Regarding ipip6 with "peeraddr=::"

sphalerite · June 2, 2025, 3:10pm

Hi all,

I would like to create ipip6 tunnel interface with "peeraddr=::" to accept ipip6 packets from anonymous IPv6 addresses.
Here are my ipip6 configurations, and firewall service is stopped now.

uci set network.tun0=interface
uci set network.tun0.proto=ipip6
uci set network.tun0.peeraddr=::
uci set network.tun0.ip4ifaddr=192.0.0.1
uci set network.tun0.auto=1
uci set network.tun0.tunlink=wan6
uci set network.tun0.encaplimit=ignore

Then as follows I am able to see reply packets on the tun0 inteface, but somehow I am not able to see them on the wan6 interface (net0).

root@rt:/# tcpdump -eni net0
ba:7e:45:3e:9a:f7 > fe:15:64:4c:43:bd, ethertype IPv6 (0x86dd), length 138: 2001:db8:1::a01:100:0 > 2001:db8:23::1: 10.1.1.0 > 2.2.2.1: ICMP echo request, id 23, seq 4, length 64
ba:7e:45:3e:9a:f7 > fe:15:64:4c:43:bd, ethertype IPv6 (0x86dd), length 138: 2001:db8:1::a01:100:0 > 2001:db8:23::1: 10.1.1.0 > 2.2.2.1: ICMP echo request, id 23, seq 5, length 64
ba:7e:45:3e:9a:f7 > fe:15:64:4c:43:bd, ethertype IPv6 (0x86dd), length 138: 2001:db8:1::a01:100:0 > 2001:db8:23::1: 10.1.1.0 > 2.2.2.1: ICMP echo request, id 23, seq 6, length 64

root@rt:/# tcpdump -eni ipip6-tun0
 In ethertype IPv4 (0x0800), length 100: 10.1.1.0 > 2.2.2.1: ICMP echo request, id 23, seq 54, length 64
Out ethertype IPv4 (0x0800), length 100: 2.2.2.1 > 10.1.1.0: ICMP echo reply, id 23, seq 54, length 64
 In ethertype IPv4 (0x0800), length 100: 10.1.1.0 > 2.2.2.1: ICMP echo request, id 23, seq 55, length 64
Out ethertype IPv4 (0x0800), length 100: 2.2.2.1 > 10.1.1.0: ICMP echo reply, id 23, seq 55, length 64

root@rt:/# ip route
default dev ipip6-tun0 proto static scope link
2.2.2.0/24 dev net1 proto kernel scope link src 2.2.2.254

root@rt:/# ip -6 route
2001:db8:23::/64 dev net0 proto kernel metric 256 pref medium
fe80::/64 dev net0 proto kernel metric 256 pref medium
fe80::/64 dev net1 proto kernel metric 256 pref medium
fe80::/64 dev ipip6-tun0 proto kernel metric 256 pref medium
default via 2001:db8:23::ffff dev net0 proto static metric 1024 pref medium

How do I pass a reply packet to net0 and encapsulate it again with IPv6??
Do I need to add any routes?

Thank you in advance.

lleachii · June 2, 2025, 3:19pm

Please provide the output of:

ubus call system board

sphalerite · June 2, 2025, 3:33pm

Thank you for reply.
Here is the output

root@rt:/# ubus call system board
{
        "kernel": "6.6.87.1-microsoft-standard-WSL2",
        "hostname": "rt",
        "system": "Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.1",
                "revision": "r28597-0425664679",
                "target": "x86/64",
                "description": "OpenWrt 24.10.1 r28597-0425664679",
                "builddate": "1744562312"
        }
}

My openwrt is on docker on WSL2.

Best Regards,

lleachii · June 2, 2025, 7:25pm

Oh wow!

Well that's quite a niche use case!

Be patient waiting on responses.

Aside from it not being clear where there anonymous encapsulated packets are originating (or destined, as based on your tcpdump), it seems the tunnel you sent the pings through uses net1 - not net0.

Try running tcpdump -eni net1 instead.

sphalerite · June 3, 2025, 1:28am

Thank you for your reply.

Here is the result captured on net1.

root@rt2:/# tcpdump -eni net1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on net1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:22:00.489767 fa:1f:e7:d7:f5:4f > 02:42:ac:00:10:02, ethertype IPv4 (0x0800), length 98: 10.1.1.0 > 2.2.2.1: ICMP echo request, id 25, seq 2512, length 64
01:22:00.489777 02:42:ac:00:10:02 > fa:1f:e7:d7:f5:4f, ethertype IPv4 (0x0800), length 98: 2.2.2.1 > 10.1.1.0: ICMP echo reply, id 25, seq 2512, length 64
01:22:00.489786 fa:1f:e7:d7:f5:4f > 02:42:ac:00:10:02, ethertype IPv4 (0x0800), length 126: 2.2.2.254 > 2.2.2.1: ICMP host 10.1.1.0 unreachable, length 92

There is a default route, but for some reason Host Unreachable is returning.

Best Regards,

lleachii · June 3, 2025, 6:47am

?

You lost me, why are you showing me net1 on another OpenWrt?

Is there more to this issue, or do you need to expound with more details (i.e., was displaying rt2 supposed to be self-explanatory - if so, how)?

Edit:

BTW, despite not knowing what this host/router is, generally 0 is [mostly] invalid as a last octet for an IP address. It's generally used to refer to a [whole] network.

sphalerite · June 3, 2025, 8:24am

Hi

Thank you for your response.
I'm sorry for inviting some confustion.

When I rebuilt my openwrt, I configured different hostname.
The last octet happened to be set to 0, but the same problem occurs with other values as follows;

root@rt2:/# tcpdump -eni net1
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on net1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
08:22:16.497294 a6:bc:20:dd:56:a1 > 33:33:00:00:00:16, ethertype IPv6 (0x86dd), length 110: fe80::a4bc:20ff:fedd:56a1 > ff02::16: HBH ICMP6, multicast listener report v2, 2 group record(s), length 48
08:22:16.877646 a6:bc:20:dd:56:a1 > 02:42:ac:00:10:02, ethertype IPv4 (0x0800), length 98: 1.1.1.1 > 2.2.2.1: ICMP echo request, id 29, seq 2839, length 64
08:22:16.877677 02:42:ac:00:10:02 > a6:bc:20:dd:56:a1, ethertype IPv4 (0x0800), length 98: 2.2.2.1 > 1.1.1.1: ICMP echo reply, id 29, seq 2839, length 64
08:22:16.877706 a6:bc:20:dd:56:a1 > 02:42:ac:00:10:02, ethertype IPv4 (0x0800), length 126: 2.2.2.254 > 2.2.2.1: ICMP host 1.1.1.1 unreachable, length 92

Best Regards,

lleachii · June 3, 2025, 11:53am

It appears you introduced more.

?

you fail to explain the value and what it is
you fail to explain the destination

Please explain 2.2.2.254, 2.2.2.1, and 1.1.1.1. Assume we didn't guess your topology.