Re: IPv6 problems
Hi, when doing slaacctl send solicitation vio0, tcpdump says: mx-00# tcpdump -ni vio0 icmp6 tcpdump: listening on vio0, link-type EN10MB 16:06:54.725229 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: router solicitation 16:06:55.803125 fe80::22d8:b00:86fa:424c > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 16:06:55.807067 fe80::b438:86ff:fe34:b14d > ff02::1:ff00:0: icmp6: neighbor sol: who has :: 16:06:57.152589 fe80::22d8:b00:86ee:ff4 > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 16:06:58.815291 fe80::22d8:b00:86fa:424c > ff02::1:ff00:0: icmp6: neighbor sol: who has 2a03:4000:21:6db:: [class 0xc0] 16:06:59.815941 fe80::22d8:b00:86fa:424c > ff02::1:ff00:0: icmp6: neighbor sol: who has 2a03:4000:21:6db:: [class 0xc0] 16:07:00.822213 fe80::22d8:b00:86fa:424c > ff02::1:ff00:0: icmp6: neighbor sol: who has 2a03:4000:21:6db:: [class 0xc0] 16:07:00.823550 fe80::7452:47ff:fe16:9b9 > ff02::1:ff00:0: icmp6: neighbor sol: who has :: 16:07:00.825485 fe80::22d8:b00:86fa:424c > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 16:07:02.150665 fe80::22d8:b00:86ee:ff4 > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] ^C 2558 packets received by filter Any clearance ? Regards, Stephan On 8/23/19 1:13 PM, Bastien Durel wrote: > Le jeudi 22 août 2019 à 20:11 +0200, list a écrit : >> Hi, >> >> I might be missing something right here >> >> I have the output of "route show" attached, because I cannot paste it >> in >> here in a formatted form. >> >> >> This is super annoying. >> >> Just wanna get the damn thing running. >> > ff02::2 is a multicast address, it's not intended to be used as a route > gateway. > It's only a way to discover routers. > > for example: > > fremen# ping6 ff02::2%em1 > PING ff02::2%em1 (ff02::2%em1): 56 data bytes > 64 bytes from fe80::6366:1356:e19:f361%em1: icmp_seq=0 hlim=64 time=0.114 ms > 64 bytes from fe80::225:22ff:fe1e:bb7%em1: icmp_seq=0 hlim=64 time=0.320 ms > (DUP!) > 64 bytes from fe80::6366:1356:e19:f361%em1: icmp_seq=1 hlim=64 time=0.082 ms > 64 bytes from fe80::225:22ff:fe1e:bb7%em1: icmp_seq=1 hlim=64 time=0.293 ms > (DUP!) > > Here fe80::6366:1356:e19:f361 is the LL address of em1, so > fe80::225:22ff:fe1e:bb7%em1 is the router on the other side of link. >
Re: IPv6 problems
Hello, @Fernando Gont: I have tried that as well. No difference. @ Bastien Durel When pinging ff02::2%vio0 I don't receive any replies. The tcpdump for those requests is the following: # tcpdump -ni vio0 icmp6 tcpdump: listening on vio0, link-type EN10MB 15:47:40.580787 fe80::22d8:b00:86fa:424c > ff02::1:ff00:0: icmp6: neighbor sol: who has 2a03:4000:21:6db:: [class 0xc0] 15:47:40.583638 fe80::22d8:b00:86fa:424c > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 15:47:41.725300 fe80::22d8:b00:86ee:ff4 > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 15:47:43.844162 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:44.845036 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:45.581326 fe80::22d8:b00:86fa:424c > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 15:47:45.834984 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:46.729443 fe80::22d8:b00:86ee:ff4 > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 15:47:46.835383 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:47.580262 fe80::22d8:b00:86fa:424c > ff02::1:ff00:3: icmp6: neighbor sol: who