA/MTCTCE/MTCWE > Total Highspeed Internet Services > 417.851.1107 > > - Original Message - > From: "Butch Evans" > To: "Mikrotik discussions" > Sent: Wednesday, July 15, 2015 1:35:51 PM > Subject: Re: [Mikrotik] HE Tunnel Broker Setup > > On Wed, 2015-07-15 at 13:48 -0400, Scott Reed wrote: > > Default route is from the link local address, not the global address. > > > That is normal for some OS. Specifically, Linux will do that every > time (or has with my RedHat varieties). Here's my pbx: > > default via fe80::260:e0ff:fe44:2a06 dev eth0 proto kernel metric > 1024 expires 1554sec mtu 1500 advmss 1440 hoplimit 4294967295 > > So this is not the issue > > > > > > > > First off, I followed the manual at > > > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > > > > > The tunnel is working fine and from the router at least everything > > > works fine. I can ping 2001:4860:4860:: and other sites. So I > > > proceeded to set up a /48 subnet on he.net and added one /64 subnet > > > to my router with advertise=yes. > > >From the router, you can ping anything? I mean, you can ping beyond > the gateway. Verify you can ping some other of google's V6 address: > 2607:f8b0:400d:c04::93 > > > > > > > The PC gets a link local and a global address and I can ping the > > > PC's addresses from the router, and the PC can ping the routers > > > address. > > >From the PC, try to ping the router's v6 address on the tunnel. This > will verify the routing from the PC toward the internet. If it works, > then the problem is not in your PC. If not, then there is a routing > issue on the PC. > > > > Here is the problem, I cannot get the PC to ping or access anything > > > past the router. > > > > > > $ ping6 -c 5 2001:4860:4860:: > > > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > > > > From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > > > > From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit > > Hop limit exceeded indicates a routing issue from the router shown as > the one replying to you. I am guessing that 2001:470: router is the > other end of the tunnel at HE. If that is the case, you should be able > to ping that address as well. > > > > > > > $ /sbin/ifconfig eth0 > > > inet addr:X.X.X.X Bcast:X.X.X.X Mask:25
Re: [Mikrotik] HE Tunnel Broker Setup
Just putting this out there for anyone else that might stumble across this thread. It's an issue on at least Debian (and it's derivatives like Ubuntu) that supposedly has been addressed upstream, but has yet to make it into the downstream packages. The workaround is to run this command as root.. $ echo 64 > /proc/sys/net/ipv6/conf/eth0/hop_limit The catch is that only works until a reboot or the interface is restarted or unplugged. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Christopher Tyler" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:56:36 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup Tried on my MAC and it works fine. This is an issue with my PC not the Tik or the he tunnel. Thanks for the assistance I really appreciate it. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Christopher Tyler" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:45:03 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup Pinging 2607:f8b0:400d:c04::93 works fine from the router. >From the PC I can ping my side of the tunnel but not the remote side. >From the PC to any IP on the router, pings work fine. I only get timeout/Hop >Limit on IP's past the router. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Butch Evans" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:35:51 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup On Wed, 2015-07-15 at 13:48 -0400, Scott Reed wrote: > Default route is from the link local address, not the global address. That is normal for some OS. Specifically, Linux will do that every time (or has with my RedHat varieties). Here's my pbx: default via fe80::260:e0ff:fe44:2a06 dev eth0 proto kernel metric 1024 expires 1554sec mtu 1500 advmss 1440 hoplimit 4294967295 So this is not the issue > > > > First off, I followed the manual at > > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > > > The tunnel is working fine and from the router at least everything > > works fine. I can ping 2001:4860:4860:: and other sites. So I > > proceeded to set up a /48 subnet on he.net and added one /64 subnet > > to my router with advertise=yes. >From the router, you can ping anything? I mean, you can ping beyond the gateway. Verify you can ping some other of google's V6 address: 2607:f8b0:400d:c04::93 > > > > The PC gets a link local and a global address and I can ping the > > PC's addresses from the router, and the PC can ping the