He.net 6in4 IPv6 tunnel issues

I've asked on IRC about this and tried all the suggestions there to no avail.

The IPv6 tunnel shows no gateway and no packets received, I have tried turning the firewall off and still the issue persists.
I have tried both account and update passwords, I cannot get he.net's IPv6 to work and was told to use it over SiXxs AICCU. Any ideas what's causing this to fail?

config interface 'henet_IPv6'
        option proto '6in4'
        option peeraddr '216.218.221.42'
        option ip6addr '2001:470:35:2f::2'
        option ip6prefix '2001:470:36:2f::/64'
        option tunnelid 'xxxxxx'
        option username 'xxxxxxxx'
        option password 'xxxxxxxxxxxxx'

I have a HE tunnel, which works perfectly, and there is no info about gateway in LuCI; just test the interface from the command line ("ping6 www.google.com" is probably the simplest test), and see if it works.

I have had in my he.net config the /64 prefix info also for the ip6addr parameter:

config interface 'henet'
        option proto '6in4'
        option mtu '1424'
        option peeraddr '216.66.80.90'
        option ip6addr '2001:470:3333:d8::2/64'
        option ip6prefix '2001:470:3334:d8::/48'

But have you set the ip6assign parameter for the LAN interface?

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

I suggest that you divide your debugging to two parts:

  • First getting connectivity to work from the router console.
  • When that works, then work for getting ipv6 for LAN devices

First step is to try that ping from router. (you might ping ipv6.google.com, because that only answers to ipv6)

I should've added that I am unable to ping any IPv6 address/hostname as there is no gateway - No route to host. I will post results of some more diagnostics when I am back home.

Distribution of IPv6 to my LAN actually works fine, but communication fails due to lack of a default gateway, and yes, 'Use Default Gateway' is selected.

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option _orig_ifname 'eth1 radio0.network1'
        option _orig_bridge 'true'
        option ip6assign '64'
        option ip6hint '10'
        option ifname 'eth1'
        option dns '8.8.8.8'   

# ifconfig
    6in4-henet_IPv6 Link encap:IPv6-in-IPv4
              inet6 addr: fe80::c0a8:10d/64 Scope:Link
              inet6 addr: 2001:470:35:2f::2/128 Scope:Global
              UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
              RX packets:0 errors:0 dropped:0 overruns:0 frame:0
              TX packets:29918 errors:0 dropped:0 overruns:0 carrier:0
              collisions:0 txqueuelen:1
              RX bytes:0 (0.0 B)  TX bytes:2683769 (2.5 MiB)

    root@apu:/# route -A inet6
    Kernel IPv6 routing table
    Destination                                 Next Hop                                Flags Metric Ref    Use Iface
    ::/0                                        ::                                      !n    -1     1   129402 lo
    ::/0                                        ::                                      U     1024   0        0 6in4-henet_IPv6
    ::/0                                        ::                                      U     1024   4    29903 6in4-henet_IPv6
    2001:470:35:2f::2/128                       ::                                      Un    256    0        0 6in4-henet_IPv6
    2001:470:36:2f::/64                         ::                                      U     1024   4     3399 br-lan
    2001:470:36:2f::/64                         ::                                      !n    2147483647 0        0 lo
    fe80::/64                                   ::                                      U     256    4    16053 eth2
    fe80::/64                                   ::                                      U     256    4      390 br-lan
    fe80::/64                                   ::                                      U     256    0        0 eth0
    fe80::/64                                   ::                                      Un    256    0        0 6in4-henet_IPv6
    fe80::/64                                   ::                                      U     256    0        0 wlan0
    fe80::/64                                   ::                                      U     256    0        0 ifb4eth2
    fe80::/64                                   ::                                      U     256    0        0 ifb4eth0
    ::/0                                        ::                                      !n    -1     1   129402 lo
    ::1/128                                     ::                                      Un    0      5     2319 lo
    2001:470:35:2f::2/128                       ::                                      Un    0      1        0 lo
    2001:470:36:2f::/128                        ::                                      Un    0      1        0 lo
    2001:470:36:2f::1/128                       ::                                      Un    0      5       48 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::/128                                  ::                                      Un    0      1        0 lo
    fe80::c0a8:10d/128                          ::                                      Un    0      1        0 lo
    fe80::20d:b9ff:fe41:cba8/128                ::                                      Un    0      1        0 lo
    fe80::20d:b9ff:fe41:cba9/128                ::                                      Un    0      5    16843 lo
    fe80::220:91ff:fe1b:b36c/128                ::                                      Un    0      1        0 lo
    fe80::1ced:5fff:fe25:cbc2/128               ::                                      Un    0      1        0 lo
    fe80::e84f:a0ff:fed9:dbc2/128               ::                                      Un    0      1        0 lo
    fe80::ee08:6bff:fee9:8a89/128               ::                                      Un    0      1        0 lo
    ff00::/8                                    ::                                      U     256    4   345540 br-lan
    ff00::/8                                    ::                                      U     256    0        0 eth2
    ff00::/8                                    ::                                      U     256    1      261 eth0
    ff00::/8                                    ::                                      U     256    0        0 6in4-henet_IPv6
    ff00::/8                                    ::                                      U     256    0        0 wlan0
    ff00::/8                                    ::                                      U     256    0        0 ifb4eth2
    ff00::/8                                    ::                                      U     256    0        0 ifb4eth0
    ::/0                                        ::                                      !n    -1     1   129402 lo

