About half a week ago, my tunnel (that had been functioning perfectly for a month or so) suddenly stopped working. In trying to fix it, I've determined that I can ping the gateway server just fine, but nothing else. Additionally, the portscan (of the client IP) provided by https://tunnelbroker.net/portscan.php is very wrong. It fails unless I specify -Pn, and lists the following ports as open (none of which are open in my firewall config):
6666/tcp
6667/tcp
6668/tcp
6669/tcp
7000/tcp
9999/tcp
Normally I would assume that I had grossly misconfigured something, except for the fact that it was working perfectly and stopped working seemingly without provocation (no reboots, network outages, etc.). Is there someone that I should contact about this?
You can ping the gateway server over Ipv4? Any chance your public IPv4 address changed?
I can ping the gateway server on both v4 and v6. Neither my public v4 nor my public v6 (I'm on a VPS provider that gave me both) has changed.
When you say gateway server, what do you mean by that?
The server on HE's end of the tunnel.
If you can ping HE over IPv6, that means the tunnel is up and the issue is on your side.
What isn't working? Do your clients get IPv6 addresses? Where does traceroute break? You haven't provided many details
Everything gets addresses fine. Traceroute/ping gets me a "connect: Network is unreachable." All other connection attempts through the interface just hang. Additionally, I get the same results if I disable the firewall completely, allowing all traffic from all sources.
A lot of those xxxx/yyyy/~9999 ports could be blocked by ISP (either yours or VPS provider) or even directly used by whichever hv is running your vps (like for those vnc/pty-over-https interfaces some make available for example).
If you don't need them for some reason and are just concerned about them being open, just try a tcpdump on the host while you do the scan. That should let you find out if it's something you can change or if its something you have to talk someone into changing :)