# ping6 operation not permitted



## tunage (Oct 21, 2015)

I can ping6 the ip on my NIC locally, but I cannot ping6 my gateway



```
[\u@r2d2:/root] # ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:19f0:7000:8945:5400:ff:fe05:3dab --> 2404:6800:400a:805::200e
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
^C
--- ipv6.l.google.com ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
```



```
[\u@r2d2:/root] # netstat -rn
Routing tables


Internet:
Destination  Gateway  Flags  Netif Expire
default  107.191.60.1  UGS  vtnet0
107.191.60.0/24  link#1  U  vtnet0
107.191.60.48  link#1  UHS  lo0
127.0.0.1  link#2  UH  lo0
169.254.0.0/16  56:00:00:05:3d:ab  US  vtnet0


Internet6:
Destination  Gateway  Flags  Netif Expire
::/96  ::1  UGRS  lo0
default  56:00:00:05:3d:ab  US  vtnet0
::1  link#2  UH  lo0
::ffff:0.0.0.0/96  ::1  UGRS  lo0
2001:19f0:7000:8945::/64  link#1  U  vtnet0
2001:19f0:7000:8945::64  link#1  UHS  lo0
2001:19f0:7000:8945:5400:ff:fe05:3dab link#1  UHS  lo0
fe80::/10  ::1  UGRS  lo0
fe80::%vtnet0/64  link#1  U  vtnet0
fe80::5400:ff:fe05:3dab%vtnet0  link#1  UHS  lo0
fe80::%lo0/64  link#2  U  lo0
fe80::1%lo0  link#2  UHS  lo0
fe80::%tun0/64  link#4  U  tun0
fe80::5029:5a67:f95a:a47e%tun0  link#4  UHS  lo0
ff01::%vtnet0/32  fe80::5400:ff:fe05:3dab%vtnet0 U  vtnet0
ff01::%lo0/32  ::1  U  lo0
ff01::%tun0/32  fe80::5029:5a67:f95a:a47e%tun0 U  tun0
ff02::/16  ::1  UGRS  lo0
ff02::%vtnet0/32  fe80::5400:ff:fe05:3dab%vtnet0 U  vtnet0
ff02::%lo0/32  ::1  U  lo0
ff02::%tun0/32  fe80::5029:5a67:f95a:a47e%tun0 U  tun0
```


```
[\u@r2d2:/root] # ifconfig
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
  options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
  ether 56:00:00:05:3d:ab
  inet6 fe80::5400:ff:fe05:3dab%vtnet0 prefixlen 64 scopeid 0x1
  inet6 2001:19f0:7000:8945:5400:ff:fe05:3dab prefixlen 64 autoconf
  inet 107.191.60.48 netmask 0xffffff00 broadcast 107.191.60.255
  inet6 2001:19f0:7000:8945::64 prefixlen 64
  nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
  media: Ethernet 10Gbase-T <full-duplex>
  status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
  options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
  inet6 ::1 prefixlen 128
  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
  inet 127.0.0.1 netmask 0xff000000
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=100<PROMISC> metric 0 mtu 33160
tun0: flags=8050<POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
  options=80000<LINKSTATE>
  inet6 fe80::5029:5a67:f95a:a47e%tun0 prefixlen 64 scopeid 0x4
  nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
  Opened by PID 1054
```


```
[\u@r2d2:/root] # cat /etc/rc.conf| curl -F 'sprunge=<-' http://sprunge.us
http://sprunge.us/GDFg
```


```
[\u@r2d2:/root] # service ipfw onestop
sysctl: unknown oid 'net.inet.ip.fw.enable': No such file or directory
sysctl: unknown oid 'net.inet6.ip6.fw.enable': No such file or directory
```


```
[\u@r2d2:/root] # route add -inet6 default -iface vtnet0
route: writing to routing socket: File exists
add net default: gateway vtnet0 fib 0: route already in table
```

rc.conf:


```
hostname="r2d2.ex-mailer.com"
sshd_enable="YES"
gateway_enable="yes"
ipv6_gateway_enable="YES"
static_routes=linklocal
route_linklocal="-net 169.254.0.0/16 -interface vtnet0"
ifconfig_vtnet0="inet 107.191.60.48 netmask 255.255.255.0"
ipv6_activate_all_interfaces="YES"
ifconfig_vtnet0_ipv6="inet6 2001:19f0:7000:8945:0001:0001:0001:0002 prefixlen 64"

crypto_load=YES
defaultrouter="107.191.60.1"
cryptodev_load=YES
aesni_load=YES
virtio_random_load=YES
ifconfig_vtnet0_ipv6="inet6 2001:19f0:7000:8945::64 prefixlen 64"
ifconfig_vtnet0="107.191.60.48 netmask 255.255.255.0"
defaultrouter="107.191.60.1"
rtsold_enable=YES
ipv6_activate_all_interfaces=YES
rtsold_flags="-aF"
apache24_enable="YES"
named_enable="YES"
mysql_enable="YES"
dovecot_enable="YES"
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
postfix_enable="YES"
apache24_enable="YES"
saslauthd_enable="YES"
spamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_clamd_enable="YES"
maiad_enable="YES"
mailman_enable="YES"
milteropendkim_enable="YES"
milteropendkim_uid="opendkim"
mailgraph_enable="YES"
swapfile="/usr/swap0"
policyd2_enable="YES"
pf_enable="NO"
#pf_rules="/home/pf.conf"
#pflog_enable="YES"
#pflog_logfile="/var/log/pflog"

#natd_enable="YES"
#natd_interface="vtnet0"
#natd_flags="-dynamic -m"
#openvpn_enable="YES"
#openvpn_config="/usr/local/etc/openvpn.conf"
#openvpn_if="tun"
#openvpn_if="tap"
```


