Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Topics - kcochran

Pages: [1] 2
1
News & Updates / Update - 30 March 2017
« on: March 30, 2017, 08:29:13 AM »
We have added additional regular tunnel-servers in the following locations:
  • Honolulu, Hawaii, United States
  • Lisbon, Portugal
  • Johannesburg, South Africa
They are now live and available to choose when creating a tunnel. Again if you would like your existing tunnel's IPv4 endpoint to use one of the new tunnel-servers, please delete your existing tunnel then pick the new location to create your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6 blocks, and you will be assigned NEW allocations based on the tunnel server you pick.

If you have any problems and want to report them, please email ipv6@he.net to open a trouble ticket.

2
As we've been seeing a number of emails recently on this from people getting their apps rejected due to the IPv6 requirements Apple put in place earlier in the year, I'm putting up some resources for those who might need it.  Here are some of Apple's own resources on things to do for your app to conform to the submission requirements.

Properly put, the Apple requirement is that an app must be able to work on an IPv6-only network.  This means no usage of IPv4-only APIs, no IPv4 literals, and avoidance of some pre-flight checks.  It must be able to work in a NAT64 environment.  You do not need IPv6 support on the server-side yet.  If they required that now, people hosting on AWS or GAE would be in trouble.  However those services would then have more calls to finish up their implementations.  That said, it's still a good idea to work towards server-side support.

Apple's Tech Note on IPv6 networks, and app requirements

WWDC 2015 Video on the same, and the NAT64 implementation in El Capitan

3
News & Updates / Two-factor Authentication
« on: January 04, 2016, 04:47:58 PM »
We've made some adjustments to the two-factor implementation to now include backup verification codes.

If you have two-factor enabled on your account, you should now see a section under it labeled: "Backup codes"

"Show codes" will show you the currently available and unused backup codes for your account.
"Reset codes" will generate a completely new set of ten backup codes for your account.

Each of these codes may be used once.

These codes exist as a means of getting into your account if you've misplaced or lost your phone with the authenticator application on it.  You may use them anywhere an authentication code is expected.

As a side note, the iOS version of the HE Network Tools app will sync HOTP/TOTP credentials in iCloud Keychain, if enabled, and therefore can be an option if you tend to be prone to phone loss/damage/etc.

4
General Questions & Suggestions / IPv6 Calculator
« on: January 09, 2015, 11:45:08 AM »
I've seen a few people say they like the IPv4 calculator, but then say they'd also like an IPv6 one.  The question I have back is: what would folks want/need it to do, since such requests so far have lacked that additional information.

Thoughts?

5
News & Updates / Update - 6 January 2015
« on: January 06, 2015, 04:12:49 PM »
We have added an additional regular tunnel-server in London.  It is now live and available to choose when creating a tunnel. Again if you would like your existing tunnel's IPv4 endpoint to use the new tunnel-server, please delete your existing tunnel then pick the new location to create your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6 blocks, and you will be assigned NEW allocations based on the tunnel server you pick.

If you have any problems and want to report them, please email ipv6@he.net to open a trouble ticket.

6
News & Updates / Update - 25 November 2014
« on: November 25, 2014, 10:22:40 PM »
We have added a regular tunnel-server in Phoenix, Arizona.  It is now live and available to choose when creating a tunnel. Again if you would like your existing tunnel's IPv4 endpoint to use the new tunnel-server, please delete your existing tunnel then pick the new location to create your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6 blocks, and you will be assigned NEW allocations based on the tunnel server you pick.

If you have any problems and want to report them, please email ipv6@he.net to open a trouble ticket.

7
We've just released the first version of our Network Tools Mobile App for iOS and Android!

For more information, screenshots and download links, please visit http://networktools.he.net/

8
This forum provides a mechanism by which common questions, answers and suggestions about the HE.NET Network Tools can be handled by staff or other users. This is not a job board or an advertising forum.

If you have a question about this program, please ask it in here and we will do the best we can to help.

As always we reserve the right to remove, or move any topics that don't match the intended purpose of the forum.