routers > > address. >From the PC, try to ping the router's v6 address on the tunnel. This will verify the routing from the PC toward the internet. If it works, then the problem is not in your PC. If not, then there is a routing issue on the PC. > > Here is the problem, I cannot get the PC to ping or access anything > > past the router. > > > > $ ping6 -c 5 2001:4860:4860:: > > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > > > From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit Hop limit exceeded indicates a routing issue from the router shown as the one replying to you. I am guessing that 2001:470: router is the other end of the tunnel at HE. If that is the case, you should be able to ping that address as well. > > $ /sbin/ifconfig eth0 > > inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248 > > inet6 addr: fe80::4216:7eff:fead:286c/64 Scope:Link > > inet6 addr: 2001:470::1:4216:7eff:fead:286c/64 Scope:Global > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:323016851 errors:5 dropped:0 overruns:0 frame:4 > > TX packets:100741665 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:468908409946 (436.7 GiB) TX bytes:10871913606 (10.1 GiB) > > Interrupt:20 Memory:f410-f412 > > > > $ ip -6 route show > > 2001:470::1::/64 dev eth0 proto ra metric 1 > > fe80::/64 dev eth0 proto kernel metric 256 > > default via fe80::4e5e:cff:fe03:25d5 dev eth0 proto static metric > > 1024 This all looks right. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.c
Re: [Mikrotik] HE Tunnel Broker Setup
Tried on my MAC and it works fine. This is an issue with my PC not the Tik or the he tunnel. Thanks for the assistance I really appreciate it. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Christopher Tyler" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:45:03 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup Pinging 2607:f8b0:400d:c04::93 works fine from the router. >From the PC I can ping my side of the tunnel but not the remote side. >From the PC to any IP on the router, pings work fine. I only get timeout/Hop >Limit on IP's past the router. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Butch Evans" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:35:51 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup On Wed, 2015-07-15 at 13:48 -0400, Scott Reed wrote: > Default route is from the link local address, not the global address. That is normal for some OS. Specifically, Linux will do that every time (or has with my RedHat varieties). Here's my pbx: default via fe80::260:e0ff:fe44:2a06 dev eth0 proto kernel metric 1024 expires 1554sec mtu 1500 advmss 1440 hoplimit 4294967295 So this is not the issue > > > > First off, I followed the manual at > > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > > > The tunnel is working fine and from the router at least everything > > works fine. I can ping 2001:4860:4860:: and other sites. So I > > proceeded to set up a /48 subnet on he.net and added one /64 subnet > > to my router with advertise=yes. >From the router, you can ping anything? I mean, you can ping beyond the gateway. Verify you can ping some other of google's V6 address: 2607:f8b0:400d:c04::93 > > > > The PC gets a link local and a global address and I can ping the > > PC's addresses from the router, and the PC can ping the routers > > address. >From the PC, try to ping the router's v6 address on the tunnel. This will verify the routing from the PC toward the internet. If it works, then the problem is not in your PC. If not, then there is a routing issue on the PC. > > Here is the problem, I cannot get the PC to ping or access anything > > past the router. > > > > $ ping6 -c 5 2001:4860:4860:: > > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > > > From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit Hop limit exceeded indicates a routing issue from the router shown as the one replying to you. I am guessing that 2001:470: router is the other end of the tunnel at HE. If that is the case, you should be able to ping that address as well. > > $ /sbin/ifconfig eth0 > > inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248 > > inet6 addr: fe80::4216:7eff:fead:286c/64 Scope:Link > > inet6 addr: 2001:470::1:4216:7eff:fead:286c/64 Scope:Global > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:323016851 errors:5 dropped:0 overruns:0 frame:4 > > TX packets:100741665 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:468908409946 (436.7 GiB) TX bytes:10871913606 (10.1 GiB) > > Interrupt:20 Memory:f410-f412 > > > > $ ip -6 route show > > 2001:470::1::/64 dev eth0 proto ra metric 1 > > fe80::/64 dev eth0 proto kernel metric 256 > > default via fe80::4e5e:cff:fe03:25d5 dev eth0 proto static metric > > 1024 This all looks right. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/ ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