has 2a03:4000:21:6ef::3 [class 0xc0] 15:47:47.835361 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:48.581182 fe80::22d8:b00:86fa:424c > ff02::1:ff00:3: icmp6: neighbor sol: who has 2a03:4000:21:6ef::3 [class 0xc0] 15:47:48.581516 fe80::8d4:7cff:fe04:a773 > ff02::1:ff00:0: icmp6: neighbor sol: who has :: 15:47:48.582270 fe80::845e:61ff:fe17:997d > ff02::1:ff00:0: icmp6: neighbor sol: who has :: 15:47:48.584608 fe80::3800:edff:fe06:769c > ff02::1:ff00:0: icmp6: neighbor sol: who has :: 15:47:48.590014 fe80::b438:86ff:fe34:b14d > ff02::1:ff00:0: icmp6: neighbor sol: who has :: 15:47:48.835487 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:49.580501 fe80::22d8:b00:86fa:424c > ff02::1:ff00:3: icmp6: neighbor sol: who has 2a03:4000:21:6ef::3 [class 0xc0] 15:47:49.835293 fe80::2de:361a:24aa:d7a6 > ff02::2: icmp6: echo request 15:47:50.589407 fe80::22d8:b00:86fa:424c > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] 15:47:51.725823 fe80::22d8:b00:86ee:ff4 > ff02::1:ff96:189a: icmp6: neighbor sol: who has 2a03:4000:21:18a:84e:27ff:fe96:189a [class 0xc0] fe80::2de:361a:24aa:d7a6 --> address of my interface. Regards, Stephan. On 8/23/19 1:13 PM, Bastien Durel wrote: > Le jeudi 22 août 2019 à 20:11 +0200, list a écrit : >> Hi, >> >> I might be missing something right here >> >> I have the output of "route show" attached, because I cannot paste it >> in >> here in a formatted form. >> >> >> This is super annoying. >> >> Just wanna get the damn thing running. >> > ff02::2 is a multicast address, it's not intended to be used as a route > gateway. > It's only a way to discover routers. > > for example: > > fremen# ping6 ff02::2%em1 > PING ff02::2%em1 (ff02::2%em1): 56 data bytes > 64 bytes from fe80::6366:1356:e19:f361%em1: icmp_seq=0 hlim=64 time=0.114 ms > 64 bytes from fe80::225:22ff:fe1e:bb7%em1: icmp_seq=0 hlim=64 time=0.320 ms > (DUP!) > 64 bytes from fe80::6366:1356:e19:f361%em1: icmp_seq=1 hlim=64 time=0.082 ms > 64 bytes from fe80::225:22ff:fe1e:bb7%em1: icmp_seq=1 hlim=64 time=0.293 ms > (DUP!) > > Here fe80::6366:1356:e19:f361 is the LL address of em1, so > fe80::225:22ff:fe1e:bb7%em1 is the router on the other side of link. >
Re: IPv6 problems
On 22/8/19 21:11, list wrote: > Hi, > > I might be missing something right here > > I have the output of "route show" attached, because I cannot paste it in > here in a formatted form. > > > This is super annoying. > > Just wanna get the damn thing running. Your default route is wrong. Namely: defaultff02::2%vio0 UGS01 - 8 vio0 If your provider says that the default router is on fe80::1, then the default route should be: defaultfe80::1%vio0 UGS01 - 8 vio0 Thanks, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1
Re: IPv6 problems
Le jeudi 22 août 2019 à 20:11 +0200, list a écrit : > Hi, > > I might be missing something right here > > I have the output of "route show" attached, because I cannot paste it > in > here in a formatted form. > > > This is super annoying. > > Just wanna get the damn thing running. > ff02::2 is a multicast address, it's not intended to be used as a route gateway. It's only a way to discover routers. for example: fremen# ping6 ff02::2%em1 PING ff02::2%em1 (ff02::2%em1): 56 data bytes 64 bytes from fe80::6366:1356:e19:f361%em1: icmp_seq=0 hlim=64 time=0.114 ms 64 bytes from fe80::225:22ff:fe1e:bb7%em1: icmp_seq=0 hlim=64 time=0.320 ms (DUP!) 64 bytes from fe80::6366:1356:e19:f361%em1: icmp_seq=1 hlim=64 time=0.082 ms 64 bytes from fe80::225:22ff:fe1e:bb7%em1: icmp_seq=1 hlim=64 time=0.293 ms (DUP!) Here fe80::6366:1356:e19:f361 is the LL address of em1, so fe80::225:22ff:fe1e:bb7%em1 is the router on the other side of link. -- Bastien
Re: IPv6 problems
Hi, I might be missing something right here I have the output of "route show" attached, because I cannot paste it in here in a formatted form. This is super annoying. Just wanna get the damn thing running. Regards, Stephan On 8/19/19 10:33 AM, Bastien Durel wrote: > Le dimanche 18 août 2019 à 11:50 +0200, list a écrit : >> When I take a closer look and run tcpdump while pinging I see the >> following output: >> (With route to fe80::1%vio added and the normal hostname.vio0) >> >> 11:40:36.446539 fe80:: > ff02::1:ff00:1: icmp6: neighbor sol: >> who has fe80::1 >> >> This line is being repeated over and over again. I left out all the >> other traffic that is not related to my /64. >> >> Hm... >> Any ideas ? >> >> I've got a feeling that somethings wrong with that fe80::1 >> address... > Hello, > > A router may be configured to use fe80::1 LL address, but it may not > too. It's not a standard AFAIK. I never encountered one myself. > If no one responds to your neighbor sol packet, it's probably because > no router uses this address. > > To discover routers in an unknown network, I use "ping6 ff02::2%vio0", > as ff02::2 is a standard multicast address for "ip6-allrouters" (as > ff02::1 is for all nodes) > nternet6: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultff02::2%vio0 UGS01 - 8 vio0 ::/96 localhost UGRS 00 32768 8 lo0 localhost localhost UHhl 1334104 32768 1 lo0 :::0.0.0.0/96 localhost UGRS 00 32768 8 lo0 2002::/24 localhost UGRS 00 32768 8 lo0 2002:7f00::/24 localhost UGRS 00 32768 8 lo0 2002:e000::/20 localhost UGRS 00 32768 8 lo0 2002:ff00::/24 localhost UGRS 00 32768 8 lo0 2a03:4000:21:65f::UCn00 - 4 vio0 UHLl 00 - 1 vio0 fe80::/10 localhost UGRS 01 32768 8 lo0 fec0::/10 localhost UGRS 00 32768 8 lo0 fe80::%vio0/64 fe80::2de:361a:24a UCn1 38 - 4 vio0 fe80::1%vio0 00:00:5e:00:02:02 UHLc 0 366 - 3 vio0 fe80::2de:361a:24a d6:2a:39:5a:c3:6b UHLl 00 - 1 vio0 fe80::1%lo0fe80::1%lo0UHl00 32768 1 lo0 ff01::/16 localhost UGRS 01 32768 8 lo0 ff01::%vio0/32 fe80::2de:361a:24a Um 01 - 4 vio0 ff01::%lo0/32 fe80::1%lo0Um 01 32768 4 lo0 ff02::/16 localhost UGRS 01 32768 8 lo0 ff02::%vio0/32 fe80::2de:361a:24a Umh15 - 4 vio0 ff02::%lo0/32 fe80::1%lo0Um 01 32768 4 lo0
Re: IPv6 problems
On Sun, Aug 18, 2019 at 07:36:55PM +0200, list wrote: > Hi, > > The output of slaacctl show interface vio0 ist the following: > > # slaacctl show interface vio0 > > slaacctl: connect: /dev/slaacd.sock: Connection refused > > This is not how it is supposed to be i guess. it would be interesting to know why slaacd is not running though. Because it's supposed to be always running. It looks like this when no v6 is configured at all: [florian@openbsd-dev:~] > slaacctl show interface em0 [florian@openbsd-dev:~] and like this once v6 is configured but no router advertisements are present: [florian@openbsd-dev:~] > doas ifconfig em0 inet6 autoconf [florian@openbsd-dev:~] > slaacctl show interface em0 em0: index: 1 running: yes privacy: yes lladdr: 00:0c:29:61:52:4b inet6: fe80::86fa:49f4:be6c:1ca8%em0 -- I'm not entirely sure you are real.