9
Questions & Answers / Tunnelbroker.net API Documentation
« on: April 17, 2014, 07:16:49 AM »
API Parameters
  • USERNAME: The account username
  • USERID: The account User ID
  • PASSWORD: The account password
  • MD5PASS: The MD5 hash of the account password
  • UPDATEKEY: Usage key as defined on the tunnel's Advanced tab
  • IPADDRESS: Client Endpoint IPv4 address
  • TUNNELID: Tunnel id #
 
  IMPORTANT: For API calls which operate on a single tunnel, if an Update Key is set for that specific tunnel, it must be used instead of the account password or password MD5 hash.
 
  Many embeded systems (routers, WiFi access-points, etc.) use the historic update API, and will often MD5 the password set prior to sending the update.  In this case, you will need to remove the Update Key set for the tunnel, and use your account password directly.

Tunnel Information API
 
Code: [Select]
https://USERNAME:PASSWORD@tunnelbroker.net/tunnelInfo.php  Returns an XML structure with all of your tunnels' configuration settings.  See https://forums.he.net/index.php?topic=3109.0 for structure details.

 
Code: [Select]
https://USERNAME:PASSWORD@tunnelbroker.net/tunnelInfo.php?tid=TUNNELID  Returns an XML structure with this specific tunnel's configuration settings.
 
Tunnel Client Endpoint Update APIs

 NOTE: Please only trigger an update when your IP address changes!

 https://ipv4.tunnelbroker.net/nic/update (Preferred)
   The following scripts conform to the Dyn DNS Update API (as documented at http://dyn.com/support/developers/api/).  We only support HTTPS updates.
   
Code: [Select]
https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=TUNNELID&myip=IPADDRESS
https://ipv4.tunnelbroker.net/nic/update?username=USERNAME&password=PASSWORD&hostname=TUNNELID&myip=IPADDRESS
   Update the listed tunnel's client endpoint to the specified IP.
   
Code: [Select]
https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/nic/update?hostname=TUNNELID
https://ipv4.tunnelbroker.net/nic/update?username=USERNAME&password=PASSWORD&hostname=TUNNELID
   Update the listed tunnel's client endpoint to the IP address making the update request.
 
https://ipv4.tunnelbroker.net/ipv4_end.php (Deprecated)
   The following scripts return either +OK or -ERROR followed by a descriptive message.
   
Code: [Select]
http://ipv4.tunnelbroker.net/ipv4_end.php?ip=IPADDRESS&pass=MD5PASS&user_id=USERID&tid=TUNNELID   (Not recommended)

Code: [Select]
https://ipv4.tunnelbroker.net/ipv4_end.php?ip=IPADDRESS&pass=MD5PASS&user_id=USERID&tid=TUNNELID
https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID&ip=IPADDRESS
   Update the listed tunnel's client endpoint to the specified IP.

Code: [Select]
https://USERNAME:PASSWORD@ipv4.tunnelbroker.net/ipv4_end.php?tid=TUNNELID   Update the listed tunnel's client endpoint to the IP address making the update request.

10
News & Updates / Additional API utilities
« on: February 14, 2014, 05:56:46 AM »
An additional tool for reporting available tunnels is available for application programmers/embedded systems folks.  This has actually been around for a while, but not well documented.

https://USERNAME:PASSWORD@tunnelbroker.net/tunnelInfo.php[?tid=TUNNELID]

This returns the configuration information in XML format.  One tunnel block per tunnel if no ID specified, or one tunnel block for the specified tunnel id.

Code: [Select]
<?xml version="1.0" encoding="UTF-8"?>
<tunnels>
 <tunnel id="TID">
  <description>DESCRIPTION</description> (as defined in the site)
  <serverv4>SERVER_IPv4</serverv4>
  <clientv4>CLIENT_IPv4</clientv4>
  <serverv6>SERVER_IPv6</serverv6>
  <clientv6>CLIENT_IPv6</clientv6>
  <routed64>ROUTED_64_PREFIX/64</routed64>
  <routed48>ROUTED_48_PREFIX/48</routed48> (exists if one assigned)
  <rdns1>DNS1</rdns1> (exists if assigned)
  <rdns2>DNS2</rdns2> (exists if assigned)
  <rdns3>DNS3</rdns3> (exists if assigned)
  <rdns4>DNS4</rdns4> (exists if assigned)
  <rdns5>DNS5</rdns5> (exists if assigned)
 </tunnel>
</tunnels>

11
News & Updates / Authentication updates
« on: January 31, 2014, 07:25:28 AM »
In order to improve account security, some changes have been made to how tunnel endpoint updates are authenticated.