----------



## tunage (Oct 21, 2015)

Important update:
I just ran a tcpdump IPv6 and saw traffic. Not my ping6, but the IP appears live and this is mainly a ping6 issue.


```
# tcpdump -i vtnet0 -vv ip6

17:12:37.632743 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 24) fe80::5400:ff:fe05:3dab > fe80::fc00:ff:fe05:3dab: [icmp6 sum ok] ICMP6, neighbor advertisement, length 24, tgt is r2d2.ex-mailer.com, Flags [router, solicited]
17:12:38.795797 IP6 (hlim 56, next-header UDP (17) payload length: 57) 2001:19f0:ac00:102:5054:ff:fea9:125.44215 > r2d2.ex-mailer.com.domain: [udp sum ok] 65322% [1au] NS? e-shadowsecurity.net. ar: . OPT UDPsize=1232 OK (49)
17:12:40.294209 IP6 (hlim 56, next-header UDP (17) payload length: 65) 2001:19f0:ac00:102:5054:ff:fea9:125.34231 > r2d2.ex-mailer.com.domain: [udp sum ok] 21702% [1au] AAAA? spartan.e-shadowsecurity.net. ar: . OPT UDPsize=4096 OK (57)
17:12:40.300451 IP6 (hlim 56, next-header UDP (17) payload length: 57) 2001:19f0:ac00:102:5054:ff:fea9:125.31739 > r2d2.ex-mailer.com.domain: [udp sum ok] 8695% [1au] NS? e-shadowsecurity.net. ar: . OPT UDPsize=4096 OK (49)
17:12:41.798625 IP6 (hlim 56, next-header UDP (17) payload length: 65) 2001:19f0:ac00:102:5054:ff:fea9:125.45150 > r2d2.ex-mailer.com.domain: [udp sum ok] 32270% [1au] AAAA? spartan.e-shadowsecurity.net. ar: . OPT UDPsize=1232 OK (57)
17:12:42.638938 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 32) fe80::5400:ff:fe05:3dab > fe80::fc00:ff:fe05:3dab: [icmp6 sum ok] ICMP6, neighbor solicitation, length 32, who has fe80::fc00:ff:fe05:3dab
```


----------



## tunage (Oct 21, 2015)

ICMP is not the only one having issues:


```
[\u@r2d2:/root] # dig -6 google.com

; <<>> DiG 9.10.3 <<>> -6 google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[\u@r2d2:/root] # dig -6 ipv6.google.com

; <<>> DiG 9.10.3 <<>> -6 ipv6.google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[\u@r2d2:/root] # dig google.com   

; <<>> DiG 9.10.3 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59082
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;google.com.  IN  A

;; ANSWER SECTION:
google.com.  271  IN  A  216.58.221.14

;; Query time: 0 msec
;; SERVER: 108.61.10.10#53(108.61.10.10)
;; WHEN: Wed Oct 21 18:35:07 UTC 2015
;; MSG SIZE  rcvd: 55
```


