Operation not permitted on ping6 after mip6d establishes MIPv6 tunnel

Question

I'm very much out of ideas here: I run mobile IPv6 on Ubuntu oneiric, with a simple fixed-address setup.

mip6d establishes a tunnel, but as soon as the tunnel establishes I lose all network connectivity. I cannot ping, I cannot telnet/ssh, existing connections die, and even ping6 ::1 gives "Operation not permitted". I also have other network interfaces and I lose network on those as well.

There is no Firewall, no ip6tables rules that deny or drop anything, ufw is disabled, and I am running as root.

If I misconfigure MIPv6 so that it fails to establish the tunnel, this doesn't happen and I can ping and everything.

Home agent is 2001:db8:aaaa::4 Mobile node is 2001:db8:aaaa::2

As soon as I kill mip6d I can ping again, both external stuff and ::1, but I can't for the life of me understand why I lose everything when the tunnel is up, even on other network interfaces.

This issue is really a big problem for me right now and I appreciate any helpful pointers or hints.

mip6d is v2.0.2-umip-0.4

This is my home agent config:

#mip6d.conf : A basic Home Agent example
NodeConfig HA;
DebugLevel 10;
DoRouteOptimizationCN disabled;

Interface "eth1";
UseMnHaIPsec disabled;

IPsecPolicySet {
HomeAgentAddress 2001:db8:aaaa::4;
HomeAddress 2001:db8:aaaa::2/64;

IPsecPolicy HomeRegBinding UseESP;
IPsecPolicy TunnelMh UseESP;
}

This is my mobile node:

# mip6d.conf : A basic Mobile Node example  
NodeConfig MN;
DebugLevel 10;
DoRouteOptimizationCN enabled;

Interface "eth1";
UseMnHaIPsec disabled;  

DoRouteOptimizationMN enabled;
UseCnBuAck enabled;

MnHomeLink "eth1" {
                HomeAgentAddress 2001:db8:aaaa::4;
                HomeAddress 2001:db8:aaaa::2/64;
}

This is the log output of mip6d on the mobile node:

Tue Oct  2 18:08:30 main: MIPL Mobile IPv6 for Linux started in debug mode
Tue Oct  2 18:08:30 conf_show: config_file = /usr/local/etc/mip6d.conf
Tue Oct  2 18:08:30 conf_show: mip6_entity = 1
Tue Oct  2 18:08:30 conf_show: debug_level = 10
Tue Oct  2 18:08:30 conf_show: debug_log_file = /opt/workspace/scripts/MN/mn.log
Tue Oct  2 18:08:30 conf_show: PolicyModulePath = [internal]
Tue Oct  2 18:08:30 conf_show: DefaultBindingAclPolicy = 0
Tue Oct  2 18:08:30 conf_show: NonVolatileBindingCache = disabled
Tue Oct  2 18:08:30 conf_show: KeyMngMobCapability = disabled
Tue Oct  2 18:08:30 conf_show: UseMnHaIPsec = disabled
Tue Oct  2 18:08:30 conf_show: MnMaxHaBindingLife = 262140
Tue Oct  2 18:08:30 conf_show: MnMaxCnBindingLife = 420
Tue Oct  2 18:08:30 conf_show: MnRouterProbes = 0
Tue Oct  2 18:08:30 conf_show: MnRouterProbeTimeout = 0.000000
Tue Oct  2 18:08:30 conf_show: InitialBindackTimeoutFirstReg = 1.500000
Tue Oct  2 18:08:30 conf_show: InitialBindackTimeoutReReg = 1.000000
Tue Oct  2 18:08:30 conf_show: UseCnBuAck = enabled
Tue Oct  2 18:08:30 conf_show: DoRouteOptimizationMN = enabled
Tue Oct  2 18:08:30 conf_show: MnUseAllInterfaces = disabled
Tue Oct  2 18:08:30 conf_show: MnDiscardHaParamProb = disabled
Tue Oct  2 18:08:30 conf_show: SendMobPfxSols = enabled
Tue Oct  2 18:08:30 conf_show: OptimisticHandoff = disabled
Tue Oct  2 18:08:30 conf_show: MobRtrUseExplicitMode = enabled
Tue Oct  2 18:08:30 conf_show: SendMobPfxAdvs = enabled
Tue Oct  2 18:08:30 conf_show: SendUnsolMobPfxAdvs = enabled
Tue Oct  2 18:08:30 conf_show: MaxMobPfxAdvInterval = 86400
Tue Oct  2 18:08:30 conf_show: MinMobPfxAdvInterval = 600
Tue Oct  2 18:08:30 conf_show: HaMaxBindingLife = 262140
Tue Oct  2 18:08:30 conf_show: HaAcceptMobRtr = disabled
Tue Oct  2 18:08:30 conf_show: DoRouteOptimizationCN = enabled
Tue Oct  2 18:08:30 xfrm_cn_init: Adding policies and states for CN
Tue Oct  2 18:08:30 xfrm_mn_init: Adding policies and states for MN
Tue Oct  2 18:08:30 conf_home_addr_info: HoA address 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:30 conf_home_addr_info: HA address 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:30 __tunnel_add: created tunnel ip6tnl1 (11) from 2001:db8:aaaa:0:0:0:0:2 to 2001:db8:aaaa:0:0:0:0:4 user count 1
Tue Oct  2 18:08:30 conf_home_addr_info: Home address 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:30 flag_hoa: set HoA 2001:db8:aaaa:0:0:0:0:2/128 iif 11 flags 12 preferred_time 4294967295 valid_time 4294967295
Tue Oct  2 18:08:30 conf_home_addr_info: Added new home_addr_info successfully
Tue Oct  2 18:08:30 __md_discover_router: discover link on iface eth1 (4)
Tue Oct  2 18:08:30 md_change_default_router: add new router fe80:0:0:0:219:99ff:feca:ac6d on interface eth1 (4)
Tue Oct  2 18:08:30 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:31 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:31 mn_move: 1775
Tue Oct  2 18:08:31 mn_move: in foreign net
Tue Oct  2 18:08:31 mn_block_rule_add: blackhole is already set.
Tue Oct  2 18:08:31 mn_send_home_bu: 792
Tue Oct  2 18:08:31 mn_get_home_lifetime: CoA lifetime 86398 s, HoA lifetime 4294967295 s, BU lifetime 86396 s
Tue Oct  2 18:08:31 mn_ro_pol_add: Adding default RO triggering policies for all Correspondent Nodes
Tue Oct  2 18:08:31 process_first_home_bu: New bule for HA
Tue Oct  2 18:08:31 bul_add: Adding bule
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 1500
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK 
Tue Oct  2 18:08:31 mn_send_home_bu: New bule for HA
Tue Oct  2 18:08:31 mh_send: sending MH type 5
from 2001:db8:aaaa:0:0:0:0:2
to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:31 mh_send: local CoA 2001:db8:eeee:0:219:99ff:feca:acc7
Tue Oct  2 18:08:31 bul_update_timer: Updating timer
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 1500
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK 
Tue Oct  2 18:08:31 tunnel_mod: modifying tunnel 11 end points with from 2001:db8:eeee:0:219:99ff:feca:acc7 to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:31 __tunnel_mod: modified tunnel iface ip6tnl1 (11)from 2001:db8:eeee:0:219:99ff:feca:acc7 to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:31 icmp6_parse_data: HAO 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:33 bu_resend: Bul resend [0x9746298] type 0
Tue Oct  2 18:08:33 mn_get_home_lifetime: CoA lifetime 86398 s, HoA lifetime 4294967295 s, BU lifetime 86396 s
Tue Oct  2 18:08:33 mh_send: sending MH type 5
from 2001:db8:aaaa:0:0:0:0:2
to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:33 mh_send: local CoA 2001:db8:eeee:0:219:99ff:feca:acc7
Tue Oct  2 18:08:33 bul_update_timer: Updating timer
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 3000
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK
Tue Oct  2 18:08:33 icmp6_parse_data: HAO 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:33 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:36 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:36 bu_resend: Bul resend [0x9746298] type 0
Tue Oct  2 18:08:36 mn_get_home_lifetime: CoA lifetime 86399 s, HoA lifetime 4294967295 s, BU lifetime 86396 s
Tue Oct  2 18:08:36 mh_send: sending MH type 5
from 2001:db8:aaaa:0:0:0:0:2
to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:36 mh_send: local CoA 2001:db8:eeee:0:219:99ff:feca:acc7
Tue Oct  2 18:08:36 bul_update_timer: Updating timer
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 6000
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK 
Tue Oct  2 18:08:36 icmp6_parse_data: HAO 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:38 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:39 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:42 bu_resend: Bul resend [0x9746298] type 0
Tue Oct  2 18:08:42 mn_get_home_lifetime: CoA lifetime 86397 s, HoA lifetime 4294967295 s, BU lifetime 86396 s
Tue Oct  2 18:08:42 mh_send: sending MH type 5
from 2001:db8:aaaa:0:0:0:0:2
to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:42 mh_send: local CoA 2001:db8:eeee:0:219:99ff:feca:acc7
Tue Oct  2 18:08:42 bul_update_timer: Updating timer
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 12000
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK
Tue Oct  2 18:08:42 icmp6_parse_data: HAO 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:42 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:44 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:46 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:49 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:51 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:52 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:54 bu_resend: Bul resend [0x9746298] type 0
Tue Oct  2 18:08:54 mn_get_home_lifetime: CoA lifetime 86398 s, HoA lifetime 4294967295 s, BU lifetime 86396 s
Tue Oct  2 18:08:54 mh_send: sending MH type 5
from 2001:db8:aaaa:0:0:0:0:2
to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:08:54 mh_send: local CoA 2001:db8:eeee:0:219:99ff:feca:acc7
Tue Oct  2 18:08:54 bul_update_timer: Updating timer
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 24000
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK 
Tue Oct  2 18:08:54 icmp6_parse_data: HAO 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:08:55 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:56 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:08:59 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:02 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:03 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:06 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:07 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:09 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:11 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:12 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:14 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:16 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:18 bu_resend: Bul resend [0x9746298] type 0
Tue Oct  2 18:09:18 mn_get_home_lifetime: CoA lifetime 86398 s, HoA lifetime 4294967295 s, BU lifetime 86396 s
Tue Oct  2 18:09:18 mh_send: sending MH type 5
from 2001:db8:aaaa:0:0:0:0:2
to 2001:db8:aaaa:0:0:0:0:4
Tue Oct  2 18:09:18 mh_send: local CoA 2001:db8:eeee:0:219:99ff:feca:acc7
Tue Oct  2 18:09:18 bul_update_timer: Updating timer
== BUL_ENTRY ==
Home address    2001:db8:aaaa:0:0:0:0:2
Care-of address 2001:db8:eeee:0:219:99ff:feca:acc7
CN address      2001:db8:aaaa:0:0:0:0:4
lifetime = 86396,  delay = 32000
flags: IP6_MH_BU_HOME IP6_MH_BU_ACK 
Tue Oct  2 18:09:18 icmp6_parse_data: HAO 2001:db8:aaaa:0:0:0:0:2
Tue Oct  2 18:09:18 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:20 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:21 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:23 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:26 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:28 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:30 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:31 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:34 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:37 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:39 md_update_router_stats: Adding CoA 2001:db8:eeee:0:219:99ff:feca:acc7 on interface (4)
Tue Oct  2 18:09:40 terminate: got SIGINT, exiting