Re: IPv6 problems
Le dimanche 18 août 2019 à 11:50 +0200, list a écrit : > When I take a closer look and run tcpdump while pinging I see the > following output: > (With route to fe80::1%vio added and the normal hostname.vio0) > > 11:40:36.446539 fe80:: > ff02::1:ff00:1: icmp6: neighbor sol: > who has fe80::1 > > This line is being repeated over and over again. I left out all the > other traffic that is not related to my /64. > > Hm... > Any ideas ? > > I've got a feeling that somethings wrong with that fe80::1 > address... Hello, A router may be configured to use fe80::1 LL address, but it may not too. It's not a standard AFAIK. I never encountered one myself. If no one responds to your neighbor sol packet, it's probably because no router uses this address. To discover routers in an unknown network, I use "ping6 ff02::2%vio0", as ff02::2 is a standard multicast address for "ip6-allrouters" (as ff02::1 is for all nodes) -- Bastien
Re: IPv6 problems
Hi, so i removed everything from /etc/mygate and rebooted the machine. I still cannot ping anybody. The output of slaacctl show interface vio0 ist the following: # slaacctl show interface vio0 slaacctl: connect: /dev/slaacd.sock: Connection refused This is not how it is supposed to be i guess. My provider doesn't have any BSD related examples. Thanks for your time freda bundchen! Regards, Stephan On 8/18/19 3:10 PM, freda_bundc...@nym.hush.com wrote: >> From: list >> my /etc/hostname looks exactly like you proposed: >> inet6 autoconf autoconfprivacy soii >> inet6 >> when i enter the default IPv6 gateway manually. I can ping stuff >> but don't get a reply. When I don't: "No route to host" >> (With route to fe80::1%vio added and the normal hostname.vio0) > I would suggest not specifying any routes or link-local addresses, and > instead in /etc/hostname.vio0 make sure the IPv6 address in > is the public IPv6 address given by your provider (I know there's a > /64, but I'm just going by the example of my own provider.) > > Then make sure /etc/mygate doesn't have any IPv6 addresses. Then > perhaps reboot everything to make sure you've cleared out references > to fe80::1, if /bin/sh /etc/netstart doesn't get everything working. > > My provider's configuration examples said to use -autoconfprivacy and > -soii so you might try that also. But mine works with autoconfprivacy > and soii. > > What is the output of slaacctl show interface vio0? > >
Re: IPv6 problems
> From: list > my /etc/hostname looks exactly like you proposed: > inet6 autoconf autoconfprivacy soii > inet6 > when i enter the default IPv6 gateway manually. I can ping stuff > but don't get a reply. When I don't: "No route to host" > (With route to fe80::1%vio added and the normal hostname.vio0) I would suggest not specifying any routes or link-local addresses, and instead in /etc/hostname.vio0 make sure the IPv6 address in is the public IPv6 address given by your provider (I know there's a /64, but I'm just going by the example of my own provider.) Then make sure /etc/mygate doesn't have any IPv6 addresses. Then perhaps reboot everything to make sure you've cleared out references to fe80::1, if /bin/sh /etc/netstart doesn't get everything working. My provider's configuration examples said to use -autoconfprivacy and -soii so you might try that also. But mine works with autoconfprivacy and soii. What is the output of slaacctl show interface vio0?
Re: IPv6 problems
Hi, my /etc/hostname looks exactly like you proposed: inet6 autoconf autoconfprivacy soii inet6 when i enter the default IPv6 gateway manually. I can ping stuff but don't get a reply. When I don't: "No route to host" PF is not the problem. Same results when loading pf rules that look like this: "pass log all" The ISO was uploaded by me. There is one thing that has me wondering. When looking at the output of tcpdump. In your example you told me that the host on the right site of a neighbor sol is always the router/gateway.. But when I look at the output of that i see two different addresses who are NOT fe80::1. These IPs both follow this schema "fe80:something". When I take a closer look and run tcpdump while pinging I see the following output: (With route to fe80::1%vio added and the normal hostname.vio0) 11:40:36.446539 fe80:: > ff02::1:ff00:1: icmp6: neighbor sol: who has fe80::1 This line is being repeated over and over again. I left out all the other traffic that is not related to my /64. Hm... Any ideas ? I've got a feeling that somethings wrong with that fe80::1 address... Stephan On 8/18/19 1:33 AM, freda_bundc...@nym.hush.com wrote: >> From: list >> I've restarted my VM over the official >> Webinterface but still... >> When trying to ping the gateway on fe80::1 I don't get any icmp >> echoreplies. >> What is the behavior of pf when disabled ? Is there some kind of >> default blocking rule that is still active ? > Have you tried /etc/hostname.vio0 with > inet6 autoconf autoconfprivacy soii > inet6 > > instead of specifying a LL route? > > Just in case, you could try /etc/pf.conf with only > > pass log all > > instead of disabling pf. > > Is the installion of OpenBSD provider by your VPS, or do they let > you use a custom ISO? Maybe a trial installation using a differnt > VPS but a similar configuration would indicate it's a problem with > the VPS. > >
Re: IPv6 problems
> From: list > I've restarted my VM over the official > Webinterface but still... > When trying to ping the gateway on fe80::1 I don't get any icmp > echoreplies. > What is the behavior of pf when disabled ? Is there some kind of > default blocking rule that is still active ? Have you tried /etc/hostname.vio0 with inet6 autoconf autoconfprivacy soii inet6 instead of specifying a LL route? Just in case, you could try /etc/pf.conf with only pass log all instead of disabling pf. Is the installion of OpenBSD provider by your VPS, or do they let you use a custom ISO? Maybe a trial installation using a differnt VPS but a similar configuration would indicate it's a problem with the VPS.