Pinging 2607:f8b0:400d:c04::93 works fine from the router. >From the PC I can ping my side of the tunnel but not the remote side. >From the PC to any IP on the router, pings work fine. I only get timeout/Hop >Limit on IP's past the router. -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Butch Evans" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:35:51 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup On Wed, 2015-07-15 at 13:48 -0400, Scott Reed wrote: > Default route is from the link local address, not the global address. That is normal for some OS. Specifically, Linux will do that every time (or has with my RedHat varieties). Here's my pbx: default via fe80::260:e0ff:fe44:2a06 dev eth0 proto kernel metric 1024 expires 1554sec mtu 1500 advmss 1440 hoplimit 4294967295 So this is not the issue > > > > First off, I followed the manual at > > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > > > The tunnel is working fine and from the router at least everything > > works fine. I can ping 2001:4860:4860:: and other sites. So I > > proceeded to set up a /48 subnet on he.net and added one /64 subnet > > to my router with advertise=yes. >From the router, you can ping anything? I mean, you can ping beyond the gateway. Verify you can ping some other of google's V6 address: 2607:f8b0:400d:c04::93 > > > > The PC gets a link local and a global address and I can ping the > > PC's addresses from the router, and the PC can ping the routers > > address. >From the PC, try to ping the router's v6 address on the tunnel. This will verify the routing from the PC toward the internet. If it works, then the problem is not in your PC. If not, then there is a routing issue on the PC. > > Here is the problem, I cannot get the PC to ping or access anything > > past the router. > > > > $ ping6 -c 5 2001:4860:4860:: > > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > > > From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit Hop limit exceeded indicates a routing issue from the router shown as the one replying to you. I am guessing that 2001:470: router is the other end of the tunnel at HE. If that is the case, you should be able to ping that address as well. > > $ /sbin/ifconfig eth0 > > inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248 > > inet6 addr: fe80::4216:7eff:fead:286c/64 Scope:Link > > inet6 addr: 2001:470::1:4216:7eff:fead:286c/64 Scope:Global > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:323016851 errors:5 dropped:0 overruns:0 frame:4 > > TX packets:100741665 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:468908409946 (436.7 GiB) TX bytes:10871913606 (10.1 GiB) > > Interrupt:20 Memory:f410-f412 > > > > $ ip -6 route show > > 2001:470::1::/64 dev eth0 proto ra metric 1 > > fe80::/64 dev eth0 proto kernel metric 256 > > default via fe80::4e5e:cff:fe03:25d5 dev eth0 proto static metric > > 1024 This all looks right. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/ ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
Okay, that's weird, traceroute appears to work just fine... $ traceroute6 2001:4860:4860:: traceroute to 2001:4860:4860:: (2001:4860:4860::), 30 hops max, 80 byte packets 1 2001:470::1::1 (2001:470:389e:1::1) 0.609 ms 0.582 ms 0.553 ms 2 ctyler2621-1.tunnel.tserv1.mci3.ipv6.he.net (2001:470::283::1) 37.001 ms * 37.314 ms 3 ge2-22.core1.mci3.he.net (2001:470:0:24c::1) 36.979 ms 36.973 ms * 4 10ge1-4.core1.chi1.he.net (2001:470:0:270::1) 55.286 ms 52.277 ms * 5 google-as15169.10gigabitethernet7.switch2.chi1.he.net (2001:470:0:bf::2) 149.288 ms 149.288 ms 148.392 ms 6 2001:4860::1:0:84a0 (2001:4860::1:0:84a0) 55.583 ms 2001:4860::1:0:aa7a (2001:4860::1:0:aa7a) 49.758 ms 49.749 ms 7 2001:4860::8:0:8458 (2001:4860::8:0:8458) 51.893 ms 2001:4860::8:0:9150 (2001:4860::8:0:9150) 58.651 ms 2001:4860::8:0:8458 (2001:4860::8:0:8458) 48.757 ms 8 2001:4860::8:0:4cde (2001:4860::8:0:4cde) 58.343 ms 2001:4860::8:0:7894 (2001:4860::8:0:7894) 58.177 ms 2001:4860::8:0:a3da (2001:4860::8:0:a3da) 58.317 ms 9 2001:4860::2:0:9b8a (2001:4860::2:0:9b8a) 58.316 ms 2001:4860::2:0:9b89 (2001:4860::2:0:9b89) 58.601 ms 59.148 ms 10 * * * 11 google-public-dns-a.google.com (2001:4860:4860::) 63.926 ms 63.609 ms 61.127 ms -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Scott Reed" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 1:33:44 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup What does traceroute show? On 7/15/2015 2:28 PM, Christopher Tyler wrote: > Setting everything manually.. > > $ ip address show eth0 > inet6 