Greetings,
I tend to block ICMP inbound for security purposes, but obviously this causes problems with HE. I would like to know what IP address or range I would need to whitelist for ICMP in order to ensure your systems would be able to successfully ping me for the purpose of deciding to keep the tunnel open.
Obviously I would like to limit this range as much as possible. I was not sure if it was perhaps just the server I was connecting to that took care of this issue, or if there were other servers involved in the verification as well. Any and all assistance is appreciated.
You only need to allow the IP of the tunnel you're connecting to.
You only need to allow it when you first setup your tunnel; there's no use for it on the HE side after that.
Actually, there is (continued HE use). That's how the top 20 tunnel latency list per tunnel server is generated.
You should make sure to allow 66.220.2.74 to ping you so we can verify that the IPv4 address is reachable and up.
As for the Top 20 lists, those are all IPv6 pings, so make sure you aren't filtering out IPv6 ICMP which honestly you shouldn't do anyways.