Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: SIT ip tunnel cannot be created

  1. #1
    Join Date
    Jun 2008
    Location
    Cannington, Ontario
    Posts
    15

    Default SIT ip tunnel cannot be created

    I am trying to setup a sit ip tunnel to an ipv6 end point.

    It appears that my 10.3 install does not recognize it.

    I am able to setup a gre tunnel.

    When I issue a modprobe ipv6 it returns nothing.

    Do I have to install 'sit' tunnel type separately?

    I currently use a tunnel broker software which does work ok so I know the relavent ipv6 modules must be installed.

  2. #2
    Join Date
    Jun 2008
    Location
    Kansas City
    Posts
    60

    Default Re: SIT ip tunnel cannot be created

    I have to "modprobe sit" first on 10.3 to get a sit0 I can work with.

    Who are you using for your tunnel broker? I've used Hurricane Electric for several years and my tunnel's been solid. Just curious to know what others are using.
    --Khan St Preest

  3. #3
    Join Date
    Jun 2008
    Location
    Cannington, Ontario
    Posts
    15

    Default Re: SIT ip tunnel cannot be created

    I was using Freenet (Hexago) but am moving to Hurricane Electric.

    Freenet has a client which did all the work.

    I will try modprobe sit to see what happens.

  4. #4
    Join Date
    Jun 2008
    Location
    Kansas City
    Posts
    60

    Default Re: SIT ip tunnel cannot be created

    HE's made some nice upgrades to their tunnel service the last several months, performance has improved quite a bit.

    Keep us posted, glad to help if it's still not workin' for ya.
    --Khan St Preest

  5. #5
    Join Date
    Jun 2008
    Location
    Cannington, Ontario
    Posts
    15

    Default Re: SIT ip tunnel cannot be created

    Your recommendation of using modprobe sit worked great, the tunnel is up.

    I have been testing the tunnel by pinging to The KAME project

    I get error messages saying that the destination is not reachable. In the body of the ping message it shows the following as 'from'

    starcastle.tunnel.tserv4.nyc4.ipv6.he.net

    It looks like the routing is correct.

    I am using my own copy of bind (on a different machine).

    Any ideas?

  6. #6
    Join Date
    Jun 2008
    Location
    Kansas City
    Posts
    60

    Default Re: SIT ip tunnel cannot be created

    I've posted my v6 address to you in PM. Let me know if you are able to ping me. It seems I can ping you but then you and I appear to be on the same v6 network anyway. I double-checked and I am able to get ipv6 connection to both IPv6: The Next Generation Internet! and The KAME project.

    Maybe post the output of "ip -6 route"

    Mine looks like this:
    Code:
    ::/96 via :: dev sit0  metric 256  mtu 1480 advmss 1420 fragtimeout 64
    2001:470:1f06:58::/64 via :: dev sit1  metric 256  mtu 1480 advmss 1420 fragtimeout 64
    fe80::/64 dev eth0  metric 256  mtu 1500 advmss 1440 fragtimeout 64
    fe80::/64 via :: dev sit1  metric 256  mtu 1480 advmss 1420 fragtimeout 64
    ff00::/8 dev eth0  metric 256  mtu 1500 advmss 1440 fragtimeout 1
    ff00::/8 dev sit1  metric 256  mtu 1480 advmss 1420 fragtimeout 1
    default dev sit1  metric 1  mtu 1480 advmss 1420 fragtimeout 64
    --Khan St Preest

  7. #7
    Join Date
    Jun 2008
    Location
    Cannington, Ontario
    Posts
    15

    Default Re: SIT ip tunnel cannot be created

    I decided to redo the entire setup in case I had made an error somewhere nd I guess I did.

    Using the default HE script the tunnel came up right away and I can browse v6 locations.

    Thanks for your help!

    Radvd is working (at least it broadcasts addresses and other system pick up the correct attributes).

    Cant browse the v6 addresses from other systems yet so I guess its more reading.

  8. #8
    Join Date
    Jun 2008
    Location
    Kansas City
    Posts
    60

    Default Re: SIT ip tunnel cannot be created

    Glad the tunnel's basically working, I might be able to help with the client routing too.

    First thing that comes to mind is check /etc/sysctl and make sure "net.ipv6.conf.all.forwarding = 1". Verify setting is in affect with "sysctl net.ipv6.conf.all.forwarding" or set it outright with "sysctl net.ipv6.conf.all.forwarding=1"

    Other than that, make sure that both the client and the router are configured with one of the HE issued /64 addresses assigned to you, that the client can ping6 the router's /64 addr, and that the default route on the client is set to use the router's /64 addr... e.g.
    Code:
    ip -6 route add default via ipv6-addr-of-your-router
    I rattled this off pretty quickly so might've missed something. Once it works we'll port the working info into the saved settings.
    Last edited by lccts1; 14-Jun-2008 at 12:45. Reason: dratted typos
    --Khan St Preest

  9. #9
    Join Date
    Jun 2008
    Location
    Cannington, Ontario
    Posts
    15

    Default Re: SIT ip tunnel cannot be created

    radvd is broadcasting everything right as far as I can tell (the syctl... is set to 1 otherwise radvd wont start)

    The default route shown in the other machines is that of the inet6 addr of the eth1 of the router box.

    On a windows sys I have the default gateway also points to that box.

    As a test I brought down the the HE tunnel and ran the Hexago tunnel broker on the same machine and the other machines on my lan were able to browse ipv6 sites ok.

  10. #10
    Join Date
    Jun 2008
    Location
    Kansas City
    Posts
    60

    Default Re: SIT ip tunnel cannot be created

    oooo-k,

    make sure ip6tables allows forwarded packets when the HE tunnel is active.

    then, run tcpdump on your router's sit device that has the v6 addr for your end of the tunnel...
    Code:
    tcpdump -i sit1 -n
    ...and ping6 from a client HE's end of the v6 tunnel...
    Code:
    ping6 starcastle.tunnel.tserv4.nyc4.ipv6.he.net
    ... to see if the client packets are even traversing to/through your router to the sit device at all. (If you can't even ping6 from a client to HE's end of the tunnel then the problem is almost certainly local to the router. OTOH, you may need to "rebuild" your tunnel, which you can do through the HE web interface.)

    If you can ping HE's end of the tunnel, ping6 one step further out to MY v6 address which you should have in PM. If not, let me know and I'll PM it to you again.

    If that works, ping6 out to somebody like ipv6.google.com, The KAME project, or IPv6: The Next Generation Internet!.

    At each step, watch tcpdump running on the router and see if it confirms two way traffic, one way, or none at all. When I first setup my v6 tunnel with HE tcpdump was my best friend. Once I got the tunnel working it worked flawlessly.

    hth, let me know.
    --Khan St Preest

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •