Hi all,
since a couple of months I have been experiencing this problem that connectivity to Hurricane Electric (he.net) is not really working. While the tunnel is being connected and according to logfiles everything looks just fine, IPv6 connectivity is not going up. After a few hours (sometimes after a few days or never) connectivity will magically go up until the next system reboot.
Firmware version: 9.350-12
Pattern version: 90271
I have not always had this problem, this got introduced sometime in the middle of the year, probably with a new firmware version. There is no configuration problems with the he.net tunnel, Also, it works just fine when changing the endpoint IP at tunnelbroker.net and then trying from a linux client behind the Sophos UTM.
IPv6 Logfiles on Sophos look fine:
2015:10:31-19:43:00 firewall hurricane[3882]: User ID
2015:10:31-19:43:00 firewall hurricane[3882]: Found Tunnel
2015:10:31-19:43:02 firewall hurricane[3882]: Tunnel
2015:10:31-19:43:02 firewall hurricane[3882]: IPv4 -
2015:10:31-19:43:02 firewall hurricane[3882]: IPv6 -
2015:10:31-19:43:02 firewall hurricane[3882]: Network ::/64
2015:10:31-19:43:02 firewall hurricane[3882]: Network ::/48
2015:10:31-19:43:03 firewall hurricane[3882]: No Update Key found
2015:10:31-19:43:08 firewall hurricane[3882]: Setting tunnel to AUTO
2015:10:31-19:43:08 firewall hurricane[3882]: +OK: Tunnel endpoint updated to:
Logging onto the Sophos UTM via SSH to debug this problem yields the following results:
a) interface he.net exists and is up
he.net Link encap:IPv6-in-IPv4
inet6 addr: /64 Scope:Global
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:438 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:448 (448.0 b) TX bytes:38649 (37.7 Kb)
b) the local he.net interface v6 IP can be pinged
c) the v4 IP of the tunnel endpoint can be pinged
d) the remote IPv6 address (he.net v6 transfer net) can not be pinged
e) ping6 to Google does not work either
f) no suspicious log entries in firewall log
# ping6 Google
PING www.google.de(muc03s07-in-x17.1e100.net) 56 data bytes
--- Google ping statistics ---
77 packets transmitted, 0 received, 100% packet loss, time 76183ms
This means that basic IPv6 connectivity does not work. Trying to find a cause in ip6/ip routes or in ip6tables/iptables yielded no immediate results. Results do not change if I set an allow any to any rule within the firewall.
Flushing iptables and ip6tables and setting INPUT, FORWARD and OUTPUT to ACCEPT also does not help so it does not seem to be a firewalling issue. I reapplied the tunnelbroker settings and advanced settings, I switched tunnel broker temporarily, re-enabled Tunnel broker and IPv6 multiple times and still did not yield any positive results. Trying to change the endpoint IP at tunnelbroker.net and then changing it back also did not help.
Finally I just now rebooted the Sophos UTM to make sure all iptables rules get reloaded. And now it suddenly works. This problem remains a mystery and next time i reboot the system I risk the problem to be coming back. This is something I would really like to see addressed. Please advise.
This thread was automatically locked due to age.
