OVH Community, your new community space.

IP6 not working?


Myatu
22-04-2013, 17:07
I've noticed you've said that "autoconf" is already set to 0. Try setting "accept_ra" to 0 as well with either:

Code:
echo 0 > /proc/sys/net/ipv6/conf/eth0/accept_ra
or

Code:
sysctl -w net.ipv6.conf.eth0.accept_ra=0

cyclo
17-04-2013, 23:59
I've noticed that this randomly resets itself for no apparent reason and I have to manually add the route again

Y3K-Daniel
26-03-2013, 17:59
Interesting, the only way I have it working on at least one of my servers is with what i posted (except with an ipv6 in my /64). If I do it the other way it does not work correctly, as it appears to add a /56 route itself that stops working a while after reboot (similar to the route cyclo was getting).

Myatu
26-03-2013, 16:51
Quote Originally Posted by Y3K-Daniel
Code:
iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 56
        gateway 2001:41D0:2:91ff:ff:ff:ff:ff #This is optional
nd ra is removed again, so this will be depreated (see http://status.ovh.co.uk/?do=details&id=2858). There was a little debate surrounding that, whether to use /56 or /64. The answer was to use the /64 style, as in cyclo's original configuration (see http://forum.ovh.co.uk/showpost.php?...5&postcount=13).

Y3K-Daniel
26-03-2013, 16:31
Code:
iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0
Change that to:

Code:
iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 56
        gateway 2001:41D0:2:91ff:ff:ff:ff:ff #This is optional
And it should all work nicely, it's just the way the OVH setup works.

Myatu
26-03-2013, 00:30
Good stuff. Don't forget to setup a firewall for IPv6.

It is a bit odd that your route was the way it was, if autoconf was already disabled. But hopefully it'll not change now.

cyclo
26-03-2013, 00:24
autoconf was already set to 0, but I went ahead and manually added the changes you pasted above and it works fine!

Myatu
25-03-2013, 20:43
Hmm, you're getting your requests so it's reachable and the OVH router is doings its thing, but your replies might end up in limbo because of the route.

If cat /proc/sys/net/ipv6/conf/eth0/autoconf gives you 1, disable it temporarily with echo 0 > /proc/sys/net/ipv6/conf/eth0/autoconf . Then re-setup the route directly to the gateway with:

Code:
ip -6 route del 2001:41d0:2:9100::/56 dev eth0
ip -6 route del default via fe80::8a43:e1ff:fe11:c23c
ip -6 route add default via 2001:41D0:2:91ff:ff:ff:ff:ff
Which should leave you with just this (checked via ip -6 route):

Code:
2001:41d0:2:9133::/64 dev eth0  proto kernel  metric 256
2001:41d0:2:91ff:ff:ff:ff:ff dev eth0  metric 1024
fe80::/64 dev eth0  proto kernel  metric 256
default via 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0  metric 1024
See if this will lead you somewhere. If it does, make sure to permanently disable the autoconf, ie:

Code:
echo "net.ipv6.conf.eth0.autoconf = 0" >> /etc/sysctl.conf
sysctl -p

cyclo
25-03-2013, 19:37
Here you go:

Code:
root@saladfingerz:~# tcpdump -i eth0 icmp6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
18:35:47.714492 IP6 2001:5c0:1502:f900:1d0:deb4:6ce2:e807 > 2001:41d0:2:9133::1: ICMP6, echo request, seq 43, length 40
18:35:47.714513 IP6 2001:41d0:2:9133::1 > 2001:5c0:1502:f900:1d0:deb4:6ce2:e807: ICMP6, echo reply, seq 43, length 40
18:35:52.246108 IP6 2001:5c0:1502:f900:1d0:deb4:6ce2:e807 > 2001:41d0:2:9133::1: ICMP6, echo request, seq 44, length 40
18:35:52.246140 IP6 2001:41d0:2:9133::1 > 2001:5c0:1502:f900:1d0:deb4:6ce2:e807: ICMP6, echo reply, seq 44, length 40
Code:
root@saladfingerz:~# ip -6 route
2001:41d0:2:9133::/64 dev eth0  proto kernel  metric 256
2001:41d0:2:91ff:ff:ff:ff:ff dev eth0  metric 1024
2001:41d0:2:9100::/56 dev eth0  proto kernel  metric 256  expires 2591863sec
fe80::/64 dev eth0  proto kernel  metric 256
default via fe80::8a43:e1ff:fe11:c23c dev eth0  proto ra  metric 1024  expires 1663sec

Myatu
25-03-2013, 08:20
Right, so your config looks fine and you don't have an IPv6 firewall setup. Could you verify with ip -6 route that it does indeed use the default gateway specified?

You can also perform a check with tcpdump, ie tcpdump -i eth0 icmp6, which should show ICMP6 echo requests and replies (in order) when you perform a ping6 on another terminal.

cyclo
25-03-2013, 01:10
Code:
root@saladfingerz:~# ip6tables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Code:
root@saladfingerz:~# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       tcp  --  anywhere             anywhere             tcp dpt:ftp state NEW recent: UPDATE seconds: 60 hit_count: 4 name: DEFAULT side: source
           tcp  --  anywhere             anywhere             tcp dpt:ftp state NEW recent: SET name: DEFAULT side: source
DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 60 hit_count: 4 name: DEFAULT side: source
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source
DROP       all  --  80.63.56.147         anywhere
DROP       all  --  c-75-73-75-86.hsd1.mn.comcast.net  anywhere
DROP       all  --  5.199.132.164        anywhere
DROP       all  --  113.85.224.159.triolan.net  anywhere
DROP       all  --  ge-3-3-0-core-as12455.orange.co.ke  anywhere
DROP       all  --  202.113.65.229       anywhere
DROP       all  --  216.83.60.76         anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain syn-flood (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             limit: avg 10/sec burst 50
DROP       all  --  anywhere             anywhere

alex
24-03-2013, 20:29
Quote Originally Posted by cyclo
I have a few rules in iptables, but there's nothing in there that blocks pings, or anything related to IPv6
have you check firewall for ipv6? I had similar issue.

cyclo
24-03-2013, 18:49
I have a few rules in iptables, but there's nothing in there that blocks pings, or anything related to IPv6

Myatu
23-03-2013, 12:03
Are you using a firewall? Ensure that is configured properly for IPv6, and that the firewall allows for pings (ICMP).

wii89
21-03-2013, 11:28
That config looks ok

cyclo
19-03-2013, 15:36
This is the ip6 part of the config:

Code:
iface eth0 inet6 static
        address 2001:41D0:2:9133::1
        netmask 64
        post-up /sbin/ip -f inet6 route add 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0
        post-up /sbin/ip -f inet6 route add default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del default via 2001:41D0:2:91ff:ff:ff:ff:ff
        pre-down /sbin/ip -f inet6 route del 2001:41D0:2:91ff:ff:ff:ff:ff dev eth0

Abdurrahman
19-03-2013, 12:59
Hi cyclo,

Can you show me the network interfaces file? It seems strange, because it should be configured by default on Debian 7.

cyclo
19-03-2013, 11:45
I am having issues with ip6 not working. If I try ping6 google.com for example I don't receive any replies.

Code:
root@***:/var/log# ping6 google.com
PING google.com(par03s02-in-x0e.1e100.net) 56 data bytes
^C
--- google.com ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3022ms
I'm a complete noob when it comes to ip6 and I have no idea where to start looking. ifconfig does shows an ip6 address added, and it matches the one in the manager.

The server is a SP32G running debian 7