Hi! I've been running HE tunnels on and off for years, and since my new ISP doesn't support IPv6, I'm back to using HE 24/7, with a /48 divided among a few networks. No problems there.
Occasionally I'm seeing ICMPv6 pings on my firewall to destination addresses that aren't anywhere close to my /48 - one such is 2001:0470:0007:0c78:0000:0000:0000:0002 (with the source listed as 2001:0470:0007:0c78:0000:0000:0000:0001). The IPv4 addresses are what I would expect; my IPv4 address for the destination, and 216.66.22.2 for the source.
It's blocked, so no big deal, but I'm wondering why this is happening, and whether it indicates some undesirable traffic leakage, spoofing, or someone possibly using an old, old address; don't remember if I ever had anything containing it, but I've had my current allocation for months. Any ideas?
There is no encryption for 6in4. Packets can easily be injected.
However, the same public IP address should not be able to have more than one tunnel. I think you should email ipv6@he.net.
Uhm, did you just set up your /48 w/o the client-side IPv6 address?
Quote from: kcochran on September 10, 2015, 10:29:22 AM
Uhm, did you just set up your /48 w/o the client-side IPv6 address?
Is HE keeping pinging the client IPv6 addresses?
Quote from: kcochran on September 10, 2015, 10:29:22 AM
Uhm, did you just set up your /48 w/o the client-side IPv6 address?
(Sorry it took so long to reply - I wasn't notified via email that there were any replies.)
Ahhh, at least in the case of the example I posted, it probably refers to the client and server endpoints of my tunnel. I was just looking at the routed /64, which has a different number in the third hex group than the /64 used by the client and server tunnel endpoints, and had thought it wasn't my assigned /64.
One more question - does HE prefer replies to such pings? I haven't sent them, at least after setting up the tunnel, but things work fine.
QuoteIs HE keeping pinging the client IPv6 addresses?
HE's keep-alive/tunnel-test pings go to the tunnel /64, not the client IP range.
I see this on my Tunnel as well.
https://forums.he.net/index.php?topic=3001.msg17664#msg17664
Quote from: DJX on October 09, 2015, 07:59:58 AM
I see this on my Tunnel as well. ourcase (http://www.ourcase.co.uk/)
https://forums.he.net/index.php?topic=3001.msg17664#msg17664
it seems very helpful.