    root@apu:/# ping6 ipv6.google.com
    PING ipv6.google.com (2404:6800:4009:803::200e): 56 data bytes
    ^C
    --- ipv6.google.com ping statistics ---
    10 packets transmitted, 0 packets received, 100% packet loss


    root@apu:/# ping6 2001:470:35:2f::2
    PING 2001:470:35:2f::2 (2001:470:35:2f::2): 56 data bytes
    64 bytes from 2001:470:35:2f::2: seq=0 ttl=64 time=0.286 ms
    64 bytes from 2001:470:35:2f::2: seq=1 ttl=64 time=0.204 ms
    64 bytes from 2001:470:35:2f::2: seq=2 ttl=64 time=0.213 ms
    ^C
    --- 2001:470:35:2f::2 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max = 0.204/0.234/0.286 ms
       
     root@apu:/# ping6 2001:470:35:2f::1
    PING 2001:470:35:2f::1 (2001:470:35:2f::1): 56 data bytes
    ^C
    --- 2001:470:35:2f::1 ping statistics ---
    4 packets transmitted, 0 packets received, 100% packet loss

If there's any more troubleshooting steps or info needed please let me know :unamused:

One guess for you:
You may have a too long interface name, which breaks firewall loading (or something in routing settings or such).

Combined to the automatic prefix "6in4-" that makes it "6in4-henet_IPv6" as seen in your route table. That is really close to the allowed max length of an interface name. You might test with a shorter interface name.

There is discussion about this aspect in an old Openwrt bug:
https://dev.openwrt.org/ticket/20380

In any case, as the he.net ipv6 tunnels work ok for others (including me), this is likely just about your network & firewall config.

If a shorter interface name does not make things work to you, please post here a more complete network config. I saw at least eth0, eth1 and eth2 mentioned, which looks strange.

Are you sure that your ISP is not filtering protocol 41 (which is the one that 6in4 uses)?

I've seen several cases of ISPs doing that ...

Shortened interface name and appended the local IP to /64 to no effect.
How can I confirm this is not a packet filter issue seeing as traffic is sent but not received?
SixXs AICCU worked on a Slackware box, how would I test if my ISP is blocking Proto 41?

root@apu:/# ifconfig
6in4-he   Link encap:IPv6-in-IPv4
          inet6 addr: fe80::c0a8:10d/64 Scope:Link
          inet6 addr: 2001:470:35:2f::2/128 Scope:Global
          UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:0 (0.0 B)  TX bytes:541 (541.0 B)

br-lan    Link encap:Ethernet  HWaddr 00:0D:B9:41:CB:A9
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20d:b9ff:fe41:cba9/64 Scope:Link
          inet6 addr: 2001:470:36:2f::1/64 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19006 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22738 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2287661 (2.1 MiB)  TX bytes:22635989 (21.5 MiB)

