hi all,
I'm behind a NAT now, and I found there is a solution can traversal NAT without reconfigure my NAT gateway to forward proto-41 and also support multiuser behind a same NAT.
Here's the description:
https://www.sixxs.net/tools/ayiya/
I want to know if tunnelbroker currently support AYIYA or plan to support it?
Thanks in advanced.
We do not currently support it, and I'm not aware of any plans to do so in the near future.
Quote from: jilingshu on October 28, 2012, 02:43:46 AMHere's the description:
https://www.sixxs.net/tools/ayiya/
Did you try to register with SixXS? AFAIK they are currently the only provider of AYIYA tunnels.
Gogo6 has a tunnel that will punch through NAT too.
Quote from: kasperd on October 28, 2012, 09:09:47 AM
Quote from: jilingshu on October 28, 2012, 02:43:46 AMHere's the description:
https://www.sixxs.net/tools/ayiya/
Did you try to register with SixXS? AFAIK they are currently the only provider of AYIYA tunnels.
SIXXS is pretty arrogant, they refused my application without giving me any reasonable explanation.
Quote from: cholzhauer on October 28, 2012, 09:15:21 AM
Gogo6 has a tunnel that will punch through NAT too.
The latency of gogo6 is unacceptable (>1s)...... :-(
Quote from: jilingshu on October 29, 2012, 01:44:14 AMSIXXS is pretty arrogant
I know.
Quote from: jilingshu on October 29, 2012, 01:44:14 AMthey refused my application without giving me any reasonable explanation.
That also happened to me. That's why I went with HE. Luckily it turned out that 6in4 worked quite well for me.
Quote from: jilingshu on October 29, 2012, 01:44:40 AMThe latency of gogo6 is unacceptable (>1s)
Such a high latency cannot be explained simply by the server being far from the client. I know of three ways to reach such a high latency
- Buffer bloat
- Satellite links
- Suboptimal routing with packets crossing the same ocean multiple times
If none of the options mentioned so far will suit you, you are running out of free options. You should check this list (http://en.wikipedia.org/wiki/List_of_IPv6_tunnel_brokers) on Wikipedia. Maybe one of the TSP providers is usable for you.
My next question is, where do you have this problem? If you can get a tunnel working to your primary site, and it is only a single mobile device (a laptop) which is frequently behind NAT. Then using Teredo on the laptop can actually work great. Just make sure you have a Teredo relay on your primary site.
If your primary site is behind an IPv4 NAT and does not have IPv6 connectivity, then you really should start looking for a serious Internet provider. If it is impossible to get a decent Internet connection, then you'll have to go with a slightly more expensive solution.
Rent a (virtual) host in a datacenter. The datacenter you choose must have native dual stack connectivity and have a decent latency (IPv4 between the datacenter and your primary site, as well as IPv6 between the datacenter and the backbone is what matters to you). On that rented host, you can setup your personal tunnel server using whatever protocol is best suited for you.
hi,
Thanks for your help!
My network environment is a bit strange...
WAN------ISP------(182.x.x.x)NAT-------My Router(10.x.x.x)------My Computers(192.168.1.0/24)
My router is using PPPoE to connect to my ISP. When connection is established, I got a private IP address of 10.x.x.x. However, I obtained a 182.x.x.x public IP address at the same time. My ISP set a NAT between my private IP and my public IP, it also attached a reflect ACL on it, which cause all inbound traffic are dropped silently.
Quote from: jilingshu on October 29, 2012, 02:39:36 AMWAN------ISP------(182.x.x.x)NAT-------My Router(10.x.x.x)------My Computers(192.168.1.0/24)
That sketch is quite unclear. If you specified the IP on both sides of each hop on the path, it would be much clearer, what was going on. How many layers of NAT are involved?