----------



## tunage (Oct 22, 2015)

some debugging info:

```
[06:25:14] <pEYEd> whats another way to ping an IPv6 address besides ping6?
[06:29:08] <Zelest> telnet -6 ?
[06:41:25] <grawity> pEYEd: mtr -6?
[06:46:29] <pEYEd> grawity: thanks. mtr doesn't help. no verbosity. my ping6 is failing and I am trying to get my machine to upchuck new leads  http://unix.stackexchange.com/questions/237624/ping6-error-operation-not-permitted
[06:55:22] <grawity> pEYEd: I'm trying to make sense of that route list
[06:55:42] <grawity> pEYEd: what do you get from `route -6 get 2404:6800:400a:805::200e`?
[06:57:12] <pEYEd> grawity:  https://bpaste.net/show/e5a36bf98d29
[06:58:02] <grawity> pEYEd: yeah that doesn't make much sense with no gateway
[06:58:12] <grawity> pEYEd: it says STATIC, how did you add the default route?
[06:59:08] <pEYEd> grawity: route add -inet6 default -iface vtnet0
[06:59:23] <grawity> pEYEd: and your gateway address is?...
[07:00:25] <pEYEd> that is supposed to come via the solicitation. I hammered vultr for 2 hrs trying to get a static from them and they said no.  o.0
[07:00:50] <grawity> pEYEd: it's not going to come via the solicitation because you added the default route *statically*
[07:01:47] <pEYEd> grawity: fyi  http://i.imgur.com/j0XyxRe.png
[07:02:00] <pEYEd> let me reboot again
[07:02:09] <grawity> as a side note, your rc.conf has many duplicat esettings
[07:04:57] <grawity> pEYEd: the suggested configuration makes sense, but you're not actually *following* it...
[07:07:39] <pEYEd> grawity:  at boot, I get  https://bpaste.net/show/f6a405369303
[07:09:38] <grawity> pEYEd: ok, try running `rtsol -D vtnet0`, what does it output?
[07:10:28] <grawity> pEYEd: though not sure what you mean by "vultr won't give a static address"; the one you get via RA is already static
[07:10:42] <pEYEd> https://bpaste.net/show/a3d567241d27
[07:11:19] <grawity> bah I had hoped it'd output something like rdisc6 on Linux
[07:11:52] <grawity> wonder if you at least have a default gateway now
[07:13:08] <pEYEd> no gateway yet  https://bpaste.net/show/a9628f6661d3
[07:17:01] <grawity> ... you know what, maybe manually add a ::/0 route via fe80::fc00:ff:fe05:3dab
[07:32:00] <pEYEd> grawity:  route: bad address: ::/0  I tried a couple of ways  route add ::/0 vtnet0 fe80::fc00:ff:fe05:3dab
[07:36:22] <pEYEd> o.0  https://bpaste.net/show/688426200af4
```


----------



## tunage (Oct 22, 2015)

```
[\u@r2d2:/root] # /etc/rc.d/netif restart && /etc/rc.d/routing restart
Stopping Network: lo0 vtnet0.
lo0: flags=8048<LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether 56:00:00:05:3d:ab
inet6 fe80::5400:ff:fe05:3dab%vtnet0 prefixlen 64 scopeid 0x1
inet6 2001:19f0:7000:8945:5400:ff:fe05:3dab prefixlen 64 autoconf
inet6 2001:19f0:7000:8945::64 prefixlen 64
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
Starting Network: lo0 vtnet0.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6c03bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether 56:00:00:05:3d:ab
inet6 fe80::5400:ff:fe05:3dab%vtnet0 prefixlen 64 scopeid 0x1
inet6 2001:19f0:7000:8945:5400:ff:fe05:3dab prefixlen 64 autoconf
inet 107.191.60.48 netmask 0xffffff00 broadcast 107.191.60.255
inet6 2001:19f0:7000:8945::64 prefixlen 64
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
route: writing to routing socket: No such process
delete net 169.254.0.0: gateway vtnet0 fib 0: not in table
route: writing to routing socket: No such process
delete net default: gateway 107.191.60.1 fib 0: not in table
delete net fe80::: gateway ::1
delete net ff02::: gateway ::1
delete net ::ffff:0.0.0.0: gateway ::1
delete net ::0.0.0.0: gateway ::1
add net 169.254.0.0: gateway vtnet0
add net default: gateway 107.191.60.1
Additional inet routing options: gateway=YES.
add net fe80::: gateway ::1
add net ff02::: gateway ::1
add net ::ffff:0.0.0.0: gateway ::1
add net ::0.0.0.0: gateway ::1
Additional inet6 routing options: gateway=YES.
[\u@r2d2:/root] # rtsol -D vtnet0
checking if vtnet0 is ready...
vtnet0 is ready
set timer for vtnet0 to 1s
New timer is 1s
timer expiration on vtnet0, state = 1
send RS on vtnet0, whose state is 2
set timer for vtnet0 to 4s
New timer is 4s
received RA from fe80::fc00:ff:fe05:3dab on vtnet0, state is 2
Processing RA
ndo = 0x607b60
ndo->nd_opt_type = 3
ndo->nd_opt_len = 4
ndo = 0x607b80
ndo->nd_opt_type = 25
ndo->nd_opt_len = 3
nsbuf = 2001:19f0:300:1704::6
ndo = 0x607b98
ndo->nd_opt_type = 5
ndo->nd_opt_len = 1
ndo = 0x607ba0
ndo->nd_opt_type = 1
ndo->nd_opt_len = 1
rsid = [vtnet0:slaac]
write to child = nameserver (11)
write to child = 2001:19f0:300:1704::6(21)
write to child =
(1)
script "/sbin/resolvconf" terminated
stop timer for vtnet0
RA expiration timer: type=25, msg=2001:19f0:300:1704::6, expire=1h0m0s
there is no timer
[\u@r2d2:/root] # ping6 ipv6.google.com
PING6(56=40+8+8 bytes) 2001:19f0:7000:8945:5400:ff:fe05:3dab --> 2404:6800:400a:804::200e
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
ping6: sendmsg: Operation not permitted
ping6: wrote ipv6.l.google.com 16 chars, ret=-1
^C
--- ipv6.l.google.com ping6 statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
```


----------



## tunage (Oct 23, 2015)

There was a conflict in the rc.conf


----------

