IPv6 (6in4) Tunnelbroker Setup

fgimenezm · February 7, 2021, 10:09pm

I did re-install all the lost packages and the interface was supposed to be up. "ip -6 a" showed the IPv6 configured and "ifconfig" too but a simple "ping6 ipv6.google.com" didn't work.
One thing I noticed is that the "ip" binary (busybox) doesn't have the "tunnel" command but the interface was configured so I guess openwrt is using some other commands internally (although I couldn't find which ones).

I don't really need the ipv6 tunnel so I've just disabled it. I only had it to play with ipv6 and I can live without it.

But since this was working for me with 19.07.5 I thought maybe @knulf 's problem could be related to 19.07.6.

To be honest I didn't do any more troubleshooting and I can't be 100% sure if it was still working on 19.07.5 the minute before upgrading since, as I said, I wasn't really using the tunnel. But I know it was working when I upgraded to 19.07.5 some time ago and it wasn't working after updating to 19.07.6 earlier today (I did reinstall the packages both times).

knulf · February 8, 2021, 12:53pm

Thanks @fgimenezm, I will give downgrading a try if I find some time this week.

fgimenezm · February 20, 2021, 2:28pm

There is a new release now: 19.07.7
It has some fixes related to ipv6 point to point links. Not sure if this fixes the tunnel though, but maybe it had something to do with that. I haven't tested it yet.

jamesmacwhite · February 20, 2021, 3:01pm

I don't think it's related, I've ran 6in4 on every 19.07 release and it's been fine. I use imagebuilder to automatically add in any installed packages including 6in4.

fgimenezm · February 23, 2021, 12:14am

I'm starting to think that my ISP is blocking protocol 41... I see my packets going out to the tunnel endpoint but nothing comes back

lcsaszar · February 23, 2021, 8:59am

Hello,

I have the same issue. The packet counters on my 6in4-wan6 interface are not incrementing. I can ping the remote IPv4 address of the tunnel, and also the remote IPv6 address from the router. If I ping the remote ipv6 endpoint from the router, the 6in4-wan6 counters are incrementing in and out.

root@OpenWrt:~# ip route get 1::
RTNETLINK answers: Permission denied

6in4 package and kmod-sit are properly installed. I have a public IP address on the wan interface. It appears on the WAN6 page. I am using a snapshot image with kernel version 5.4.98. Any help much appreciated.

vgaetera · February 23, 2021, 2:26pm

I confirm 6in4 works on OpenWrt 19.07.7 in default configuration.
Tested both static and dynamic tunnels without extra firewall rules.

Adding the default route helps to override the source routing filter.
Simultaneously running 6in4 with MWAN or VPN can be problematic.
That would require to properly configure PBR.

Other possible issues can be related to limited or restricted connectivity.
Traffic shaping or filtering performed by the ISP, or missing public IP.

lcsaszar · February 23, 2021, 2:46pm

I added the missing route in /etc/config/network:

config route6
        option interface 'wan6'
        option target '2000::/3'
        option gateway '2001:xxxxxy::2'

But no change. The 6in4 configuration guides and examples don't mention I should add this route, though.

dl12345 · February 23, 2021, 2:53pm

With mwan3 in particular, (in luci) you need to go into the main network wan6 interface definition, add the Allowed IPs (in this case a ipv6 wildcard ::/0) and then click the option to "Route Allowed IPs". If you don't do this, then mwan3 doesn't create the required route when it creates its own routing tables and you then can't route out the interface.

Sorry: was looking at my wireguard interface instead, so there's no "Allowed IPs", but the point remains the same. You need a default route for ipv6 as @vgaetera pointed out

dl12345 · February 23, 2021, 4:41pm

Can you post a suitably redacted version of an ip -6 route command output?

knulf · February 23, 2021, 5:59pm

Thanks for posting this, I thought I was going insane. The issue persists for me as well, but I haven't had much time to tinker with the setup recently. Please let me know if you figure out a solution.

@dl12345, I know you didn't ask me, but did you see my ipv6 routes above? If @lcsaszar and I are indeed facing the same issue, maybe it can help with the troubleshooting...

dl12345 · February 23, 2021, 6:21pm

Yes, just looked at your routes now. You are missing a default wildcard route.

You have a a default from <network> route

You need a match all default route.

Try manually adding one to see if it fixes the problem

ip -6 route add default via <tunnel endpoint ip6net>:: dev 6in4-henet

then restart mwan3

knulf · February 23, 2021, 6:57pm

Ah I'm not using mwan3. Is that package required to make the 6in4 tunnel work?

dl12345 · February 23, 2021, 7:04pm

No, not required.

You still need a default route though. Just try

ip -6 route add default dev 6in4-henet

lcsaszar · February 23, 2021, 7:06pm

root@OpenWrt:~# ip -6 route
2001:xxxxxa:136::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
2001:xxxxxb:135::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2001:xxxxxb:135::/64 dev lo proto static metric 2147483647 pref medium
fd31:xxxxxx:1::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd31:xxxxxx::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev eth1 proto kernel metric 256 pref medium
fe80::/64 dev 6in4-wan6 proto kernel metric 256 pref medium
fe80::/64 dev ifb4eth1 proto kernel metric 256 pref medium

dl12345 · February 23, 2021, 7:09pm

Same issue here. No default route.

lcsaszar · February 23, 2021, 7:12pm

Hey, it helped in my case. I just added a default ipv6 route and it works!

root@OpenWrt:~# ping -6 ipv6.google.com
PING ipv6.google.com (2a00:1450:400d:804::200e): 56 data bytes
64 bytes from 2a00:1450:400d:804::200e: seq=0 ttl=121 time=37.840 ms
64 bytes from 2a00:1450:400d:804::200e: seq=1 ttl=121 time=37.052 ms

knulf · February 23, 2021, 7:23pm

Thanks, just tried it. Still no luck unfortunately. Here are the routes now just to make sure I did everything right:

root@OpenWrt:~# ip -6 route show
default from 2001:470:XXXX:XX::/64 dev 6in4-henet proto static metric 1024 pref medium
default from 2001:470:YYY::/48 dev 6in4-henet proto static metric 1024 pref medium
2001:470:XXXX:XX::/64 dev 6in4-henet proto kernel metric 256 pref medium
2001:470:YYY::/64 dev br-lan proto static metric 1024 pref medium
unreachable 2001:470:YYY::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fd23:3587:3330::/64 dev br-lan proto static metric 1024 pref medium
unreachable fd23:3587:3330::/48 dev lo proto static metric 2147483647 error 4294967148 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
fe80::/64 dev br-lan proto kernel metric 256 pref medium
fe80::/64 dev wlan1 proto kernel metric 256 pref medium
fe80::/64 dev 6in4-henet proto kernel metric 256 pref medium
fe80::/64 dev wlan0 proto kernel metric 256 pref medium
default dev 6in4-henet metric 1024 pref medium

Great that it worked for @lcsaszar, though!

dl12345 · February 23, 2021, 7:29pm

Well, your routing table looks messy. You have multiple redundant entries.

The first line is not necessary if you have the second one (the /48 is a superset of the /64)

The third line is redundant again.

The fourth line is an odd looking route for possibly the same network routing via br-lan that looks like it should not be there.

What is the IP of your tunnel endpoints and the delegated prefix and size?

difficult to tell: I'm just guessing. I don't know what your tunnel setup looks like

dl12345 · February 23, 2021, 7:47pm

I think first try to ping the ipv4 and ipv6 tunnel enpdoints, starting with the local ones and then the remote ones to see if they route properly