eth0      Link encap:Ethernet  HWaddr 00:0D:B9:41:CB:A8
          inet addr:192.168.1.13  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20d:b9ff:fe41:cba8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:613 errors:0 dropped:0 overruns:0 frame:0
          TX packets:406 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:105176 (102.7 KiB)  TX bytes:35263 (34.4 KiB)
          Memory:fe600000-fe61ffff

eth1      Link encap:Ethernet  HWaddr 00:0D:B9:41:CB:A9
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:19052 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23037 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2556241 (2.4 MiB)  TX bytes:22652944 (21.6 MiB)
          Memory:fe700000-fe71ffff

eth2      Link encap:Ethernet  HWaddr EC:08:6B:E9:8A:89
          inet addr:192.168.1.14  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::ee08:6bff:fee9:8a89/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:18632 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16049 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:20302476 (19.3 MiB)  TX bytes:2036933 (1.9 MiB)
          Memory:fe800000-fe81ffff

ifb4eth0  Link encap:Ethernet  HWaddr AE:BC:7F:BE:C6:A7
          inet6 addr: fe80::acbc:7fff:febe:c6a7/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:77 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:11200 (10.9 KiB)  TX bytes:11200 (10.9 KiB)

ifb4eth2  Link encap:Ethernet  HWaddr 5E:2A:B1:D8:D1:8D
          inet6 addr: fe80::5c2a:b1ff:fed8:d18d/64 Scope:Link
          UP BROADCAST RUNNING NOARP  MTU:1500  Metric:1
          RX packets:1651 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1651 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:1759038 (1.6 MiB)  TX bytes:1759038 (1.6 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:455 errors:0 dropped:0 overruns:0 frame:0
          TX packets:455 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:31352 (30.6 KiB)  TX bytes:31352 (30.6 KiB)

wlan0mon  Link encap:UNSPEC  HWaddr 04-F0-21-1B-B3-6C-00-00-00-00-00-00-00-00-00-00
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1865 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:184829 (180.4 KiB)  TX bytes:0 (0.0 B)

How comes you have several 192.168.1.0/24 interfaces?
How comes you do not have a public IP address?

1 Like

I'm testing 2 ISPs, both of whom are PPPoE and haven't setup bridging yet. This issue was exactly the same even when I had LEDE dial out to the modem in bridge mode.

What modem? First time that you mention any modem...
It is quite possible that your modem filters out protocol 41 (=6in4) traffic, especially if the modem is smart and contains some routing logic.

And also first time when PPPoE is mentioned.

This whole thread is absurd as you only give minimal snippets about your network config and expect others to magically figure out advice for your specific needs. You should describe the situation better if you want help. How you are connected to the ISP etc... And show the whole /etc/config/network instead of small pieces of it.

How does the ipv4 traceroute to google look like? Does the modem show up there?

@Strykar Did you eventually figure it out? I'm in the exact same position, no received packages...

Interesting to see someone else with this issue.
I have TalkTalk fibre internet, using the BTOR ECI modem and a Linksys E3000 running LEDE 17.01. I had been using tunnelbroker.net for some time with no issues when my router ran OpenWRT BB. Since upgrading to LEDE the tunnel has suddenly stopped working. I have used the exact same configuration as before which I know did work. Anyone have any more ideas?

It works for me in LEDE as well as it worked in OpenWrt; perhaps your could post your config files, logs, and diagnostics here.

@jordipalet @Ringerl @calumcb Apologies, forgot to update this thread. My issue was resolved by using Huawei modem in bridged mode instead of the TP-Link. One way would be to sniff for DSL frames on the modem.

6in4 tunnel requires public IP. It will not work when WAN has 192.168 address.
Thats why it worked in bridged mode.

@bolvan You're confused about bridged mode. The router "dialing" via the bridged modem gets a public IP from the ISP. The issue here was likely the older bridged modem silently dropping protocol 41.

this happens to me as well, on a freshly installed 18.06.2.
I've narrowed it down to the tunnel endpoint not being updated: after I fix it manually, either by running wget or via the he.net web interface, it works fine.

I solve this by using their Dynamic DNS service to update the tunnel (this may not be an option for everyone). I also observe that just configuring a tunnel (without DDNS) if the DHCP WAN IP changes.

BTW, this thread was quite old.

2 Likes