- Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
Recent posts
#1
General Questions & Suggestions / Using he.net dns delegation sl...
Last post by mwerle - May 27, 2024, 07:25:37 PMOk, so I set up my DNS (bind9/Debian) to use the he.net slave servers, and am sending notifies to "slave.dns.het.net". I'm serving 3 domains with mostly a common configuration.
_One_ of those domains was able to be successfully delegated on he.net.
The other two keep returning "You must delegate to one or more of the slave nameservers." error; no further information as to why. One is more complicated (the primary domain, with more records, etc, the other failing one is on the same level of complexity as the one which was accepted).
Is there any way at all of figuring out why he.net is complaining about the other two domains? I figure if I'd done something fundamentally wrong, then all 3 domains would fail.
(FWIW, all 3 domains were being delegated by another provider for several years with no problems)
The pertinent configuration is:
named.conf
named.conf.options
db.<mydomain>:
Thank you,
- Micha.
_One_ of those domains was able to be successfully delegated on he.net.
The other two keep returning "You must delegate to one or more of the slave nameservers." error; no further information as to why. One is more complicated (the primary domain, with more records, etc, the other failing one is on the same level of complexity as the one which was accepted).
Is there any way at all of figuring out why he.net is complaining about the other two domains? I figure if I'd done something fundamentally wrong, then all 3 domains would fail.
(FWIW, all 3 domains were being delegated by another provider for several years with no problems)
The pertinent configuration is:
named.conf
Code Select
acl dns_slaves {
// he.net
// https://dns.he.net/
// NOTE: transfer is "slave.dns.he.net" and NOT the nameservers
216.218.133.2;
2001:470:600::2;
...
}
named.conf.options
Code Select
options {
...
notify yes;
allow-transfer { dns_slaves; };
...
}
db.<mydomain>:
Code Select
$TTL 1D
$ORIGIN <mydomain>.com.
@ IN SOA ns1 hostmaster (
...
)
...
IN NS ns1
IN NS ns2
IN NS ns1.he.net.
IN NS ns2.he.net.
IN NS ns3.he.net.
IN NS ns4.he.net.
IN NS ns5.he.net.
...
Thank you,
- Micha.
#2
IPv6 on Windows / Setting IPV6 to Windows 10 (22...
Last post by BlagoYar - May 27, 2024, 02:15:25 PMI got such settings
Teredo turned off successfully, and the second command gives "Element not found"
Code Select
netsh interface teredo set state disabled
netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel localaddress=198.92.24.79 remoteaddress=216.67.22.91
netsh interface ipv6 add address interface=IP6Tunnel address=2001:470:30:48b::2
netsh interface ipv6 add route prefix=::/0 interface=IP6Tunnel nexthop=2001:470:30:48b::1
Teredo turned off successfully, and the second command gives "Element not found"
Code Select
netsh interface ipv6 add v6v4tunnel interface="IP6Tunnel" localaddress=198.92.24.79 remoteaddress=216.67.22.91
But at the same time it gives out this error. How to correct this? #3
IPv6 on Routing Platforms / Re: Mikrotik: HE tunnel + ISP'...
Last post by wrtpoona - May 15, 2024, 09:54:25 AMI tested this some more and the issue appears to only affect failing over to the HE.net tunnel route.
Here's what I found:
If I disable the pppoe-out1 interface and reboot the router, the HE.net tunnel works
If pppoe-out1 is now brought online, it moves LAN clients off the HE.net tunnel, as expected.
However, if I now disable pppoe-out1, the HE.net tunnel takes 10-15 mins to switch to / come online for LAN clients, all IPv6 traffic fails without any ICMP messages for ping etc.
Happy to hear any tips to troubleshoot this :/
- Disabled HE's suggested (2000::/3) route with a default gw (::/0) instead, assigned it a distance of 2.
- Instead of trying to route the standard /64 prefix, I took a /64 from the /48 HE assigns and announced it via bridge0.
Here's what I found:
If I disable the pppoe-out1 interface and reboot the router, the HE.net tunnel works
If pppoe-out1 is now brought online, it moves LAN clients off the HE.net tunnel, as expected.
However, if I now disable pppoe-out1, the HE.net tunnel takes 10-15 mins to switch to / come online for LAN clients, all IPv6 traffic fails without any ICMP messages for ping etc.
Happy to hear any tips to troubleshoot this :/
#4
IPv6 on Routing Platforms / Mikrotik: HE tunnel + ISP's Na...
Last post by wrtpoona - May 14, 2024, 08:26:11 PMMy ISP provides a /64 prefix via DHCPv6 on the pppoe-out interface which I enable and configure to set a default route. I offer this via SLAAC on the LAN bridge0 interface and LAN clients receive a GUA from the /64 and IPv6 works.
I wished to use HE's routed /64 as a secondary IPv6 route with a much higher routing metric / distance.
This is the suggested configuration by HE:
This is what I setup on my router which receives a /64 (sadly no /56) via a PPPoE tunnel from my ISP:
I only change distance=15 since that is the only routing parameter used on this router for its 3 WAN uplinks.
But when the tunnel's sit0 interface goes up, LAN clients lose connectivity.
