[opensuse-factory] ipv6 over sit1 tunnel (via he.net/tunnelbroker.net) FAILs after 13.1(w/o wicked)->13.2(w/ wicked) upgrade
continuing to test/troubleshoot network after 13.1 -> 13.2 upgrade, on 13.1, ipv6 on my external intfc, over an HE.net IPv6 tunnel, is completely functional for both inbound & outbound traffic. after the 13.1 -> 13.2 upgrade, ipv6 connectivity over the tunnel is non-functioning the external and tunnel interface configs, used across dozens of machines here, cat ifcfg-eth0 STARTMODE='auto' BOOTPROTO='static' BROADCAST='' BRIDGE='no' DHCPCLASS='' MTU='' NETWORK='' NM_CONTROLLED='no' REMOTE_IPADDR='' USERCONTROL='no' IPADDR='X.X.X.A/24' GATEWAY='X.X.X.1' NETMASK='255.255.255.0' IPV6INIT='yes' IPV6_AUTOCONF='no' IPADDR6='2001:hhh:hhhh:hhh::2/64' PREFIXLEN6='64' cat ifcfg-sit1 STARTMODE='onboot' BOOTPROTO='static' TUNNEL='sit' TUNNEL_LOCAL_IPADDR='X.X.X.A' TUNNEL_REMOTE_IPADDR='H.H.H.H' IPADDR='2001:hhh:hhhh:hhh::2/64' TUNNEL_TTL='64' testing, ping6 to google: FAIL ( host nuq05s01-in-x00.1e100.net nuq05s01-in-x00.1e100.net has IPv6 address 2607:f8b0:4005:800::1000 ) ping6 -c1 2607:f8b0:4005:800::1000 PING 2607:f8b0:4005:800::1000(2607:f8b0:4005:800::1000) 56 data bytes From 2001:hhh:hhhh:hhh::2 icmp_seq=1 Destination unreachable: Address unreachable --- 2607:f8b0:4005:800::1000 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms and, ping6 to gateway @ he.net: FAIL ping6 -c1 2001:hhh:hhhh:hhh::1 56 data bytes From 2001:iii:iiii:iii::7 icmp_seq=1 Destination unreachable: Address unreachable --- 2001:iii:iiii:iii::1 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms and, ping6 to self: OK ping6 -c1 2001:hhh:hhhh:hhh::2 PING 2001:hhh:hhhh:hhh::2(2001:hhh:hhhh:hhh::2) 56 data bytes 64 bytes from 2001:hhh:hhhh:hhh::2: icmp_seq=1 ttl=64 time=0.445 ms --- 2001:hhh:hhhh:hhh::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms and, ping6 to lan: OK ping6 -c1 2001:hhh:hhhh:hhh::7 ping6 -c1 2001:iii:iiii:iii::7 PING 2001:iii:iiii:iii::7(2001:iii:iiii:iii::7) 56 data bytes 64 bytes from 2001:iii:iiii:iii::7: icmp_seq=1 ttl=64 time=0.020 ms --- 2001:iii:iiii:iii::7 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.020/0.020/0.020/0.000 ms where routes are ip -6 route show 2001:hhh:hhhh:hhh::/64 dev sit1 proto kernel metric 256 2001:hhh:hhhh:hhh::/64 dev eth0 proto kernel metric 256 2001:iii:iiii:iii::/64 dev eth1 proto kernel metric 256 fe80::/64 dev sit1 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev ifb0 proto kernel metric 256 default via 2001:hhh:hhhh:hhh::1 dev sit1 metric 1024 again, wicked's supposed to be drop-in, using prior configs. something's clearly off here. question: is it config ? or a bug? -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 11/12/2014 10:05 AM, grantksupport@operamail.com wrote:
again, wicked's supposed to be drop-in, using prior configs. something's clearly off here.
question: is it config ? or a bug?
