• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Recent posts

#11
2600:9000::/28 is the infor I got from whois.
According to the HE looking glass, it is not announced. At Telekom (AS3320), it is not in the routing table too.

amzn-noc-contact@amazon.com can be contacted, this is in the whois address.
d3e2y37tle8w9m.cloudfront.net at this time (TTL 40 sec) points to various networks in 2600:9000:223c::/48, which is in the HE routing table. I can ping that properly via AS3320.

Please try if the problem still exists.

For 2600::
Reachable from only a few AS, other big ones like 3320 don't have that in their routing table.
Contact Cogent/Sprint and ask them. I dunno about the peering/routing policies they have.
#12
Can you use
sudo mtr 216.66.84.46 -i 0.2
#13
Hello,

I am currently experiencing 10–20% packet loss while connected to the tunnel server at 216.66.84.46 (tserv1.ams1.he.net). My location is in the Netherlands.

Is this an isolated issue on my end, or are there broader connectivity problems affecting this server?

Thank you for looking into this.

Best regards,

Bouke
#14
General Questions & Suggestions / Re: Support for SVCB and HTTPS...
Last post by jailbird - November 18, 2024, 09:06:35 PM
It looks like the web UI understands these records, but it won't let you add them nor edit them.

It would be awesome if it did!
#15
IPv6 on Routing Platforms / Problèmes d'interaction entre ...
Last post by farouq45 - October 15, 2024, 09:30:44 AM
Bonjour à tous,

Je travaille actuellement sur un réseau qui utilise IPv6 et plusieurs VLANs avec le Spanning Tree Protocol (STP) activé. Cependant, j'ai remarqué que lors de la convergence du STP, le Neighbor Discovery Protocol (NDP) en IPv6 semble être affecté, ce qui entraîne des retards dans la résolution des adresses IPv6.

Est-ce que quelqu'un a déjà rencontré des problèmes similaires où le STP interfère avec le bon fonctionnement d'IPv6 Neighbor Discovery ? Je me demande s'il y a des configurations spécifiques à appliquer pour éviter ce genre de conflit, ou si passer à RSTP ou MSTP pourrait résoudre le problème. Toute suggestion pour améliorer cette interaction serait appréciée.
#16
Questions & Answers / I'm getting a HTTP 500 error w...
Last post by noxtu - October 14, 2024, 04:30:54 AM
I'm getting a HTTP 500 error when trying to create or edit  tunnel.
https://tunnelbroker.net/tunnel_detail.php?tid=938787
#17
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by jonathanlee571 - October 12, 2024, 09:13:37 PM
Hello, I am also seeing this with Google, what is weird if I do the challenge it reroutes me to Google .hk or hong kong after. As soon as I turn off the HE tunnel it stops. Blocking AAAA for Google Netflix does fix it. Is there any other solution to this?

#18
General Discussion / Re: Reset Guru test
Last post by ranoca - October 11, 2024, 06:28:34 PM
Hello, I have the same problem, I can't check the records because the domain is on a hosting, did you manage to solve the problem?
#19
IPv6 on Routing Platforms / Re: Problème avec la sécurisat...
Last post by snarked - September 27, 2024, 12:07:59 PM
There really isn't any way to validate the content of the ND packet itself.  If one already knew where his neighbor(s) connect(s), one wouldn't need the ND packet to begin with (and would populate the local route table manually).

I have not used "SEND."  I don't know of any way to detect that a neighbor was hacked if the packets comprising the hack did not pass through my system or network.  Furthermore, a neighbor could be passing bad routes learnt from its other neighbor(s), so it/they might not be hacked at all.

I simply don't see how the data could be validated.  All one can validate is that a neighbor delivered the data.
#20
IPv6 on Routing Platforms / Re: Problème avec la sécurisat...
Last post by gabinlm - September 27, 2024, 11:26:14 AM
Thank you for your detailed response! Your explanation about the trusted FE80::/10 range and the use of TTL 255 to ensure a direct connection makes sense. However, my concern is more about a potential attack vector where a malicious device on the same link might insert false Neighbor Advertisements, which could lead to man-in-the-middle attacks or routing issues.

I understand that IPSec can be a solution for securing ND packets, but in practice, it seems challenging to implement and maintain, especially in large networks. Have you had any experience using Secure Neighbor Discovery (SEND) as an alternative, or do you know of any other lightweight methods to prevent these types of attacks?