This is ifconfig:

eth0  Link encap:Ethernet  Hardware Adresse 00:19:99:d4:b9:c2  
      inet6-Adresse: 2001:db8:ffff::5/64 Gültigkeitsbereich:Global
      inet6-Adresse: fe80::219:99ff:fed4:b9c2/64 Gültigkeitsbereich:Verbindung
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
      RX packets:391 errors:0 dropped:0 overruns:0 frame:0
      TX packets:386 errors:0 dropped:0 overruns:0 carrier:0
      Kollisionen:0 Sendewarteschlangenlänge:1000 
      RX bytes:160205 (160.2 KB)  TX bytes:53660 (53.6 KB)
      Interrupt:20 Speicher:f7d00000-f7d20000 

eth1  Link encap:Ethernet  Hardware Adresse 00:19:99:ca:ac:c7  
      inet6-Adresse: fe80::219:99ff:feca:acc7/64 Gültigkeitsbereich:Verbindung
      inet6-Adresse: 2001:db8:eeee:0:219:99ff:feca:acc7/64 Gültigkeitsbereich:Global
      UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
      RX packets:1414 errors:0 dropped:0 overruns:0 frame:0
      TX packets:159 errors:0 dropped:0 overruns:0 carrier:0
      Kollisionen:0 Sendewarteschlangenlänge:1000 
      RX bytes:224340 (224.3 KB)  TX bytes:29363 (29.3 KB)
      Speicher:f7ca0000-f7cc0000 

ip6tnl1   Link encap:UNSPEC  Hardware Adresse 20-01-0D-B8-EE-EE-00-00-00-00-00-00-00-00-00-00  
      inet6-Adresse: fe80::219:99ff:fed4:b9c2/64 Gültigkeitsbereich:Verbindung
      inet6-Adresse: 2001:db8:aaaa::2/128 Gültigkeitsbereich:Global
      UP PUNKTZUPUNKT RUNNING NOARP  MTU:1460  Metrik:1
      RX packets:0 errors:0 dropped:0 overruns:0 frame:0
      TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
      Kollisionen:0 Sendewarteschlangenlänge:0 
      RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo    Link encap:Lokale Schleife  
      inet Adresse:127.0.0.1  Maske:255.0.0.0
      inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
      UP LOOPBACK RUNNING  MTU:16436  Metrik:1
      RX packets:3596 errors:0 dropped:0 overruns:0 frame:0
      TX packets:3596 errors:0 dropped:0 overruns:0 carrier:0
      Kollisionen:0 Sendewarteschlangenlänge:0 
      RX bytes:281748 (281.7 KB)  TX bytes:281748 (281.7 KB)

ip6tables:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination          

ip -6 routes:

2001:db8:aaaa::2 dev ip6tnl1  proto kernel  metric 256 
2001:db8:eeee::/64 dev eth1  proto kernel  metric 256  expires 86410sec
2001:db8:ffff::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev eth1  proto kernel  metric 256 
fe80::/64 dev eth0  proto kernel  metric 256 
fe80::/64 dev ip6tnl1  proto kernel  metric 256 
default via fe80::219:99ff:feca:ac6d dev eth1  proto ra  metric 1023  

Answer 1

In response to my own question:

I was able to "fix" this issue. Turns out that as soon as the connection is actually successful, everything works. I had a router on the path between HA and MN which wasn't configured correctly, and while the tunnel was created on the MN, the Binding Update never reached the HA.

Now, I was unable to reproduce the actual error on slackware. However, on Ubuntu the network stack was pretty much kablooey until the tunnel was established and MIPV6 was operational.

During moves of the MN, the same issue pops up - you cannot ping or establish any network connection whatsoever - but as soon as the move is completed, everything works again.

Really peculiar. I'm inclined to believe this to be some issue with Ubuntu 11.10