Over the past few years, I've noticed a disturbing trend where new things are introduced that break other things. I have been using 6in4 tunnels for about 4 years and if this problem remains then I will have to put 13.1 back on my notebook. Someone else has indicated problems with OpenVPN. Clearly, wicked was not ready, but was forced on us anyway. My firewall is currently running 13.1 and the 6in4 tunnel works fine there. So, hopefully this problem will be resolved before 13.1 evergreen ends. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
I've made a number of changes; in total, the changes now allow IPv6 under 13.2's wicked to function. ping6 to/from the 'net, over a tunnelbroker sit tunnel, from/to edge & lan boxes works, as does browsing, & in/outbound mail. I do not yet know what individual changes, or lesser subset, are necessary or sufficient, only that, atm 'it works' after boot. Haven't yet tested over any length of time. If I revert the changes, IPv6 ceases again to function. on lsb_release -rd Description: openSUSE 13.2 (Harlequin) (x86_64) Release: 13.2 uname -rm 3.17.2-3.gbf63174-default x86_64 with cat /etc/sysconfig/network/ifcfg-eth0 STARTMODE='auto' BOOTPROTO='static' BRIDGE='no' BROADCAST='' DHCLIENT_SET_DEFAULT_ROUTE=No DHCPCLASS='' MTU='' NETWORK='' NM_CONTROLLED='no' REMOTE_IPADDR='' USERCONTROL='no' IPADDR='L.L.L.L/24' GATEWAY='L.L.L.1' NETMASK='255.255.255.0' IPV6INIT='yes' IPV6_AUTOCONF='no' cat /etc/sysconfig/network/ifcfg-sit1 STARTMODE='onboot' BOOTPROTO='static' TUNNEL='sit' TUNNEL_LOCAL_IPADDR='L.L.L.L' TUNNEL_REMOTE_IPADDR='T.T.T.T' TUNNEL_TTL='64' IPADDR='H6:H6:H6:H6::2/64' and upgrade to latest wicked* from master branch, zypper dup --from WickedMaster where cat /etc/zypp/repos.d/WickedMaster.repo [WickedMaster] name=WickedMaster type=rpm-md baseurl=http://download.opensuse.org/repositories/home:/grantksupport:/wicked:/maste... autorefresh=1 enabled=1 gpgcheck=1 keeppackages=0 priority=10 rpm -qa | grep -i wicked wicked-service-0.6.12-9.1.x86_64 wicked-0.6.12-9.1.x86_64 libwicked-0-6-0.6.12-9.1.x86_64 removal of susefirewall* (which had been disabled anyway) rpm -qa | grep -i susefirewall (empty) install/enable of shorewall* from opensuse pkg'ing, rpm -qa | grep -i shorewall shorewall-4.6.4.3-160.1.noarch shorewall6-4.6.4.3-160.1.noarch shorewall6-lite-4.6.4.3-160.1.noarch shorewall-core-4.6.4.3-160.1.noarch shorewall-docs-4.6.4.3-160.1.noarch shorewall-init-4.6.4.3-160.1.noarch shorewall-lite-4.6.4.3-160.1.noarch systemctl list-unit-files | grep -i shorewall shorewall6-lite.service enabled shorewall6-lite.target static shorewall6.service disabled shorewall-init.service enabled shorewall-init.target static shorewall-lite.service enabled shorewall-lite.target static shorewall.service disabled and the modification of wicked* and shorewall* override units to correct dependencies on shorewall, rather than susefirewall, and to correctly use opensuse-pkg'd systemd v210's 'network-pre.target' for unit ordering, cat /etc/systemd/system/shorewall6-lite.service [Unit] Description=shorewall6-lite After=syslog.target network-online.target shorewall-lite.target Before=shorewall6-lite.target Conflicts=iptables.service firewalld.service SuSEfirewall2_init.service SuSEfirewall2.service ... cat /etc/systemd/system/shorewall-init.service [Unit] Description=shorewall-init Before=network.target network-pre.target Wants=network.target network-pre.target After=syslog.target Conflicts=iptables.service firewalld.service SuSEfirewall2_init.service SuSEfirewall2.service ... cat /etc/systemd/system/shorewall-lite.service [Unit] Description=shorewall-lite After=syslog.target network-online.target Before=shorewall-lite.target Wants=network-online.target Conflicts=iptables.service firewalld.service SuSEfirewall2_init.service SuSEfirewall2.service ... and cat /etc/systemd/system/wickedd-auto4.service [Unit] Description=wicked AutoIPv4 supplicant service After=local-fs.target dbus.service shorewall-init.service Before=wickedd.service wicked.service network.target multi-user.target shutdown.target PartOf=wickedd.service ... cat /etc/systemd/system/wickedd-dhcp4.service [Unit] Description=wicked DHCPv4 supplicant service After=local-fs.target dbus.service shorewall-init.service Before=wickedd.service wicked.service network.target multi-user.target shutdown.target PartOf=wickedd.service ... cat /etc/systemd/system/wickedd-dhcp6.service [Unit] Description=wicked DHCPv6 supplicant service After=local-fs.target dbus.service shorewall-init.service Before=wickedd.service wicked.service network.target multi-user.target shutdown.target PartOf=wickedd.service ... cat /etc/systemd/system/wickedd-nanny.service [Unit] Description=wicked network nanny service After=local-fs.target dbus.service shorewall-init.service wickedd.service Before=wicked.service network.target multi-user.target shutdown.target PartOf=wickedd.service ... cat /etc/systemd/system/wickedd.service [Unit] Description=wicked network management service daemon After=local-fs.target dbus.service isdn.service rdma.service shorewall-init.service After=network-pre.target Before=wicked.service network.target multi-user.target shutdown.target ... cat /etc/systemd/system/wicked.service [Unit] Description=wicked managed network interfaces Wants=network.target After=wickedd.service wickedd-nanny.service After=network-pre.target Before=shorewall-lite.service shorewall6-lite.service network-online.target network.target multi-user.target shutdown.target ... I've yet to include other network- & firewall-dependent apps (openvpn,fail2ban,bind8,etc) in the above configurations. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, 12 Nov 2014 07:05:07 -0800 grantksupport@operamail.com wrote:
continuing to test/troubleshoot network after 13.1 -> 13.2 upgrade,
on 13.1, ipv6 on my external intfc, over an HE.net IPv6 tunnel, is completely functional for both inbound & outbound traffic.
after the 13.1 -> 13.2 upgrade, ipv6 connectivity over the tunnel is non-functioning
the external and tunnel interface configs, used across dozens of machines here,