Re: IPv6 problems
Hi, i did specify it correctly now and the entry in my routing table is made. However that doesn't change my situation. I've restarted my VM over the official Webinterface but still... When trying to ping the gateway on fe80::1 I don't get any icmp echoreplies. When asking the provider I am given a link to the wiki and that this isn't their responsibility. What is the behavior of pf when disabled ? Is there some kind of default blocking rule that is still active ? I have no idea what to do. With kind regards, Stephan On 8/15/19 7:03 PM, Denis Fondras wrote: > On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote: >> Hi, >> >> EDIT: >> >> I have taken a look at the website of my hosting provider. >> >> My IPv6 gateway would be fe80::1. >> >> When trying to add the route manually i get "network unreachable". >> > Did you specify the output interface ? With LL addresses, you need to specify > it. > > route add -inet6 default fe80::1%vio0 > >
Re: IPv6 problems
I have taken a look at the website of my hosting provider. My IPv6 gateway would be fe80::1. When trying to add the route manually i get "network unreachable". https://marc.info/?l=openbsd-misc&m=156572276103920&w=2 SCNR
Re: IPv6 problems
On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote: > Hi, > > EDIT: > > I have taken a look at the website of my hosting provider. > > My IPv6 gateway would be fe80::1. > > When trying to add the route manually i get "network unreachable". > Did you specify the output interface ? With LL addresses, you need to specify it. route add -inet6 default fe80::1%vio0
Re: IPv6 problems
Hi, EDIT: I have taken a look at the website of my hosting provider. My IPv6 gateway would be fe80::1. When trying to add the route manually i get "network unreachable". Which leaves me puzzeled. Stephan On 8/14/19 11:08 PM, gwes wrote: > On 8/14/19 4:45 PM, freda_bundc...@nym.hush.com wrote: >> Hi, I just thought since the interface was vio that you're running in >> a virtual >> environment. Providers like Vultr say "Important Note: If you add an >> IPv6 >> subnet to an existing machine, you must restart the server via the Vultr >> control panel before IPv6 will work. Restarting via SSH or similar is >> not >> sufficient. IPv6 would not work at all until the server has been >> restarted." >> > If the provider says anything like this and the VM hasn't been hard reset > via the VM host all bets are off > >
Re: IPv6 problems
Hey, thanks for the answers, so .. I firstly got rid of the alias and the manual routes. 1.) "Can you ping your own IPv6 address ?" Yes i can. Works as expected. 2.) "tcpdump -ni vio0 -s 1500 icmp6" results in alot of "neigbor sol". 3.) "Who are you trying to ping?" I have a /64 for myself so I tried to ping google.com for example. 4.) "You must see them for your gateway" This i do not. When trying to ping google I see the echo requests for the IPv6 of google but not for my gateway. I haven't configured a gateway for IPv6 at all. That could be the problem ? Do I have to do that ? 5.) "ndp -a" I am missing the entry for my gateway completely. 6.) "netstat -s" Looks fine. No zeros. So I guess it has to do with my gateway that I haven't configured anywhere to act as one. When trying to add the gateway (which i learnt from looking at the tcpdump output) manually i get "network is unreachable". Hmm... Can you pull anything from that ? Regards, Stephan On 8/14/19 11:05 PM, gwes wrote: > > > On 8/14/19 2:36 PM, list wrote: >> My hostname.vio0 now looks like this: >> >> inet6 alias /64 >> !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio >> When doing a "ifconfig vio0" I get: >> >> vio0: flags=8843 mtu 1500 >> >> [...] >> inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1 >> inet6 prefixlen 64 > Take the "alias" out of your inet6 line in your hostname.vio0 > > Since your interface is vio0 I am assuming you are running a > guest VM on a server. I am also assuming that ip4 traffic is passing. > > Your VM server should be sending you Route Advertisement messages. > You shouldn't have to set any route yourself. Doing so will confuse > things mightily. > > Can you ping your own ipv6 address? If not something is really strange. > > If you say > # tcpdump -ni -s 1500 icmp6 > > You should eventually see (lines wrapped) > > 13:17:46.508540 fe80::669e:f3ff:feec:fc7f > ff02::1: > icmp6: router advertisement [class 0xe0] > Along with > > 13:17:19.309191 your_gateway_ip6 > 2xxx0::1: > icmp6: neighbor sol: who has 2xxx0::1 > 13:17:19.311828 2xxx0::1 > 2xxx0::2: > icmp6: neighbor adv: tgt is 2xxx0::1 [class 0xe0] > > It may take up to 20 minutes to see these messages. > > If you never see any route advertisements your server isn't configured > to give you inet6 service. > > Who are you trying to ping? Someone on your /64 or someone outside? > You must see neighbor solicitation msgs if you try to ping someone > on your /64. You must see them for your gateway if you try to ping > someone outside. Keep the tcpdump