• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Google forcing ReCAPTCHA on all searches from my HE assigned IPv6 address

Started by cshilton, May 31, 2023, 01:58:14 PM

Previous topic - Next topic


support advises to switch to /48 to avoid google bans in future.


Quote from: anzial on July 12, 2023, 04:02:38 AMsupport advises to switch to /48 to avoid google bans in future.

Well, the thing is, we've already been using /48s everywhere before this happened. Anyway, seems to be working for now.


Quote from: anzial on July 12, 2023, 04:02:38 AMsupport advises to switch to /48 to avoid google bans in future.

Do you mean block outbound connections to Google at the xxxx:yyyy:zzzz::/48 level? Or, are you saying that Google has not banned Hurricane Electric at the 2001:470::/32 level and a tunnelbroker 2001:470:xxxx::/48 customer assignment may not be in the banned range? I ask because as I understand it, Netflix is flagging anything from 2001:470::/32 as coming from via a proxy. I understand that they are two different companies here but I compare Google and Netflix because both are implementing a control policy for communications coming into into their network. I had made the possibly wrong assumption that Google is blocking 2001:470::/32.


can't tell you the precise wording about /48 subnet from support, the effing google now signed me out of my email account and forcing to wait for a restore email (it happened after I tried to setup /48), but yeah, it was something about google banning whole subnets but /48 might reduce chances of it happening in future to a specific user as opposed to using /64.


It seems that Google fixed it, I can now access google.com search without any captchas and without error 403.


I was getting the captcha for a while but it stopped but today I got the following email from HE Support:


Your tunnel has been seen as a source of automated google-services scripting behavior without adhering to Google's /robot.txt file.

Please stop all automated or non-human activities google's services through our tunnel services or your account will be disabled/removed.

Please let me know if you have any questions.


Hurricane Electric Support

I've replied back asking for the IPs but I don't have anything configured to use google-services and I'm pretty sure I don't have any malware doing it.  Has anyone else seen this?


Support responded, Google is only giving them the /64 subnet but not the actual IP.  Google is being very agressive which is hypocritical because their bots don't honor /robots.txt.

I just blocked any outgoing IPv6 traffic to Google's /32.


I too got an email asking to stop all automated or non-human activities toward Google's services. I asked for more details as there should be no such thing on my network and in fact, most devices are configured to use DuckDuckGo anyway.


I have a theory. I wonder if all this is happening because a lot of GeoIP databases get our Geo's wrong. For me, I show up as RUSSIA.


well, it took mere 2 months for this to start all over again. Just recaptcha for now, full ban will follow probably again. Worked fine just 12 hours ago.



Опять началось. школьные автобусы, велосипеды и пешеходные переходы


I have to #metoo this.
I tried amsterdam and london tunnel servers. Both give me google captcha.
Google is not prepared for ipv6.
They censor.


Quote from: michielbruijn on September 06, 2023, 08:18:03 AMGoogle is not prepared for ipv6.
They censor.
They simply block huge ranges of addresses they don't like - without a reason.
I switched to another search engine - not only because of that.
Other Google Services seem to work.


Quote from: michielbruijn on September 06, 2023, 08:18:03 AMGoogle is not prepared for ipv6.
They censor.

Considering that Google is likely the largest provider that actually supports IPv6 (as Amazon AWS doesn't even fully support it yet across all of their services), this is a patently false statement. Also, "they censor" does not mean what you seem to think it means here.

The problem, as far as things seem to go, is that malicious actors are making use of HE's tunnelbroker service, and Google's viewpoint is likely that it's easier to tarpit (by way of reCAPTCHA, in this case) 2001:470::/32 than to play whack-a-mole.

It's in no way dissimilar to how practically every known Tor exit node is also similarly hit with a tarpit, if not outright blocked by some services - in order to block bad actors. That's not censorship, that's network management.

With respect to persons abusing HE.net's IPv6 TunnelBroker service, this is an issue that HE.net needs to resolve. The problem is that their absolute silence on this forum for months has been deafening; and if their interactions - or rather lack thereof - on this board given that this thread alone has been going since May are any indication of the response they've probably given to Google, then it is no wonder that Google took such an action. We all get to feel the ramifications of that.

Side note, for anyone running their own DNS, or who wants to disable IPv6 to Google, either of these two comments will help:

* https://forums.he.net/index.php?msg=23250
* https://forums.he.net/index.php?msg=23251