Hi,
i found out that HE has stopped allowing new BGP tunnels.
They now request 500$/month for such a tunnel.

As a private systemadministrator, just running my own AS and PI Space for my owncloud and mailserver at home and some education, this is nothing i can pay.

Does anybody know about other tunnel providers with a BGP peering, so i can extend my ASN again with a second upstream?

under https://de.wikipedia.org/wiki/Liste_von_IPv6-Tunnelbrokern there are no more active tunnelbrokers with BGP sessions listed.

Regards
Daniel

I use a FritzBox and I have to also set a domain name, user name and password, I can't let them empty.
If I use my HE user name and password for the fields, I get error 500 badauth.
If I use other strings like "alfred" for user and pass, I get error 500 nohost

As domain name I used a free domain name from dynv6.com
I also tried example.com
What I'm doing wrong?


This is the URL I use:
https://Pentium4User:Password-fromHE-Login@ipv4.tunnelbroker.net/nic/update?hostname=587xxx

Is this what you need?

https://forums.he.net/index.php?topic=1994.0

Hello,
I like to use one of my tunnels at a location where the provider changes my IPv4 every time I dial in using ADSL, I can't change that.
I like to update it via the TB DynDNS method, but I don't know how to set it up properly.
I don't have a domain name, although I might register one for free, If sb. knows where.
Is there a possibility to update the Tunnel endpoint IP via DynDNS without owning a domain name?
Kind regards P4User

Why should port 113 be open?

Do you have a dynamically assigned IPv4? Maybe your public IPv4 changed. If that happens, you have to restart the tunnel with the new public IPv4.

Your modem is doing NAT for IPv4.  Either disable it, move the tunnel to the modem, or enable a “DMZ” function for the pi.

Hi, I have the same problem, I did as suggested and DMZ'd the select RPi. Firewalled it for IPv6/4. everything worked after I set the DMZ IP and rebooted my router. but in under 1 hour the tunnel was dead. I couldn't icmp in or out and the portscan said this:

Code: [Select]

Starting Nmap 7.01 ( https://nmap.org ) at 2020-05-24 16:36 PDT
Nmap scan report for 2001:470:1f07:561::2020
Host is up.
All 1000 scanned ports on 2001:470:1f07:561::2020 are filtered

Nmap done: 1 IP address (1 host up) scanned in 201.40 seconds

note: the previous scan when working showed port 113 open as it should be. but now nothing.

I am unable to use the LA server as well.

Yes even I am on SG server and its not working.

since yesterday I cannot connect to any singapore ipv6 tunnel, i tried other tunnel location and it works just fine ,,, is there a problem with singapore tunnel or just my ISP ? 

I agree with the above solution.  AXFRs should also be restricted at the server’s application layer.

A nonstandard port isn’t an option by using dns data.  To access a SRV record, one must make a DNS query to fetch it - so how is one going to do that to know to use the nonstandard port to get the record to get that info?  One can’t glue SRV records to a parent zone.

With BIND, the server statement doesn’t have a port option.  You’re on your own as to other software.

Using DANE with DNS, one has to fetch the SRV record (and TLSA records) for “_853._tcp.DNS....” via port 53 unencrypted before using TLS-secured DNS queries.  Same problem as above.

Even with all of that, to expect HE to do something nonstandard is dreaming....