C:\Users\Lingfeng>tracert -d 8.8.8.8
Tracing route to 8.8.8.8 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.254 (This is my router)
2 * * * Request timed out. (This is my PPPoE gateway)
3 1 ms 2 ms 1 ms 202.98.114.150
root@Gateway:~# ifconfig
br-lan Link encap:Ethernet HWaddr 00:x:x:x:x:x
inet addr:192.168.1.254 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: 2604:x:x:x::1/64 Scope:Global
inet6 addr: fe80::214:d5ff:fe00:1640/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1648259 errors:0 dropped:0 overruns:0 frame:0
TX packets:1307607 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:199799564 (190.5 MiB) TX bytes:290534737 (277.0 MiB)
eth0 Link encap:Ethernet HWaddr 00:x:x:x:x:x
inet6 addr: fe80::214:d5ff:fe00:163f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1405571 errors:0 dropped:0 overruns:0 frame:0
TX packets:1571093 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:295861985 (282.1 MiB) TX bytes:210188512 (200.4 MiB)
Interrupt:16
eth1 Link encap:Ethernet HWaddr x:x:x:x:x:x
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1629173 errors:0 dropped:0 overruns:0 frame:0
TX packets:1294555 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:220175436 (209.9 MiB) TX bytes:273265318 (260.6 MiB)
Interrupt:14
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:152 errors:0 dropped:0 overruns:0 frame:0
TX packets:152 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13029 (12.7 KiB) TX bytes:13029 (12.7 KiB)
mon.wlan0 Link encap:UNSPEC HWaddr 00-14-D5-00-16-41-00-00-00-00-00-00-00-00-00-00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2262935 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:530674345 (506.0 MiB) TX bytes:0 (0.0 B)
pppoe-wan Link encap:Point-to-Point Protocol
inet addr:10.104.24.16 P-t-P:10.104.0.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:1119215 errors:0 dropped:0 overruns:0 frame:0
TX packets:1477050 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:242588636 (231.3 MiB) TX bytes:174792162 (166.6 MiB)
sixxs.0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2604:8800:100:1a3::2/64 Scope:Global
inet6 addr: fe80::8800:100:1a3:2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1280 Metric:1
RX packets:12433 errors:0 dropped:0 overruns:0 frame:0
TX packets:14233 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:8671704 (8.2 MiB) TX bytes:2788584 (2.6 MiB)
wlan0 Link encap:Ethernet HWaddr 00:14:D5:00:16:41
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20705 errors:0 dropped:0 overruns:0 frame:0
TX packets:53134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:2935636 (2.7 MiB) TX bytes:29623692 (28.2 MiB)
root@Gateway:~#
Here's the interface information on router
That did give a better idea of how the network looks. But it looks like a CGN solution, thus it is not very likely, that you'll get something to work.
It is possible get protocol 41 through some NAT systems and not through others. To test if it is possible to get any protocol 41 packets through the NAT, you can first use some service, which can tell you what your IPv4 address (http://google.com/search?q=what+is+my+ip) is. Then try using 6to4 to ping another 6to4 address. You are welcome to ping mine on 2002:5634:7905:727a:6a61:4217:8b23:345.
Quote from: jilingshu on October 29, 2012, 05:33:45 AMsixxs.0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet6 addr: 2604:8800:100:1a3::2/64 Scope:Global
Where did that IPv6 address come from?
Quote
That did give a better idea of how the network looks. But it looks like a CGN solution, thus it is not very likely, that you'll get something to work.
Yes, it somewhat like a CGN, but it has a significant feature is that every user are allocated a public IP address. I believe this is a silly idea but my ISP don't... they said this is good for security ???
Quote
To test if it is possible to get any protocol 41 packets through the NAT, you can first use some service, which can tell you what your IPv4 address is. Then try using 6to4 to ping another 6to4 address. You are welcome to ping mine on 2002:5634:7905:727a:6a61:4217:8b23:345.
Could you give me some more detailed information on how to do it? Thanks for that reflect ACL set on gateway, I have no way to create a HE.net tunnel.
Quote
Where did that IPv6 address come from?
That's a SixxS tunnel created by my friend and I tried it. It has a unacceptable packet loss rate.
Quote from: jilingshu on October 29, 2012, 06:53:08 AMQuote
To test if it is possible to get any protocol 41 packets through the NAT, you can first use some service, which can tell you what your IPv4 address is. Then try using 6to4 to ping another 6to4 address. You are welcome to ping mine on 2002:5634:7905:727a:6a61:4217:8b23:345.
Could you give me some more detailed information on how to do it?
It has been about four years since I last configured 6to4 on Linux. I don't remember how it was done. Nowadays when I am using 6to4, it is done through my own IPv6 stack. Anyway, for just testing between a single pair of 6to4 addresses, you can just use the sit driver:
ifconfig sit0 up
ifconfig sit0 inet6 tunnel ::86.52.121.5
ifconfig sit1 up
ifconfig sit1 inet6 add 2002:xxxx:xxxx::1
route -A inet6 add 2002:5634:7905::/48 dev sit1
traceroute6 -In 2002:5634:7905:727a:6a61:4217:8b23:345
rmmod sit tunnel4
xxxx:xxxx must be replaced with the hexadecimal version of your own public IPv4 address (from the link I gave you above). Run a tcpdump on the physical interface while testing, so you can see which packets got send, and what was received.