cat ifcfg-eth0 STARTMODE='auto' BOOTPROTO='static'
BROADCAST='' BRIDGE='no' DHCPCLASS='' MTU='' NETWORK='' NM_CONTROLLED='no' REMOTE_IPADDR='' USERCONTROL='no'
IPADDR='X.X.X.A/24' GATEWAY='X.X.X.1' NETMASK='255.255.255.0'
IPV6INIT='yes' IPV6_AUTOCONF='no' IPADDR6='2001:hhh:hhhh:hhh::2/64' PREFIXLEN6='64'
cat ifcfg-sit1 STARTMODE='onboot' BOOTPROTO='static' TUNNEL='sit' TUNNEL_LOCAL_IPADDR='X.X.X.A' TUNNEL_REMOTE_IPADDR='H.H.H.H' IPADDR='2001:hhh:hhhh:hhh::2/64' TUNNEL_TTL='64'
testing, ping6 to google: FAIL
( host nuq05s01-in-x00.1e100.net nuq05s01-in-x00.1e100.net has IPv6 address 2607:f8b0:4005:800::1000 )
ping6 -c1 2607:f8b0:4005:800::1000 PING 2607:f8b0:4005:800::1000(2607:f8b0:4005:800::1000) 56 data bytes From 2001:hhh:hhhh:hhh::2 icmp_seq=1 Destination unreachable: Address unreachable
--- 2607:f8b0:4005:800::1000 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
and, ping6 to gateway @ he.net: FAIL
ping6 -c1 2001:hhh:hhhh:hhh::1 56 data bytes From 2001:iii:iiii:iii::7 icmp_seq=1 Destination unreachable: Address unreachable
--- 2001:iii:iiii:iii::1 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
and, ping6 to self: OK
ping6 -c1 2001:hhh:hhhh:hhh::2 PING 2001:hhh:hhhh:hhh::2(2001:hhh:hhhh:hhh::2) 56 data bytes 64 bytes from 2001:hhh:hhhh:hhh::2: icmp_seq=1 ttl=64 time=0.445 ms
--- 2001:hhh:hhhh:hhh::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
and, ping6 to lan: OK
ping6 -c1 2001:hhh:hhhh:hhh::7 ping6 -c1 2001:iii:iiii:iii::7 PING 2001:iii:iiii:iii::7(2001:iii:iiii:iii::7) 56 data bytes 64 bytes from 2001:iii:iiii:iii::7: icmp_seq=1 ttl=64 time=0.020 ms
--- 2001:iii:iiii:iii::7 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.020/0.020/0.020/0.000 ms
where routes are
ip -6 route show 2001:hhh:hhhh:hhh::/64 dev sit1 proto kernel metric 256 2001:hhh:hhhh:hhh::/64 dev eth0 proto kernel metric 256 2001:iii:iiii:iii::/64 dev eth1 proto kernel metric 256 fe80::/64 dev sit1 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev ifb0 proto kernel metric 256 default via 2001:hhh:hhhh:hhh::1 dev sit1 metric 1024
again, wicked's supposed to be drop-in, using prior configs. something's clearly off here.
question: is it config ? or a bug?
Thanks for testing this. Could you please open a bug and attach logs as described here: https://en.opensuse.org/openSUSE:Bugreport_wicked We will then take a look and decide what is happening. But among other this one is not needed (red hat style): IPV6INIT='yes' -- Best Regards, Pawel Wieczorkiewicz <pwieczorkiewicz@suse.de>, Linux System Developer SUSE LINUX GmbH, GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 / 90409 Nürnberg / Germany / Phone: +49-911-740 53 - 613 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Please see inline... On Wed, Nov 12, 2014 at 07:05:07AM -0800, grantksupport@operamail.com wrote:
continuing to test/troubleshoot network after 13.1 -> 13.2 upgrade,
on 13.1, ipv6 on my external intfc, over an HE.net IPv6 tunnel, is completely functional for both inbound & outbound traffic.