running and do the pings from > another virtual terminal. > > If you say > # ndp -a > > You should see > > Neighbor Linklayer Address Netif > Expire S Flags > your_gateway 64:9e:f3:ec:fc:7f vio0 > 4s D R > your_hostname 52:54:00:27:22:43 vio0 > permanent R l > fe80::669e:f3ff:feec:fc7f%vio0 64:9e:f3:ec:fc:7f vio0 > 23h58m18s S R > fe80::bd8b:afb3:be72:bd06%vio0 52:54:00:27:22:43 vio0 > permanent R l > > If you say > # netstat -s > Among a ***lot*** of other statistics you should see something like > ip6: > 1312572 total packets received <<< > 907754 packets for this host <<< > 1107139 packets sent from this host <<< > . > icmp6: > 640 calls to icmp6_error > Output packet histogram: > unreach: 640 > echo reply: 1328 > multicast listener report: 6 > neighbor solicitation: 137965 > neighbor advertisement: 137761 > > Input packet histogram: > echo: 1328 > router advertisement: 56998 > neighbor solicitation: 137770 > neighbor advertisement: 137956 > > . > > The netstat -s output should show nonzero in the marked lines. > > If you CAN ping hosts on your /64 and you CAN'T ping anyone else > if you CAN ping your gateway as a last resort set your default > ipv6 route via that host. > > If things still don't work, excerpts of netstat -s > and the output from ndp -an and tcpdump -ni icmp6 should be informative. > > geoff steckel > > >
Re: IPv6 problems
On 8/14/19 4:45 PM, freda_bundc...@nym.hush.com wrote: Hi, I just thought since the interface was vio that you're running in a virtual environment. Providers like Vultr say "Important Note: If you add an IPv6 subnet to an existing machine, you must restart the server via the Vultr control panel before IPv6 will work. Restarting via SSH or similar is not sufficient. IPv6 would not work at all until the server has been restarted." If the provider says anything like this and the VM hasn't been hard reset via the VM host all bets are off
Re: IPv6 problems
On 8/14/19 2:36 PM, list wrote: My hostname.vio0 now looks like this: inet6 alias /64 !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio When doing a "ifconfig vio0" I get: vio0: flags=8843 mtu 1500 [...] inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1 inet6 prefixlen 64 Take the "alias" out of your inet6 line in your hostname.vio0 Since your interface is vio0 I am assuming you are running a guest VM on a server. I am also assuming that ip4 traffic is passing. Your VM server should be sending you Route Advertisement messages. You shouldn't have to set any route yourself. Doing so will confuse things mightily. Can you ping your own ipv6 address? If not something is really strange. If you say # tcpdump -ni -s 1500 icmp6 You should eventually see (lines wrapped) 13:17:46.508540 fe80::669e:f3ff:feec:fc7f > ff02::1: icmp6: router advertisement [class 0xe0] Along with 13:17:19.309191 your_gateway_ip6 > 2xxx0::1: icmp6: neighbor sol: who has 2xxx0::1 13:17:19.311828 2xxx0::1 > 2xxx0::2: icmp6: neighbor adv: tgt is 2xxx0::1 [class 0xe0] It may take up to 20 minutes to see these messages. If you never see any route advertisements your server isn't configured to give you inet6 service. Who are you trying to ping? Someone on your /64 or someone outside? You must see neighbor solicitation msgs if you try to ping someone on your /64. You must see them for your gateway if you try to ping someone outside. Keep the tcpdump running and do the pings from another virtual terminal. If you say # ndp -a You should see Neighbor Linklayer Address Netif Expire S Flags your_gateway 64:9e:f3:ec:fc:7f vio0 4s D R your_hostname 52:54:00:27:22:43 vio0 permanent R l fe80::669e:f3ff:feec:fc7f%vio0 64:9e:f3:ec:fc:7f vio0 23h58m18s S R fe80::bd8b:afb3:be72:bd06%vio0 52:54:00:27:22:43 vio0 permanent R l If you say # netstat -s Among a ***lot*** of other statistics you should see something like ip6: 1312572 total packets received <<< 907754 packets for this host <<< 1107139 packets sent from this host <<< . icmp6: 640 calls to icmp6_error Output packet histogram: unreach: 640 echo reply: 1328 multicast listener report: 6 neighbor solicitation: 137965 neighbor advertisement: 137761 Input packet histogram: echo: 1328 router advertisement: 56998 neighbor solicitation: 137770 neighbor advertisement: 137956 . The netstat -s output should show nonzero in the marked lines. If you CAN ping hosts on your /64 and you CAN'T ping anyone else if you CAN ping your gateway as a last resort set your default ipv6 route via that host. If things still don't work, excerpts of netstat -s and the output from ndp -an and tcpdump -ni icmp6 should be informative. geoff steckel
Re: IPv6 problems
Hi, I just thought since the interface was vio that you're running in a virtual environment. Providers like Vultr say "Important Note: If you add an IPv6 subnet to an existing machine, you must restart the server via the Vultr control panel before IPv6 will work. Restarting via SSH or similar is not sufficient. IPv6 would not work at all until the server has been restarted."
