Hurricane Electric's IPv6 Tunnel Broker Forums

Please login or register.

Login with username, password and session length
Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - divad27182

Pages: [1]
1
General Discussion / Re: Unable to establish Ipv6 connectivity
« on: March 13, 2017, 05:28:34 PM »
Quote
While I don't know the full details of 6in4, I'm not sure how well it will work through the NAT firewall. 

6in4 has no issue with NAT as long as the router knows what's going on and is able to pass the traffic without bothering it.
In which case, an obvious suggestion is: you might try putting the windows machine in the DMZ.

Quote
you might try putting your 112.xxx.xxx.xxx address in the localaddress= value. [guessing]

That'll make things worse, the 192.x is appropriate here.
I guess that means it is a bind address.  I found that omitting it on my Linux box did not affect functionality.

2
General Discussion / Re: Unable to establish Ipv6 connectivity
« on: March 13, 2017, 04:27:37 PM »
Well, I would think the following two lines are suspect:

netsh interface ipv6 add v6v4tunnel interface=IP6Tunnel localaddress=192.xxx.x.xxx remoteaddress=216.66.80.26

   IPv4 Address. . . . . . . . . . . : 192.xxx.x.xxx

While I don't know the full details of 6in4, I'm not sure how well it will work through the NAT firewall. 

You might try seeing if you can configure the tunnel directly on the TP Link router.
You might try securing your windows box and plugging it straight into the internet connection.  (This might at least let you get to the next step...)
you might try putting your 112.xxx.xxx.xxx address in the localaddress= value. [guessing]

--David G

(I stayed stuck at Explorer for 2 years on this issue.  Then I tried 6to4 and was Sage within two days. :) )

Edit: strike wrong suggestion.

3
In any case, I'll try targetting that address tomorrow.  (I've already done my points for today.  :-) )
Well, I tried it, and I removed the duplicate address I was suggesting, and it worked.  The other major differences were:
  • my addresses were in lower case
  • I had one more hop before reaching ve422.core1.nyc4.he.net
  • My traceroute doesn't assume the target's address gets the target's name, so the last line was:
    Quote
    9  juniper.webway.se (2a02:920:212e:1::213)  131.990 ms  132.554 ms  126.184 ms
Frankly, I would not have thought any of these would cause problems, but it gives me more things to test.   ;)

--David

Edit: correct list formatting

Edit: Upper case didn't make it fail.  Nor did lack of hostnames.

Edit: It appears that the line before the first trace line is important.  It appears that it having a hostname they can resolve is not.

4
The parser is somewhat simplistic at times.  You might try changing:
  6 2001:7F8:D:FE::247 108 msec 104 msec 104 msec
to
Code: [Select]
  6 2001:7F8:D:FE::247 (2001:7F8:D:FE::247) 108 msec 104 msec 104 msec

I can definitely tell you that if an entry uses the alternate IPv4 derived address formatting, it is rejected.  I.e. if that address were written 2001:7F8:D:FE::0.0.2.71 it would definitely be rejected, even though it is perfectly valid and equivalent.

In any case, I'll try targetting that address tomorrow.  (I've already done my points for today.  :-) )

--David G

5
IPv6 on Linux & BSD & Mac / RIP on IPv6 for Linux?
« on: March 03, 2017, 07:22:21 PM »
Once upon a time, I worked on a network of SunOS computers.  They all ran "routed" implementing the RIP protocol.  They all routed everything right.  At some point our network administrators decided that the 3 packets per router per minute was too much traffic on our network, and shut it down.  Routing problems started.

Does anyone known of a comparable lightweight routing daemon for IPv6 and IPv4, for the Linux (debian) platform?  As far as I'm concerned, Quagga or Zebra is to heavy.  I tried "babeld", but it was too much based on hosts instead if networks.

I'm looking for something that is single process, single thread, small executable, minimal configuration, and capable of running on every node in the network, including the non-routing nodes.  (Non-routing nodes should just be receive only, except for an initial broadcast like in RIP.)   Ideally, it could also replace radvd.

--David G

6
Questions & Answers / Re: Testing protocol 41
« on: February 24, 2017, 04:34:09 AM »
Does there exist any linux tools which can test if protocol 41 gets through the network (4G) and my router?

I have access to linux boxes outside my network which can be used as endpoints.
But as my home network has no public IP; it is on Carrier grade Nat, the connections have to be initiated from my network to my external hosts.

nmap can do it, to some extent. 

You can try something like:
Code: [Select]
nmap -sO -p 1,6,17,41 hostname
The downside is that it can't always distinguish open from filtered.

--David

7
Well, in my case, the command I use reads something like:

Code: [Select]
wget --auth-no-challenge -q -O- --http-user=my_username --http-passwd=my_password 'https://ipv4.tunnelbroker.net/nic/update?hostname=123456'
It turns out this is safe to run at any time.  It just tells you that there is no change ("nochg").  On the other hand, you should not run it too frequently

--D

Edit: If you just go the advanced tab on the tunnel details page, it will provide a URL to use.

Edit2: I think the other part of the equation (at least for me) is to omit the specifying the local IP address in the configuration.  Linux will use your local address as needed.

8
I think you want "Dyn-compliant Endpoint Updates" at https://forums.he.net/index.php?topic=1994.0

--David

9
General Discussion / Re: False negative for traceroute submission?
« on: February 10, 2017, 07:42:45 AM »
Here's the traceroute:
Code: [Select]
14  pc1-646.br11.gdbru.be.easynet.net (::ffff:87.86.71.163)  154.563 ms  154.812 ms  154.436 ms

My guess is the ipv4 check matched for hop 14?

Yes, and it turns out if you rewrite that line as:
Code: [Select]
14  pc1-646.br11.gdbru.be.easynet.net (::ffff:5756:47a3)  154.563 ms  154.812 ms  154.436 ms
then it works.  They check the form, not the content.

10
Suggest a Test! / IPv6 DNS lookup
« on: February 07, 2017, 09:45:05 AM »
How about doing a DNS lookup using IPv6.

In order to do this, one would need a DNS zone that is deliberately NOT delegated to, on a server that only accepts IPv6 requests.  Then the testee would fetch something from the server, and enter that as evidence of test completion. 

I suggest that it be a TXT record, using a domain name like <username>.hurricane-electric-certification-test.  and that the value be a nonce, followed by a hash of the nonce, username, and a secret shared between the dns server and the test server.  This would prevent sharing answers, or taking too long to enter the answer.

--David

Pages: [1]