Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Replies 19 replies
  • Subscribers 0 subscribers
  • Views 10757 views
  • Users 0 members are here
Options
Suggested

[8.940][BUG] IPv6 randomly becomes unresponsive.

sjorge
Split off from https://community.sophos.com/products/unified-threat-management/astaroorg/f/75/t/64185

Short summery:
IPv6 randomly stops working (all traffic).
Tunnel is up according to webgui but now traffic seems to flow out of it. (Not even ICMP)
Parents
  • 0
    Just check if IPv6 from the ASG works, and if yes, check the above steps on your workstation.

    The ICMP error message was generated from your workstation, so currently I would assume
    that the IPv6 connectivity between ASG and Workstation was broken, e.g. Neighbour discovery failed  or no IPv6 default gateway was set.

    Cheers
     Ulrich
Reply
  • 0
    Just check if IPv6 from the ASG works, and if yes, check the above steps on your workstation.

    The ICMP error message was generated from your workstation, so currently I would assume
    that the IPv6 connectivity between ASG and Workstation was broken, e.g. Neighbour discovery failed  or no IPv6 default gateway was set.

    Cheers
     Ulrich
Children
  • 0 in reply to da_merlin
    I'm having the issue currently: 
    sjorge@force ~ $ ip -6 route show default

    default via 2001:6f8:1480:30::1 dev eth0  metric 1024

    sjorge@force ~ $ ip -6  neigh

    2001:6f8:1480:30::1 dev eth0 lladdr 00:0c:29:36:9c:1a router STALE

    sjorge@force ~ $ ping6 2001:6f8:1480:30::1

    PING 2001:6f8:1480:30::1(2001:6f8:1480:30::1) 56 data bytes

    64 bytes from 2001:6f8:1480:30::1: icmp_seq=1 ttl=255 time=2.65 ms

    64 bytes from 2001:6f8:1480:30::1: icmp_seq=2 ttl=255 time=1.60 ms

    ^C

    --- 2001:6f8:1480:30::1 ping statistics ---

    2 packets transmitted, 2 received, 0% packet loss, time 1001ms

    rtt min/avg/max/mdev = 1.607/2.131/2.655/0.524 ms

    sjorge@force ~ $ ping6 blackdot.be

    PING blackdot.be(cl-357.phx-01.us.sixxs.net) 56 data bytes

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=1 ttl=52 time=214 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=2 ttl=52 time=213 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=3 ttl=52 time=214 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=4 ttl=52 time=212 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=5 ttl=52 time=213 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=6 ttl=52 time=214 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=7 ttl=52 time=213 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=8 ttl=52 time=213 ms

    64 bytes from cl-357.phx-01.us.sixxs.net: icmp_seq=9 ttl=52 time=213 ms


    Yet both surfing to blackdot.be or ssh'ing will time out??

    This does not just happen on 1 server,
    Both force (irc), energy (misc), clarkdale (workstation) show this. restarting Them does not work. Disabling the tunnel on ASG... waiting a few seconds and enabling it again does work... but thats kind of cumbersum. 

    jorge@force ~ $ ssh -v blackdot.be

    OpenSSH_5.9p1, OpenSSL 1.0.0g 18 Jan 2012

    debug1: Reading configuration data /etc/ssh/ssh_config

    debug1: Connecting to blackdot.be [2001:1938:81:164::2] port 22.

    debug1: connect to address 2001:1938:81:164::2 port 22: Connection timed out

    debug1: Connecting to blackdot.be [173.230.157.252] port 22.

    debug1: Connection established.

    debug1: identity file /home/sjorge/.ssh/id_rsa type 1

    debug1: identity file /home/sjorge/.ssh/id_rsa-cert type -1

    debug1: identity file /home/sjorge/.ssh/id_dsa type -1

    debug1: identity file /home/sjorge/.ssh/id_dsa-cert type -1

    debug1: identity file /home/sjorge/.ssh/id_ecdsa type -1

    debug1: identity file /home/sjorge/.ssh/id_ecdsa-cert type -1

    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8p1-hpn13v10

    debug1: match: OpenSSH_5.8p1-hpn13v10 pat OpenSSH*

    debug1: Enabling compatibility mode for protocol 2.0

    debug1: Local version string SSH-2.0-OpenSSH_5.9

    debug1: SSH2_MSG_KEXINIT sent

    debug1: SSH2_MSG_KEXINIT received

    debug1: kex: server->client aes128-ctr hmac-md5 none

    debug1: kex: client->server aes128-ctr hmac-md5 none

    debug1: sending SSH2_MSG_KEX_ECDH_INIT

    debug1: expecting SSH2_MSG_KEX_ECDH_REPLY

    debug1: Server host key: ECDSA 32:26:e5:3d:8e:78:a2:37:aa:e3:9f:3b:aa:01:c2:98

    debug1: Host 'blackdot.be' is known and matches the ECDSA host key.

    debug1: Found key in /home/sjorge/.ssh/known_hosts:13

    debug1: ssh_ecdsa_verify: signature correct

    debug1: SSH2_MSG_NEWKEYS sent

    debug1: expecting SSH2_MSG_NEWKEYS

    debug1: SSH2_MSG_NEWKEYS received

    debug1: Roaming not allowed by server

    debug1: SSH2_MSG_SERVICE_REQUEST sent

    debug1: SSH2_MSG_SERVICE_ACCEPT received

    debug1: Authentications that can continue: publickey,keyboard-interactive

    debug1: Next authentication method: publickey

    debug1: Offering RSA public key: /home/sjorge/.ssh/id_rsa

    debug1: Authentications that can continue: publickey,keyboard-interactive

    debug1: Trying private key: /home/sjorge/.ssh/id_dsa

    debug1: Trying private key: /home/sjorge/.ssh/id_ecdsa

    debug1: Next authentication method: keyboard-interactive

    Password:


    I will reset the tunnel once I get home, so if you want to look at the ASG It should be in this broken state till around 17.00ish
Unfiltered HTML