2001:470::1:4216:7eff:fead:286c/64 scope global > valid_lft forever preferred_lft forever > inet6 fe80::4216:7eff:fead:286c/64 scope link > valid_lft forever preferred_lft forever > > $ ip -6 route show > 2001:470::1::/64 dev eth0 proto kernel metric 256 > 2000::/3 via 2001:470::1::1 dev eth0 proto static metric 1 > fe80::/64 dev eth0 proto kernel metric 256 > default via 2001:470::1::1 dev eth0 proto static metric 1024 > > Still no joy... > > $ ping6 -c 5 2001:4860:4860:: > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > >From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit > > --- 2001:4860:4860:: ping statistics --- > 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3999ms > > Any other ideas? > -- Scott Reed Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
On Wed, 2015-07-15 at 13:48 -0400, Scott Reed wrote: > Default route is from the link local address, not the global address. That is normal for some OS. Specifically, Linux will do that every time (or has with my RedHat varieties). Here's my pbx: default via fe80::260:e0ff:fe44:2a06 dev eth0 proto kernel metric 1024 expires 1554sec mtu 1500 advmss 1440 hoplimit 4294967295 So this is not the issue > > > > First off, I followed the manual at > > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > > > The tunnel is working fine and from the router at least everything > > works fine. I can ping 2001:4860:4860:: and other sites. So I > > proceeded to set up a /48 subnet on he.net and added one /64 subnet > > to my router with advertise=yes. >From the router, you can ping anything? I mean, you can ping beyond the gateway. Verify you can ping some other of google's V6 address: 2607:f8b0:400d:c04::93 > > > > The PC gets a link local and a global address and I can ping the > > PC's addresses from the router, and the PC can ping the routers > > address. >From the PC, try to ping the router's v6 address on the tunnel. This will verify the routing from the PC toward the internet. If it works, then the problem is not in your PC. If not, then there is a routing issue on the PC. > > Here is the problem, I cannot get the PC to ping or access anything > > past the router. > > > > $ ping6 -c 5 2001:4860:4860:: > > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > > > From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > > > From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit Hop limit exceeded indicates a routing issue from the router shown as the one replying to you. I am guessing that 2001:470: router is the other end of the tunnel at HE. If that is the case, you should be able to ping that address as well. > > $ /sbin/ifconfig eth0 > > inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248 > > inet6 addr: fe80::4216:7eff:fead:286c/64 Scope:Link > > inet6 addr: 2001:470::1:4216:7eff:fead:286c/64 Scope:Global > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:323016851 errors:5 dropped:0 overruns:0 frame:4 > > TX packets:100741665 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:468908409946 (436.7 GiB) TX bytes:10871913606 (10.1 GiB) > > Interrupt:20 Memory:f410-f412 > > > > $ ip -6 route show > > 2001:470::1::/64 dev eth0 proto ra metric 1 > > fe80::/64 dev eth0 proto kernel metric 256 > > default via fe80::4e5e:cff:fe03:25d5 dev eth0 proto static metric > > 1024 This all looks right. -- Butch Evans Training and Support for WISPs 702-537-0979 http://store.wispgear.net/ http://www.butchevans.com/ ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
What does traceroute show? On 7/15/2015 2:28 PM, Christopher Tyler wrote: Setting everything manually.. $ ip address show eth0 inet6 2001:470::1:4216:7eff:fead:286c/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4216:7eff:fead:286c/64 scope link valid_lft forever preferred_lft forever $ ip -6 route show 2001:470::1::/64 dev eth0 proto kernel metric 256 2000::/3 via 2001:470::1::1 dev eth0 proto static metric 1 fe80::/64 dev eth0 proto kernel metric 256 default via 2001:470::1::1 dev eth0 proto static metric 1024 Still no joy... $ ping6 -c 5 2001:4860:4860:: PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes >From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit --- 2001:4860:4860:: ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3999ms Any other ideas? -- Scott Reed Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