Tunnels made after this post now are configured with an "Update Key" (under the "Advanced" tab on the tunnel information page), which is used instead of the general account password when performing automated updates via either the https://ipv4.tunnelbroker.net/ipv4_end.php or the /nic/update (Dyn-alike) mechanisms.  Do not MD5() this value before use.

When an "Update Key" exists, the account password will not work for updates on that tunnel.  Existing tunnels can set an "Update Key" to take advantage of this new mechanism.

12
News & Updates / Server Maintenance - 16 Nov 2013 [UPDATEx2]
« on: November 14, 2013, 10:46:25 AM »
The following sites and services will be unavailable starting at 4am on Saturday, November 16th, 2013.  Duration of this maintenance is expected to last no more than a few hours.
  • ipv6.he.net
  • tunnelbroker.net

Authentication with the following service may be interrupted during this maintenance window:
  • dns.he.net

Operation of existing tunnels will be unaffected.  However, any IPv4 endpoint updates will not be processed during this maintenance.

Edit 8am:
Maintenance is complete at this time.  Daily tests for IPv6 certification are temporarily disabled while a few items are worked out on them, but all other functionaliry should be operational at this time.

Edit 11/22:
Daily tests are back.  If you see any issues with them, please email ipv6@he.net with the test you're having issues with and the text you're submitting to complete the test.

13
General Discussion / Certification Test Updates
« on: September 09, 2013, 08:03:16 PM »
As an FYI, there will be updates to the core tests in the next few weeks.  Mainly they're just cleanups on process, removing elements that didn't really need user intervention (user code generation for example), various bug fixes, better reporting when something fails and the like.  The one that most people are likely to not trip over is a complete revamp of the Sage step.  The previous implementation had a number of edge cases which didn't always catch valid v6-only resolution.  The new one will, and should no longer require the manual requests for those edge cases.

Since the question has come up in the past in regards to the intent (and what the new implementation will require) of the Sage level, I'll clarify that here.

The Sage objective requires the ability to complete an entirely IPv6-only resolution of the hostname used originally in the Enthusiast objective, where we fetched a web page from you.  This means a v6 query to the root nameservers, following delegation down until we get an error or an authoritative reply for the AAAA for that hostname.  Queries to delegated nameservers also work in the same fashion.  If their AAAAs come along in the Additional section, great, glue is important and makes queries more efficient where it can be used.  If not, we go back to the roots, and work up from there.  Any step we reach a dead-end and exhaust all candidate nameservers when working to the original hostname, the test will report a fail.

There's still some knocking off rough edges to do until these changes go live, so it may be a few weeks until they're in-place.

If there's anything you'd like to see feature-wise on the existing tests, now is the best time to ask for it.  For example, Enthusiast is planned to gain the ability to check https URLs.

14
News & Updates / Update - 30 August 2013
« on: August 30, 2013, 07:12:32 AM »
We have added a regular tunnel-server in Budapest, Hungary.  It is now live and available to choose when creating a tunnel. Again if you would like your existing tunnel's IPv4 endpoint to use the new tunnel-server, please delete your existing tunnel then pick the new location to create your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6 blocks, and you will be assigned NEW allocations based on the tunnel server you pick.

If you have any problems and want to report them, please email ipv6@he.net to open a trouble ticket.

15
News & Updates / Update - 23 August 2013
« on: August 23, 2013, 07:24:24 AM »
We have added a regular tunnel-server in Winnipeg, Canada.  It is now live and available to choose when creating a tunnel. Again if you would like your existing tunnel's IPv4 endpoint to use the new tunnel-server, please delete your existing tunnel then pick the new location to create your tunnel on.

*REMINDER* - Deleting your old tunnel means deallocating your IPv6 blocks, and you will be assigned NEW allocations based on the tunnel server you pick.

If you have any problems and want to report them, please email ipv6@he.net to open a trouble ticket.

Pages: [1] 2