Hurricane Electric's IPv6 Tunnel Broker Forums

Tunnelbroker.net Specific Topics => Questions & Answers => Topic started by: Napsterbater on December 04, 2017, 03:18:34 PM

Title: Cloudflare Blocked on Free Tunnels now?
Post by: Napsterbater on December 04, 2017, 03:18:34 PM
So I was investigating issue with cloudflare not being able to reach my origin servers via IPv6 of which I have a Hurricane Electric tunnel for. The response I got from IPv6@he.net was that it is now blocked for free tunnels.

When was this change made? And I get this is a free service but seems odd that only cloudflare is blocked and not hosting in general.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: broquea on December 04, 2017, 05:24:35 PM
Months ago.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: cholzhauer on December 04, 2017, 06:01:21 PM
This doesn't affect me, so I don't really care, but what's the reasoning behind it?
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: Napsterbater on December 05, 2017, 07:31:59 AM
This doesn't affect me, so I don't really care, but what's the reasoning behind it?
I'd like to know to ogcourse I am affected. But since they're not blocking hosting in general and only cloudflare if anything that increases the traffic since cloudflare cache anything or absorbs any DDOS's.

And again I do get it's a free service so I don't have too much to complain about but just curious.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: broquea on December 05, 2017, 07:36:26 AM
We don't really discuss internal policy decisions.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: divad27182 on December 06, 2017, 08:23:01 AM
My main experience with cloudflare is when somebody usurped my projects DNS and put cloudflare in front of my machine.  This: compromised security, compromised performance, compromised security, and made me unable to SSH to my machine.  Cloudflare filled in dummy wildcard records based on an internet draft.  At one point, a DNS lookup on a name got an A record and a CNAME record (but a cache might have been involved).

We are no longer using cloudflare.

(I then tried Amazon's DNS.  They don't do SOA serial numbers.)
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: JRMTL on December 06, 2017, 01:54:33 PM
rec'd the same reply about cloudflare being blocked. Spent days with cloudflare support going over pcaps etc. It's a shame as cloudflare worked exceptionally well as a ipv4 to ipv6 proxy but I can't blame HE as I suspect someone was abusing CF/HE. FWIW last I checked alternate CF ports were still working whether by design or they were missed by HE
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: Napsterbater on December 06, 2017, 02:55:31 PM
FWIW last I checked alternate CF ports were still working whether by design or they were missed by HE
Until now/soon I bet.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: JRMTL on December 06, 2017, 03:18:50 PM
lol. I thought about that before posting but honestly if HE did miss those ports I would prefer they close them rather than taking even more aggressive actions if CF proxies are causing them technical or legal issues.

**edit I actually mentioned the unblocked ports to HE on Nov 8th.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: Daniel15 on January 07, 2019, 10:21:53 AM
Just noticed the same thing when I tried to configure an IPv6 tunnel for a site that uses Cloudflare (unfortunately, I have some servers in data centers that still don't offer native IPv6!). It would be good to document this more clearly on the tunnelbroker site.
Title: Re: Cloudflare Blocked on Free Tunnels now?
Post by: jschv6 on January 14, 2019, 11:15:05 AM
I agree that this should definitely be communicated more transparently somewhere on the tunnelbroker site.

I thought about setting up a RiotIM server on a raspberry. Because port 443 on my IPv4 (dynamic) IP is already taken I planned to set it up using IPv6 only and use Cloudflare as IPv4->IPv6 proxy.

If I hadn't browsed this forum for a totally different reason I surely would also have spent quite some time debugging this setup.

I can assume why you did this and can a bit sympathize with that. But please make it transparent to all users!