Hurricane Electric's IPv6 Tunnel Broker Forums

Tunnelbroker.net Specific Topics => Questions & Answers => Topic started by: realdreams on January 30, 2012, 12:19:20 PM

Title: Can I establish a tunnel with external ip not pingable?
Post by: realdreams on January 30, 2012, 12:19:20 PM
My ISP blocks external ping(along with many other things so that users can't run server...) Not really anything I can do about it. Is there still a way to establish a tunnel?
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: kasperd on January 30, 2012, 12:42:31 PM
There are two questions to be asked here. Question one is can you somehow get the HE tunnel server to setup a tunnel with an endpoint it cannot ping. Question two is can you get a 6in4 tunnel to work through that ISP at all.

An ISP that blocks ping shouldn't exist in the first place. They were supposed to have lost all their customers to the competition. But somehow some companies get to stay in business even when they shouldn't, so let's get back to your question.

Can you get a tunnel to work with an IP that is not pingable? It may be worth trying setting up the tunnel with a different IP and then changing the IP after the tunnel is created. You can probably find somebody who will help you by letting you use their IP address for just setting up the tunnel. Now whether any of the methods for changing the IP will work in that case, I don't know. It might be that every one of them will check that the IP is pingable.

I don't know what the purpose of verifying that the address is pingable in the first place as I can't really see any reason why there would be a strong correlation between an IP being pingable and it being usable for the tunnel or any strong correlation between an IP being pingable and it being the correct IP to be using for the tunnel.

If you can somehow get the tunnel set up with an IP that isn't pingable, there still isn't any guarantee that it will work. There are ISPs that provide routers where it will fail even though the IP is pingable.

The question is whether you can get protocol 41 traffic back and forth. If NAT is involved, you need a bit of luck to get it working. It may be that the NAT has absolutely no knowledge about what protocol 41 is, but is still able to get it working. The way it would work is as follows:
The above certainly doesn't work in all cases. But I have seen two routes where it did work. (Incidentally those two routers had builtin DNS servers that would blow up if you did AAAA lookups, so you had to configure every machine on the LAN to ignore the DNS servers announced by the DHCP server.)

HE used to be doing a beta of a different tunnel protocol that might have helped you, but that is deprecated now, I don't know if you can even sign up for it anymore. If you cannot get it to work, you may have better luck with another tunnel provider. At least sixxs.net is supposed to be offering tunnels that will work through most stuff. Unfortunately I never made it through their bureaucracy for setting up a username, so I haven't seen for myself what their tunnels can do.
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: cholzhauer on January 30, 2012, 12:44:20 PM
Keep in mind that even when you switch IP addresses that the new IP has to respond to ICMP
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: Qed on March 23, 2012, 11:57:40 PM
I have the same problem, my ISP is bloccking ICMP echo requests directed to my ip address. The packets is just not reaching my router.

I can ping the the server with no problems. I don't get what's the reason of that "ping check" :-/
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: kasperd on March 24, 2012, 01:14:24 AM
Quote from: Qed on March 23, 2012, 11:57:40 PMI don't get what's the reason of that "ping check"
I guess the reason for this check is that it has always been done like that.
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: kriteknetworks on March 25, 2012, 11:46:10 AM
Likely to ascertain a live tunnel endpoint before HE starts routing packets to it.
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: kasperd on March 25, 2012, 02:24:47 PM
Quote from: kriteknetworks on March 25, 2012, 11:46:10 AMLikely to ascertain a live tunnel endpoint before HE starts routing packets to it.
No. Far the majority of the IPv4 addresses responding to ICMP echo requests are not valid 6in4 tunnel endpoints. And it is entirely possible to have a working tunnel endpoint, which does not respond to ICMP echo requests. And judging from the number of times this question has come up, I guess there are multiple people in that situation.

There will be significant numbers of false positives and false negatives. I don't even see a reason to think there is a strong correlation between an IPv4 address responding to ICMP echo requests, and it being a valid 6in4 tunnel endpoint.

It would make much more sense to send a probe with an ICMPv6 echo request. That would of course require a bit of additional configuration as the user would have to also specify which IPv6 address the request should be send to.
Title: Re: Can I establish a tunnel with external ip not pingable?
Post by: sseif57 on April 26, 2012, 04:18:20 PM
Quote from: realdreams on January 30, 2012, 12:19:20 PM
My ISP blocks external ping(along with many other things so that users can't run server...) Not really anything I can do about it. Is there still a way to establish a tunnel?
i used a fake one and got  working tunnel while my ip is not pingable