Re: IPv6 problems
On Wed, Aug 14, 2019 at 08:36:45PM +0200, list wrote: > Hello, > > thanks alot for your suggestions! I really appreciate it. > > Unluckily that didn't work out. > > My hostname.vio0 now looks like this: > > inet6 alias /64 > > !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio0 > Why this LL IP as the gateway ? I guess this would work better if it was an IP not on your own machine. > > So with this gateway added I now don't get the "no route to host" when > trying to ping someone else on their IPv6. But I am not getting any > replies. > > I somehow don't get any replies. Even with pf turned off. (pfctl -d) > > I still cannot ping the issued server. Getting "no route to host" when > trying to ping it. > > Which seems logical when i just added a route. Shouldn't change anything > when trying to ping from the outside. > > Do you have any futher ideas ? > > When doing a "ifconfig vio0" I get: > > vio0: flags=8843 mtu 1500 > > lladdr > > index 1 priority 0 llprio 3 > > groups: egress > > media: Ethernet autoselect > > status: active > > inet netmask 0xfc00 broadcast > > inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1 > > inet6 prefixlen 64 > > .. Hmmm it feels like I am forgetting something. > > > I'd appreciate any suggestions ! > > > Kind regards, > > > Stephan > > On 8/13/19 10:21 PM, Jordan Geoghegan wrote: > > > > On 8/13/19 10:11 AM, Thomas Bohl wrote: > >> Hello, > >> > >>> My hostname.vio0 looks like this: > >>> > >>> > >>> dhcp > >>> > >>> inet6 alias >>> provider> 64 > >>> > >> > >> You most likely need to add a route. Add something like this to your > >> hostname file: > >> !route add -inet6 default fe80::1%vio0 > >> > >> > >> Just in case you have the same problem. For whatever reason, after a > >> reboot, I have to do this in order to get IPv6 traffic flowing: > >> ping6 -c 10 fe80::1%vio0 > >> > > or just add your gateway to your /etc/mygate file. > > > > > > >
Re: IPv6 problems
Hi, what do you mean by "a hard restart" ? There is nothing else i can do apart from restarting my OpenBSD Box.. I think I am misunderstanding you right there. Stephan On 8/14/19 9:17 PM, freda_bundc...@nym.hush.com wrote: > Hi, since your interface is vio0 your virtual service provider might > require a hard restart of your server -- separate from rebooting > from your installed OpenBSD. > > I know you disabled pf, but once it's working, I think the rules > you need to add would be something like: > > # ip6 > # man icmp6 has the types and descriptions used below > pass log on $ext_if inet6 proto icmp6 \ > to any icmp6-type \ > {133 134 135 136 137} modulate state > # rfc 4890 section 4.3 > pass log inet6 proto icmp6 icmp6-type {unreach toobig} modulate state > pass log inet6 proto icmp6 icmp6-type timex code 0 modulate state > pass log inet6 proto icmp6 icmp6-type paramprob code 1 modulate state > pass log inet6 proto icmp6 icmp6-type paramprob code 2 modulate state > pass log inet6 proto icmp6 icmp6-type echoreq modulate state > > For the hostname.vio0 file, all I have is > inet6 autoconf autoconfprivacy soii > inet6 alias > > You may also want to look at the Book of PF third edition which > mentions other relevant RFCs. > > >
Re: IPv6 problems
Hi, since your interface is vio0 your virtual service provider might require a hard restart of your server -- separate from rebooting from your installed OpenBSD. I know you disabled pf, but once it's working, I think the rules you need to add would be something like: # ip6 # man icmp6 has the types and descriptions used below pass log on $ext_if inet6 proto icmp6 \ to any icmp6-type \ {133 134 135 136 137} modulate state # rfc 4890 section 4.3 pass log inet6 proto icmp6 icmp6-type {unreach toobig} modulate state pass log inet6 proto icmp6 icmp6-type timex code 0 modulate state pass log inet6 proto icmp6 icmp6-type paramprob code 1 modulate state pass log inet6 proto icmp6 icmp6-type paramprob code 2 modulate state pass log inet6 proto icmp6 icmp6-type echoreq modulate state For the hostname.vio0 file, all I have is inet6 autoconf autoconfprivacy soii inet6 alias You may also want to look at the Book of PF third edition which mentions other relevant RFCs.
