You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Michael Ravits was having problems pinging their lighthouse, and it seemed like the lighthouse was reporting a local ipv4 address that it was trying to use
@wadey recommended using local_allow_list to deny the offending ipv4 address that isn't globally available, also recommended using tcpdump to double-check that packets were routed correctly
I, @jasikpark suggested setting logging.level to debug and we got some logs that showed Error while evaluating outbound packet, packet is not ipv4, type: 6.
@wadey asked if Michael was forcing ipv6 over the tunnel in the ping, since nebula networks are ipv4 only on the overlay, but nebula will translate that to an ipv6 packet on the underlay, but Michael was using ping -4 -I nebula1 192.168.100.1.
after seeing that the tunnel state was good, @wadey suggested that iptables might be blocking ipv4 and Michael discovered, to their woe, that they had denied-all ipv4.
TLDR: make sure you allow ipv4 packets to the nebula interface when using nebula!
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Copying from the OSS Slack for visibility:
https://definednetworking.slack.com/archives/CS01XE0KZ/p1665010733803339 - Join the Nebula OSS Slack
Michael Ravits was having problems pinging their lighthouse, and it seemed like the lighthouse was reporting a local ipv4 address that it was trying to use
@wadey recommended using
local_allow_listto deny the offending ipv4 address that isn't globally available, also recommended usingtcpdumpto double-check that packets were routed correctlyI, @jasikpark suggested setting
logging.leveltodebugand we got some logs that showedError while evaluating outbound packet, packet is not ipv4, type: 6.@wadey asked if Michael was forcing ipv6 over the tunnel in the ping, since nebula networks are ipv4 only on the overlay, but nebula will translate that to an ipv6 packet on the underlay, but Michael was using
ping -4 -I nebula1 192.168.100.1.after seeing that the tunnel state was good, @wadey suggested that iptables might be blocking ipv4 and Michael discovered, to their woe, that they had denied-all ipv4.
TLDR: make sure you allow ipv4 packets to the nebula interface when using nebula!
Beta Was this translation helpful? Give feedback.
All reactions