• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Recent posts

#1
Questions & Answers / Re: abuse warning but tunnel w...
Last post by anzial - February 13, 2024, 10:29:51 PM
well, now I get the "abuse" message AND the tunnel no longer works.
#2
General Questions & Suggestions / Support for SVCB and HTTPS rec...
Last post by cdauth - February 11, 2024, 07:27:16 PM
I just stumbled across this article explaining the new SVCB and HTTPS record types: https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns

Basically they can instruct clients to load a website through HTTP/3 straight away without having to make a HTTP/2 request first (to look for an Alt-Svc header) and without having to make a HTTP request first (to see if there is a redirect to HTTPS).

I would love to be able to add such records in my HE DNS configuration. Or maybe there is already a way?
#3
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by ChrisDos - January 25, 2024, 06:05:09 AM
Quote from: cecilspiqwuc on January 25, 2024, 01:19:24 AMI first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted. 

I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error.  Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel. 

Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.

I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix.  They worked at first but all ended up the same after the first few hours.

Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.

I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....

Boy, I had not idea it had gotten that bad.  I was waiting for it to clear up again before re-enabling it, but based on what you were saying, I don't think that is going to happen.

Time to look to see if there is another provider of of IPv6 tunnels.  It sure is a lot of work on my end to switch everything over if an alternative exists.
#4
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by cecilspiqwuc - January 25, 2024, 01:19:24 AM
I first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted. 

I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error.  Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel. 

Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.

I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix.  They worked at first but all ended up the same after the first few hours.

Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.

I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....
#5
Questions & Answers / Re: Transfer /48 in between tu...
Last post by kcochran - January 11, 2024, 11:54:49 AM
/48s are also allocated from a server-specific pool.  Making them portable would also result in tens of thousands of additional routing entries.
#6
Questions & Answers / Transfer /48 in between tunnel...
Last post by HQuest - January 11, 2024, 10:00:47 AM
More a request than an issue, but would it be too complex to implement a "move your /48" from one tunnel to another? I understand the /64 pool at certain endpoints but whoever asked and is actually using a /48 as a /48 most likely has a good number of systems using these subnets and it might not be an easy change to get them all updated (talking static assignments, interfaces, security policies, domain entries, etc) to the new assigned subnet. However, trivial to change just your endpoint tunnel setup.

Happy for your consideration, and really appreciative for your services: years ahead of what our paid ISPs offers (which for my sad VZ case, is just non-existent).
#7
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by cholzhauer - January 11, 2024, 09:37:47 AM
This just hit me too...time to disable the tunnel :(
#8
Questions & Answers / Re: DDNS updating as a cron jo...
Last post by kcochran - January 03, 2024, 09:18:26 PM
I wouldn't say the limit is "every few minutes", but "when your IP changes."

We'll accept an attempt to request an update, regardless of it is an actual change, and not block it every few minutes, but the goal is to request an update only when you need to.

At least 90% of the updates we see are unneeded, or entirely malformed requests because people put their information in the wrong fields (passwords as tunnel IDs, etc.), and then never test their setup, so it runs that way for years.
#9
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by Pentium4User - January 02, 2024, 10:51:15 AM
Quote from: quite on December 28, 2023, 11:42:55 PMI'm "guessing" that HE is not working on it more than forwarding the complaint to the users, hoping that the few accounts that perhaps were actually causing problems take steps to correct themselves. And then the big machine in the sky might stop the captchas... Uh.
I notice that from 2001:470::/32 some scans occur and I contacted he's abuse desk.
I dunno if a relevant of abusers use their AS to query the Google search.

Although, Google is a company that doesn't care about the users if only a small amount of them is affected by their decisions.

I use another search engine (4get.plunked.party) that can also show results from Google.
#10
Questions & Answers / Re: DDNS updating as a cron jo...
Last post by aaaaanews - January 01, 2024, 04:09:38 PM
re: guidance - i saw this

https://forums.he.net/index.php?topic=4270.msg23270#msg23270

it seems the limit is every few minutes.

they didn't list examples of well behaved scripts, but it seems there might exist scripts for your router if you google around?