- Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
Recent posts
#1
IPv6 on Routing Platforms / Mikrotik: HE tunnel + ISP's Na...
Last post by wrtpoona - May 14, 2024, 08:26:11 PMMy ISP provides a /64 prefix via DHCPv6 on the pppoe-out interface which I enable and configure to set a default route. I offer this via SLAAC on the LAN bridge0 interface and LAN clients receive a GUA from the /64 and IPv6 works.
I wished to use HE's routed /64 as a secondary IPv6 route with a much higher routing metric / distance.
This is the suggested configuration by HE:
This is what I setup on my router which receives a /64 (sadly no /56) via a PPPoE tunnel from my ISP:
I only change distance=15 since that is the only routing parameter used on this router for its 3 WAN uplinks.
But when the tunnel's sit0 interface goes up, LAN clients lose connectivity.
I have confirmed that disabling HE's suggested route fixes IPv6 connectivity:
Shouldn't my ISP provided IPv6 connectivity continue to work since it has a routing distance of 1, compared to 15 for the HE route?
I wished to use HE's routed /64 as a secondary IPv6 route with a much higher routing metric / distance.
This is the suggested configuration by HE:
Code Select
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=1xx.xxx.xxx.xx0 mtu=1280 name=sit1 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=1 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:35:30c::2/64 advertise=no disabled=no eui-64=no interface=sit1This is what I setup on my router which receives a /64 (sadly no /56) via a PPPoE tunnel from my ISP:
Code Select
/interface 6to4 add comment="Hurricane Electric IPv6 Tunnel Broker" disabled=no local-address=1xx.xxx.xxx.xx0 mtu=1280 name=sit1 remote-address=216.218.221.42
/ipv6 route add comment="" disabled=no distance=15 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10
/ipv6 address add address=2001:470:35:30c::2/64 advertise=no disabled=no eui-64=no interface=sit1I only change distance=15 since that is the only routing parameter used on this router for its 3 WAN uplinks.
But when the tunnel's sit0 interface goes up, LAN clients lose connectivity.
I have confirmed that disabling HE's suggested route fixes IPv6 connectivity:
Code Select
/ipv6 route add comment="" disabled=no distance=15 dst-address=2000::/3 gateway=2001:470:35:30c::1 scope=30 target-scope=10Shouldn't my ISP provided IPv6 connectivity continue to work since it has a routing distance of 1, compared to 15 for the HE route?
#2
Questions & Answers / Re: can't ping IPv6 tunnel end...
Last post by McNail - May 01, 2024, 04:18:17 AMI solved it now. The update for my dynamic IPv4 address for the my client side tunnel endpoint failed. Somehow the syntax of the Dyn-compliant Endpoint Updates changed, so my script for the update failed.
https://forums.he.net/index.php?topic=1994.0
I've now updated my script (from crontab) and now HE IPv6 tunnel is up again.
Regards
Ralf
https://forums.he.net/index.php?topic=1994.0
I've now updated my script (from crontab) and now HE IPv6 tunnel is up again.
Regards
Ralf
#3
Questions & Answers / Re: can't ping IPv6 tunnel end...
Last post by McNail - May 01, 2024, 02:51:04 AMI see with tcpdump that somehow IP protocol 41 seems to be blocked:
root@mydns(neu):/etc/network# tcpdump -nni eth0 host 216.66.80.30
11:48:34.021096 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 1, length 64
11:48:34.031283 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:35.047019 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 2, length 64
11:48:35.056647 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:36.071014 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 3, length 64
Maybe because of some update of my Fritzbox router IP protocal 41 is now blocked :-(
root@mydns(neu):/etc/network# tcpdump -nni eth0 host 216.66.80.30
11:48:34.021096 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 1, length 64
11:48:34.031283 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:35.047019 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 2, length 64
11:48:35.056647 IP 216.66.80.30 > 10.90.90.252: ICMP 216.66.80.30 protocol 41 port 48391 unreachable, length 132
11:48:36.071014 IP 10.90.90.252 > 216.66.80.30: IP6 2001:470:1f0a:911::2 > 2001:470:1f0a:911::1: ICMP6, echo request, id 34, seq 3, length 64
Maybe because of some update of my Fritzbox router IP protocal 41 is now blocked :-(
#4
Questions & Answers / can't ping IPv6 tunnel endpoin...