Re: IPv6 problems
Hello, thanks alot for your suggestions! I really appreciate it. Unluckily that didn't work out. My hostname.vio0 now looks like this: inet6 alias /64 !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio0 So with this gateway added I now don't get the "no route to host" when trying to ping someone else on their IPv6. But I am not getting any replies. I somehow don't get any replies. Even with pf turned off. (pfctl -d) I still cannot ping the issued server. Getting "no route to host" when trying to ping it. Which seems logical when i just added a route. Shouldn't change anything when trying to ping from the outside. Do you have any futher ideas ? When doing a "ifconfig vio0" I get: vio0: flags=8843 mtu 1500 lladdr index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect status: active inet netmask 0xfc00 broadcast inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1 inet6 prefixlen 64 ... Hmmm it feels like I am forgetting something. I'd appreciate any suggestions ! Kind regards, Stephan On 8/13/19 10:21 PM, Jordan Geoghegan wrote: > > On 8/13/19 10:11 AM, Thomas Bohl wrote: >> Hello, >> >>> My hostname.vio0 looks like this: >>> >>> >>> dhcp >>> >>> inet6 alias >> provider> 64 >>> >> >> You most likely need to add a route. Add something like this to your >> hostname file: >> !route add -inet6 default fe80::1%vio0 >> >> >> Just in case you have the same problem. For whatever reason, after a >> reboot, I have to do this in order to get IPv6 traffic flowing: >> ping6 -c 10 fe80::1%vio0 >> > or just add your gateway to your /etc/mygate file. > > >
Re: IPv6 problems
On 8/13/19 10:11 AM, Thomas Bohl wrote: Hello, My hostname.vio0 looks like this: dhcp inet6 alias 64 You most likely need to add a route. Add something like this to your hostname file: !route add -inet6 default fe80::1%vio0 Just in case you have the same problem. For whatever reason, after a reboot, I have to do this in order to get IPv6 traffic flowing: ping6 -c 10 fe80::1%vio0 or just add your gateway to your /etc/mygate file.
Re: IPv6 problems
You can also add a second line to /etc/mygate if you’re using that. > On Aug 13, 2019, at 1:11 PM, Thomas Bohl wrote: > > Hello, > >> My hostname.vio0 looks like this: >> dhcp >> inet6 alias > provider> 64 >> > > You most likely need to add a route. Add something like this to your hostname > file: > !route add -inet6 default fe80::1%vio0 > > > Just in case you have the same problem. For whatever reason, after a reboot, > I have to do this in order to get IPv6 traffic flowing: > ping6 -c 10 fe80::1%vio0 >
Re: IPv6 problems
Hello, My hostname.vio0 looks like this: dhcp inet6 alias 64 You most likely need to add a route. Add something like this to your hostname file: !route add -inet6 default fe80::1%vio0 Just in case you have the same problem. For whatever reason, after a reboot, I have to do this in order to get IPv6 traffic flowing: ping6 -c 10 fe80::1%vio0
Re: IPv6 problems
On Tue, Aug 13, 2019 at 05:25:43PM +0200, list wrote: > Hi, > > I have been trying to set up IPv6 on my OpenBSD machine. > > It is running on stable branch. > > The interface I am trying to configure IPv6 on is "vio". > > My hostname.vio0 looks like this: > > > dhcp > > inet6 alias provider> 64 > > > But I just can't get it to work. It is not reachable at all. I may not > be reached and I can't reach anybody else via IPv6. > > > I'd appreciate any help. > Perhaps you are missing a route ? > > Thank you for your time. > > > With kind regards, > > Stephan >