after the 13.1 -> 13.2 upgrade, ipv6 connectivity over the tunnel is non-functioning
the external and tunnel interface configs, used across dozens of machines here,
cat ifcfg-eth0 STARTMODE='auto' BOOTPROTO='static'
BROADCAST='' BRIDGE='no' DHCPCLASS='' MTU='' NETWORK='' NM_CONTROLLED='no' REMOTE_IPADDR='' USERCONTROL='no'
IPADDR='X.X.X.A/24' GATEWAY='X.X.X.1' NETMASK='255.255.255.0'
IPV6INIT='yes' IPV6_AUTOCONF='no' IPADDR6='2001:hhh:hhhh:hhh::2/64' PREFIXLEN6='64'
cat ifcfg-sit1 STARTMODE='onboot' BOOTPROTO='static' TUNNEL='sit' TUNNEL_LOCAL_IPADDR='X.X.X.A' TUNNEL_REMOTE_IPADDR='H.H.H.H' IPADDR='2001:hhh:hhhh:hhh::2/64' TUNNEL_TTL='64'
testing, ping6 to google: FAIL
( host nuq05s01-in-x00.1e100.net nuq05s01-in-x00.1e100.net has IPv6 address 2607:f8b0:4005:800::1000 )
ping6 -c1 2607:f8b0:4005:800::1000 PING 2607:f8b0:4005:800::1000(2607:f8b0:4005:800::1000) 56 data bytes From 2001:hhh:hhhh:hhh::2 icmp_seq=1 Destination unreachable: Address unreachable
--- 2607:f8b0:4005:800::1000 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
and, ping6 to gateway @ he.net: FAIL
ping6 -c1 2001:hhh:hhhh:hhh::1 56 data bytes From 2001:iii:iiii:iii::7 icmp_seq=1 Destination unreachable: Address unreachable
--- 2001:iii:iiii:iii::1 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
and, ping6 to self: OK
ping6 -c1 2001:hhh:hhhh:hhh::2 PING 2001:hhh:hhhh:hhh::2(2001:hhh:hhhh:hhh::2) 56 data bytes 64 bytes from 2001:hhh:hhhh:hhh::2: icmp_seq=1 ttl=64 time=0.445 ms
--- 2001:hhh:hhhh:hhh::2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.445/0.445/0.445/0.000 ms
and, ping6 to lan: OK
ping6 -c1 2001:hhh:hhhh:hhh::7 ping6 -c1 2001:iii:iiii:iii::7 PING 2001:iii:iiii:iii::7(2001:iii:iiii:iii::7) 56 data bytes 64 bytes from 2001:iii:iiii:iii::7: icmp_seq=1 ttl=64 time=0.020 ms
--- 2001:iii:iiii:iii::7 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.020/0.020/0.020/0.000 ms
where routes are
ip -6 route show 2001:hhh:hhhh:hhh::/64 dev sit1 proto kernel metric 256 2001:hhh:hhhh:hhh::/64 dev eth0 proto kernel metric 256 2001:iii:iiii:iii::/64 dev eth1 proto kernel metric 256 fe80::/64 dev sit1 proto kernel metric 256 fe80::/64 dev eth0 proto kernel metric 256 fe80::/64 dev eth1 proto kernel metric 256 fe80::/64 dev ifb0 proto kernel metric 256 default via 2001:hhh:hhhh:hhh::1 dev sit1 metric 1024
again, wicked's supposed to be drop-in, using prior configs. something's clearly off here.
question: is it config ? or a bug?
Have you tried using the following route table entries: default via fe80:: dev sit1 metric 1024 OR default dev sit1 metric 1024 ---> route according to manual config presented on HE.net I was able to successfully (using HE.net tunneling and a sit tunnel configured via wicked) `ping6 google.com`. I tried pinging 2001:hhh:hhhh:hhh::1 as well, but saw the same Address Unreachable error you described. I tried this with a sit tunnel created under wicked, and with one created via `ip tunnel`. Both showed the same results. If you are still experiencing problems after changing the routing entries, please do file a bug with all necessary logs as described in https://en.opensuse.org/openSUSE:Bugreport_wicked. This will help us debug further. Thanks, Karol
On Wed, Nov 12, 2014, at 06:24 PM, Karol Mroz wrote:
Have you tried using the following route table entries:
default via fe80:: dev sit1 metric 1024
OR
default dev sit1 metric 1024 ---> route according to manual config presented on HE.net
I was able to successfully (using HE.net tunneling and a sit tunnel configured via wicked) `ping6 google.com`. I tried pinging 2001:hhh:hhhh:hhh::1 as well, but saw the same Address Unreachable error you described. I tried this with a sit tunnel created under wicked, and with one created via `ip tunnel`. Both showed the same results.
Yes, I"d also tried the 'manual' he.net config for 'linux route2' ... with no luck. With my mods, above, it all seems to be working (1) across multiple reboots, and (2) for several hours under moderate load, so far without error. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
grantksupport@operamail.com -
James Knott -
Karol Mroz -
Pawel Wieczorkiewicz