Last post by McNail - May 01, 2024, 02:29:48 AMHello,
I am using a HE IPv6 tunnel since a while on my Raspberry without issues. But since some weeks I didn't get IPv6 connections with the HE tunnel. I can ping mit local he-ipv6 interface (:2), but can't can ping the endpoint of this tunnel interface (:1), I just only get no answer.
If I ping the endpoint :1 from Internet everything is ok, but :2 (my local he-ipv6 interface) I also get no answer. The IPv4 address 216.66.80.30 of the HE tunnelserver is reachable.
I am currently a little bit lost how and where to start debugging, since creating/starting he-ipv6 interfae gives no further errors.
Regards
Ralf
I am using a HE IPv6 tunnel since a while on my Raspberry without issues. But since some weeks I didn't get IPv6 connections with the HE tunnel. I can ping mit local he-ipv6 interface (:2), but can't can ping the endpoint of this tunnel interface (:1), I just only get no answer.
If I ping the endpoint :1 from Internet everything is ok, but :2 (my local he-ipv6 interface) I also get no answer. The IPv4 address 216.66.80.30 of the HE tunnelserver is reachable.
I am currently a little bit lost how and where to start debugging, since creating/starting he-ipv6 interfae gives no further errors.
Regards
Ralf
#5
IPv6 on Routing Platforms / Re: Tunnel on G3100 Verizon Ro...
Last post by garrigan - April 30, 2024, 03:30:07 PMI can confirm the G1100 passes protocol 41. I can also confirm the G3100 does not pass protocol 41.
#6
IPv6 on Routing Platforms / Re: Tunnel on G3100 Verizon Ro...
Last post by garrigan - April 30, 2024, 03:28:19 PM #7
General Questions & Suggestions / Re: URL / Web Forwarding via D...
Last post by dewdude - April 27, 2024, 11:08:11 AMPersonally, I would just set nginx up to either full reverse proxy or 301 redirect. Full proxy would make it "mask" the forwarded address; a 301 redirect wouldn't.
This, however, would require a server to run nginx. It wouldn't need to be anything super beefy though. I don't know if anyone offering "free cloud" offers anything free enough if you're literally trying to do this for $0.
This, however, would require a server to run nginx. It wouldn't need to be anything super beefy though. I don't know if anyone offering "free cloud" offers anything free enough if you're literally trying to do this for $0.
#8
General Questions & Suggestions / URL / Web Forwarding via DNS
Last post by josephf - April 25, 2024, 10:21:24 PMI know that URL/Web forwarding, strictly speaking, isn't a DNS feature. Nevertheless, many DNS providers do offer this as a feature even with their (otherwise) DNS-only services. Apparently, HE does not offer this (yet) as part of its DNS service.
Acknowledging the above, for domains using HE's DNS, what would be the simplest way to create a URL forwarding?
(In other words, if example.com is using HE DNS and I want to forward http://example.com to http://yahoo.com)
Preferably (though not absolutely necessary) the ability should exist to choose whether the forward masks the forwarded address (in the browser) or it does not mask it.
It would also be nice if the full path (after the domain name) can optionally be forwarded as well, though this isn't critical.
What is important, though, is the ability to forward both the apex/root/naked domain as well as a subdomain, such as www.
Thank you in advance.
Acknowledging the above, for domains using HE's DNS, what would be the simplest way to create a URL forwarding?
(In other words, if example.com is using HE DNS and I want to forward http://example.com to http://yahoo.com)
Preferably (though not absolutely necessary) the ability should exist to choose whether the forward masks the forwarded address (in the browser) or it does not mask it.
It would also be nice if the full path (after the domain name) can optionally be forwarded as well, though this isn't critical.
What is important, though, is the ability to forward both the apex/root/naked domain as well as a subdomain, such as www.
Thank you in advance.
#9
General Questions & Suggestions / Re: IPV6 PTR record
Last post by dizik - April 19, 2024, 07:33:40 AMEverything is set up. It's just that the zone delegation was late.
#10
General Questions & Suggestions / IPV6 PTR record
Last post by dizik - April 18, 2024, 10:42:35 AMIs this PTR record correct?
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.a.5.a.5.0.7.4.0.1.0.0.2.ip6.arpa.anonimous.ru. 172800 IN PTR anonimous.ru.
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.0.0.0.a.5.a.5.0.7.4.0.1.0.0.2.ip6.arpa.anonimous.ru. 172800 IN PTR anonimous.ru.