Setting everything manually.. $ ip address show eth0 inet6 2001:470::1:4216:7eff:fead:286c/64 scope global valid_lft forever preferred_lft forever inet6 fe80::4216:7eff:fead:286c/64 scope link valid_lft forever preferred_lft forever $ ip -6 route show 2001:470::1::/64 dev eth0 proto kernel metric 256 2000::/3 via 2001:470::1::1 dev eth0 proto static metric 1 fe80::/64 dev eth0 proto kernel metric 256 default via 2001:470::1::1 dev eth0 proto static metric 1024 Still no joy... $ ping6 -c 5 2001:4860:4860:: PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes >From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit --- 2001:4860:4860:: ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 3999ms Any other ideas? -- Christopher Tyler MTCRE/MTCNA/MTCTCE/MTCWE Total Highspeed Internet Services 417.851.1107 - Original Message - From: "Scott Reed" To: "Mikrotik discussions" Sent: Wednesday, July 15, 2015 12:48:57 PM Subject: Re: [Mikrotik] HE Tunnel Broker Setup Default route is from the link local address, not the global address. Last line in route information. On 7/15/2015 1:44 PM, Christopher Tyler wrote: > I'm just now dipping my toes into the IPv6 water and I've hit a wall... > > First off, I followed the manual at > http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network > > The tunnel is working fine and from the router at least everything works > fine. I can ping 2001:4860:4860:: and other sites. So I proceeded to set > up a /48 subnet on he.net and added one /64 subnet to my router with > advertise=yes. > > The PC gets a link local and a global address and I can ping the PC's > addresses from the router, and the PC can ping the routers address. > > Here is the problem, I cannot get the PC to ping or access anything past the > router. > > $ ping6 -c 5 2001:4860:4860:: > PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes > >From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit > >From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit > > --- 2001:4860:4860:: ping statistics --- > 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4032ms > > $ /sbin/ifconfig eth0 > inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248 > inet6 addr: fe80::4216:7eff:fead:286c/64 Scope:Link > inet6 addr: 2001:470::1:4216:7eff:fead:286c/64 Scope:Global > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:323016851 errors:5 dropped:0 overruns:0 frame:4 > TX packets:100741665 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:468908409946 (436.7 GiB) TX bytes:10871913606 (10.1 GiB) > Interrupt:20 Memory:f410-f412 > > $ ip -6 route show > 2001:470::1::/64 dev eth0 proto ra metric 1 > fe80::/64 dev eth0 proto kernel metric 256 > default via fe80::4e5e:cff:fe03:25d5 dev eth0 proto static metric 1024 > > Any ideas or comments are appreciated... > -- Scott Reed Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
Re: [Mikrotik] HE Tunnel Broker Setup
Default route is from the link local address, not the global address. Last line in route information. On 7/15/2015 1:44 PM, Christopher Tyler wrote: I'm just now dipping my toes into the IPv6 water and I've hit a wall... First off, I followed the manual at http://wiki.mikrotik.com/wiki/Manual:My_First_IPv6_Network The tunnel is working fine and from the router at least everything works fine. I can ping 2001:4860:4860:: and other sites. So I proceeded to set up a /48 subnet on he.net and added one /64 subnet to my router with advertise=yes. The PC gets a link local and a global address and I can ping the PC's addresses from the router, and the PC can ping the routers address. Here is the problem, I cannot get the PC to ping or access anything past the router. $ ping6 -c 5 2001:4860:4860:: PING 2001:4860:4860::(2001:4860:4860::) 56 data bytes >From 2001:470::1::1 icmp_seq=1 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=2 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=3 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=4 Time exceeded: Hop limit >From 2001:470::1::1 icmp_seq=5 Time exceeded: Hop limit --- 2001:4860:4860:: ping statistics --- 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4032ms $ /sbin/ifconfig eth0 inet addr:X.X.X.X Bcast:X.X.X.X Mask:255.255.255.248 inet6 addr: fe80::4216:7eff:fead:286c/64 Scope:Link inet6 addr: 2001:470::1:4216:7eff:fead:286c/64 Scope:Global UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:323016851 errors:5 dropped:0 overruns:0 frame:4 TX packets:100741665 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:468908409946 (436.7 GiB) TX bytes:10871913606 (10.1 GiB) Interrupt:20 Memory:f410-f412 $ ip -6 route show 2001:470::1::/64 dev eth0 proto ra metric 1 fe80::/64 dev eth0 proto kernel metric 256 default via fe80::4e5e:cff:fe03:25d5 dev eth0 proto static metric 1024 Any ideas or comments are appreciated... -- Scott Reed Wireless Networking Network Design, Installation and Administration Mikrotik Advanced Certified ___ Mikrotik mailing list Mikrotik@mail.butchevans.com http://mail.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS