I do not own my own router.

One thing which exists in a big way in Canada, is that ISP subscribers own their own router. But as it happens, my router is owned by Bell and rented to me. The official reason for this, is the fact that my router also provides me with Bell Fibe TV, which contrarily to the naming, is in fact provided over IP via DSL twisted-pair wires.

This paid-for TV content is DRM, so that it is hard to imagine that any other computer enthusiasts have managed to set up their own router, and to receive Fibe TV anyway.

But this also means that I do not have the access to flash my own router. Bell can flash the router when they see a need, but I cannot. And this also means that I cannot obtain full control over this router.

Readers might think that this is an odd situation, for a person who sets up a Web-server, and an OpenVPN-server, at his home IP address. But by using IP-tables in my Linux configuration, I have been able to do precisely that. In particular, the OpenVPN-server requires an ‘IP Masquerade’ to work. But as of my last test, it does work.

But because I am a person who ‘sometimes thinks suspiciously’, I have also had ideas, about what other consequences might arise, from the router being under the control of somebody else. One thing which may happen, is that this router, which displays no options or information regarding IPv6, may get confused and start dropping clients, over repeated requests for IPv6 addresses.

The Web-interface of this router is a dumbed-down interface, which I can access, but which for my benefit, does not give me deep control over the settings. One thing which remains true however, is that in Canada, there is next to no real use of IPv6 from the side of ISPs.

Now, I have set up an IPv6 gateway, which allows my site to be fetched by way of IPv6 if this is desired. But I have also set up my ‘ip6tables‘ in such a way that any request my Server makes for an IPv6 address, gets routed to this gateway, and not to my physical Ethernet connection. It is only logical. So ‘ping6‘ works gloriously on the Server, but not on my laptop. When I do a ‘ping6‘ on my server-box, I also get to see a graphical display in my ‘gkrellm‘ monitor widget, of activity going out over my ‘teredo‘ virtual NIC, not over my real NIC.

And so I have a somewhat lopsided configuration at home, but one which does what I want it to do.

Dirk

 

Narrowing an old Problem with Teredo

I happen to have a package installed on my Linux server named ‘Phoenix’, which gives me access to IPv6 via a remote ‘Teredo’ server acting as a tunnel, and which gives me this connectivity, even though my ISP does not yet support IPv6. The Teredo server I use is not the Microsoft Teredo server, which AFAIK has been shut down by now, on the assumption that Teredo is outdated.

This Teredo connectivity presents itself to me on the user / application level, as a virtual network interface, which applications can connect to as easily as to the physical interface, but which has been implemented behind the scenes, as a translation process for data, that finally communicates over the real, physical interface. Both Linux and some Windows computers can generally do this, via the ‘TAP Device’ or ‘TUN Device’ API, which in turn needs to be supported by either kernel.

In addition to the ‘teredo’ virtual network interface, I also have another one, which is simply named ‘tun0′ on this server, and which enables my ‘OpenVPN’ server. I will not go into the details in this posting, of how to set up OpenVPN, which is a somewhat complex process documented in several other places on the Web.

But my setup effectively causes two TAP and/or TUN devices to appear as part of my network configuration by default. These two devices should not interfere which each other in principle. But by default, my ‘tun0′ interface is created during the boot process, before my ‘teredo’ interface is created.

I seem to have a glitch in my kernel, which will require that they always be destroyed in the reverse order initially created. Hence, if my ‘teredo’ interface is Up, but I next shut down my VPN, and when I next restart my VPN, the ‘teredo’ interface will fail, and will seem to lose its IP Configuration, as far as my desktop tells me, and as far as an ‘ifconfig -a‘ will confirm. Thus, I will next need to restart my Teredo service as well, in order to reestablish that.

This is a minor problem, but may have led to earlier issues, which I had thought at that time must have come from the Teredo tunneling server, which I am using. More precisely, I now think that some Teredo-related problems I was having, were actually due to log rotations which my server does.

Some of my earlier Teredo, IPv6 issues were described in This Earlier Posting. As it happens, February 13 was a Saturday, and so it is not clear how a log rotation might have caused this exact malfunction. But the problem which I now anticipate, and which would be due to my client would be as follows:

Once per month, my VPN server is given a restart scripted by me, in order to be able to close its log file and to open a new log file associated with the process. This restart can happen more or less alphabetically, without respecting any preferences that the kernel might have, for the order in which one virtual interface might be affected by the other – while neither should affect the other in principle.

It is interesting to note that my VPN configuration is created by me, while the Teredo client runs out-of-the-box, and is intended to have no log rotation, by the package maintainers.

And the result can be, that my ‘teredo’ interface goes down, leaving me with no IPv6 connectivity for the moment. I find that in practice, the ‘tun0′ interface is not affected by this fragility. And so when that happens, I need to play with my Teredo service to get it running again. And this can all happen without any knowledge, from the people who run the remote Teredo tunnel.

Dirk

 

A Potential Solution to DynDNS Update Client

This posting is about the error messages which many users of “DynDNS” Automatic Update Client have reported, and which were also preventing my own update client from doing its job. The error messages were of the form:

API Request Failed. Status 500 Method ipaddress.get

Some sources on the Web suggested this had to do with their user-names and passwords on the DynDNS server being corrupted, and performed a reset of those. Other sources reported, that if they switched the configuration of their IPv4 and IPv6 fields to ‘Static’, and then back to ‘Automatic’, they could get the updates to resume.

Unfortunately, neither of those solutions worked for me. And in order to illustrate why, and what can go wrong, I must first explain my configuration in greater detail.

I have the internal loopback interface named ‘lo’, the real interface named ‘eth0′ (which only has an invalid, LAN IPv4 address), and the virtual interface named ‘teredo’ (which offers a tunneled IPv6 address). In the configuration of my DynDNS host, on the client program version 5.2.0-2, the choices for both IPv4 and IPv6 are ‘Disable’, ‘Automatic’, ‘Local Interface’, and ‘Static’. They key to understanding the problem in my case only became obvious, when I tried to configure ‘Local Interface’. The drop-down menu only offered me the choice between interfaces ‘lo’ and ‘eth0′, with ‘lo’ being the default.

Hence, the Python script was written to disregard the virtual interfaces on my host, including the interface ‘teredo’, which is providing IPv6. And additionally, with both IP versions set to ‘Automatic’, it did not recognize which of my interfaces to use for IPv4.

The solution for me was, to set the IPv4 resolution to ‘Automatic’. Next, the only way for me to set my IPv6, is manually through ‘Static’, which I can read from the root command

ifconfig -a

Granted, to have to set my IPv6 address manually is not ideal. But what was worse, was the fact that my IPv4 was not being updated automatically, which it now knows how to do.

I hope this insight helps some other users, who may have run into this ubiquitous error message for different reasons. I don’t really see, why we wouldn’t at least want to set the ‘Interface’ manually – except for cases where that has been NATted – and I guess IPv6 resolution is meant for users, who have a ‘Native IPv6′ and not a ‘Teredo Tunnel’.

Dirk