I have confirmed that disabling HE's suggested route fixes IPv6 connectivity:
Shouldn't my ISP provided IPv6 connectivity continue to work since it has a routing distance of 1, compared to 15 for the HE route?
I wished to use HE's routed /64 as a secondary IPv6 route with a much higher routing metric / distance.
This is the suggested configuration by HE:
Code Select
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=1xx.xxx.xxx.xx0 mtu=1280 name=sit1 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:35:30c::2/64 advertise=no disabled=no eui-64=no interface=sit1This is what I setup on my router which receives a /64 (sadly no /56) via a PPPoE tunnel from my ISP:
Code Select
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=1xx.xxx.xxx.xx0 mtu=1280 name=sit1 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=15 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:35:30c::2/64 advertise=no disabled=no eui-64=no interface=sit1I only change distance=15 since that is the only routing parameter used on this router for its 3 WAN uplinks.
But when the tunnel's sit0 interface goes up, LAN clients lose connectivity.
I have confirmed that disabling HE's suggested route fixes IPv6 connectivity:
Code Select
/ipv6 route add comment="" disabled=no distance=15 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10Shouldn't my ISP provided IPv6 connectivity continue to work since it has a routing distance of 1, compared to 15 for the HE route?
#5
Questions & Answers / Re: can't ping IPv6 tunnel end...
Last post by McNail - May 01, 2024, 04:18:17 AMI solved it now. The update for my dynamic IPv4 address for the my client side tunnel endpoint failed. Somehow the syntax of the Dyn-compliant Endpoint Updates changed, so my script for the update failed.
https://forums.he.net/index.php?topic=1994.0
I've now updated my script (from crontab) and now HE IPv6 tunnel is up again.
Regards
Ralf
https://forums.he.net/index.php?topic=1994.0
I've now updated my script (from crontab) and now HE IPv6 tunnel is up again.
Regards
Ralf
#6
Questions & Answers / Re: can't ping IPv6 tunnel end...
Last post by McNail - May 01, 2024, 02:51:04 AMI see with tcpdump that somehow IP protocol 41 seems to be blocked:
root@mydns(neu):/etc/network# tcpdump -nni eth0 host 216.66.80.30
11:48:34.021096 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 1, length 64
11:48:34.031283 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:35.047019 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 2, length 64
11:48:35.056647 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:36.071014 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 3, length 64
Maybe because of some update of my Fritzbox router IP protocal 41 is now blocked :-(
root@mydns(neu):/etc/network# tcpdump -nni eth0 host 216.66.80.30
11:48:34.021096 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 1, length 64
11:48:34.031283 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:35.047019 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 2, length 64
11:48:35.056647 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:36.071014 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 3, length 64
Maybe because of some update of my Fritzbox router IP protocal 41 is now blocked :-(
#7
Questions & Answers / can't ping IPv6 tunnel endpoin...
Last post by McNail - May 01, 2024, 02:29:48 AMHello,
I am using a HE IPv6 tunnel since a while on my Raspberry without issues. But since some weeks I didn't get IPv6 connections with the HE tunnel. I can ping mit local he-ipv6 interface (:2), but can't can ping the endpoint of this tunnel interface (:1), I just only get no answer.
If I ping the endpoint :1 from Internet everything is ok, but :2 (my local he-ipv6 interface) I also get no answer. The IPv4 address 216.66.80.30 of the HE tunnelserver is reachable.
I am currently a little bit lost how and where to start debugging, since creating/starting he-ipv6 interfae gives no further errors.
Regards
Ralf
I am using a HE IPv6 tunnel since a while on my Raspberry without issues. But since some weeks I didn't get IPv6 connections with the HE tunnel. I can ping mit local he-ipv6 interface (:2), but can't can ping the endpoint of this tunnel interface (:1), I just only get no answer.
If I ping the endpoint :1 from Internet everything is ok, but :2 (my local he-ipv6 interface) I also get no answer. The IPv4 address 216.66.80.30 of the HE tunnelserver is reachable.
I am currently a little bit lost how and where to start debugging, since creating/starting he-ipv6 interfae gives no further errors.
Regards
Ralf
#8
IPv6 on Routing Platforms / Re: Tunnel on G3100 Verizon Ro...
Last post by garrigan - April 30, 2024, 03:30:07 PMI can confirm the G1100 passes protocol 41. I can also confirm the G3100 does not pass protocol 41.
#9
IPv6 on Routing Platforms / Re: Tunnel on G3100 Verizon Ro...
Last post by garrigan - April 30, 2024, 03:28:19 PM #10
General Questions & Suggestions / Re: URL / Web Forwarding via D...
Last post by dewdude - April 27, 2024, 11:08:11 AMPersonally, I would just set nginx up to either full reverse proxy or 301 redirect. Full proxy would make it "mask" the forwarded address; a 301 redirect wouldn't.
This, however, would require a server to run nginx. It wouldn't need to be anything super beefy though. I don't know if anyone offering "free cloud" offers anything free enough if you're literally trying to do this for $0.
This, however, would require a server to run nginx. It wouldn't need to be anything super beefy though. I don't know if anyone offering "free cloud" offers anything free enough if you're literally trying to do this for $0.