Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Pages: 1 [2] 3 4 ... 10
 on: March 05, 2019, 07:39:25 AM 
Started by snarked - Last post by snarked
I noticed an addition in the web form that sets up a secondary zone for a TSIG key.  As HE hasnít yet announced it, I assume itís under test.  However, my question is:

Will there be a way to add this for existing zones without having to delete and re-add them?

Thank you.

 on: March 01, 2019, 05:58:23 AM 
Started by shirakun - Last post by divad27182
OK.  It could also be on the server end.

To determine which, run a packet sniffer on the server side, watching for traffic involving the clients IPv6 address.  Then ping an internet host from the client.  Doing this on both interfaces on the server allows you to determine just how far the packets get. 

If you can't get anything on the interface to the client, the problem is routing on the client.  If you get the packets in one direction on one interface and not the other, the problem is server routing (or firewalling).  If you get packets in both directions on both interfaces, the problem is probably on the client (and might be firewall).  If you get packets only in the outbound direction, the problem is further upstream, and if that's your exterior border, might be an announcement issue.

 on: March 01, 2019, 05:42:57 AM 
Started by shirakun - Last post by divad27182
sounds like a problem with the routing table on the CLIENT side.  It needs to know to route internet IPv6 traffic to your server.

 on: February 27, 2019, 11:34:35 AM 
Started by dtic - Last post by broquea
HE needs to approve the BGP tunnel after a vetting process. Sorry your other ticket didn't get responded to yet.

 on: February 27, 2019, 10:44:15 AM 
Started by dtic - Last post by dtic
Sorry I don't understand the procedure: to ping the peer I should have approved the BGP tunnel?
is that why I cannot ping the peer?

I have received this confirmation on February 25th:

Your message ("Problem: I cannot ping peer for tunnel broker") has been assigned the tracking ID [HE#4045337].
One of our engineers will reply to your email within 24 hours.

Please include the string '[HE#4045337]' in the subject of any future email about
this case.  You may do that by simply replying to this message.

Please be aware that our system currently rejects binary attachments.  If you
are submitting a traceroute or ping output please generate it in text and
followup to this email.

Thank You.
Hurricane Electric Support

Thanks for answering,

 on: February 27, 2019, 08:48:07 AM 
Started by dtic - Last post by broquea
BGP tunnels are manually approved. They are not configured until approved.
Your ticket to request one was opened 44 hours ago by our system.
No replies from you to that ticket.
If you are emailing our ticket system, you should be getting back an autoresponder for any new ticket you created.
If not, your emails aren't making it to our system.

 on: February 27, 2019, 07:16:12 AM 
Started by dtic - Last post by dtic
Have tried using another Tunnel Broker and it works like a charm. However, I need BGP(6).

I've also sent an email to but no one replied.

Can anybody help?

 on: February 27, 2019, 05:11:32 AM 
Started by dtic - Last post by cholzhauer
I don't see anything glaring with your config, but I don't have enough experience building a tunnel on a Cisco router to say for sure.  My only other suggestion is to check your MTU.  Hopefully someone else sees what I missed.

 on: February 26, 2019, 02:28:25 PM 
Started by dtic - Last post by dtic
ipv6 unicast-routing
interface Tunnel0
 description Hurricane Electric IPv6 Tunnel Broker
 no ip address
 ipv6 address 2001:470:10:B2::2/64
 ipv6 enable
 ipv6 mtu 1480
 tunnel source
 tunnel mode ipv6ip
 tunnel destination
interface GigabitEthernet0/0/0
 description WAN
 ip address secondary
 ip address
 ip nat outside
 negotiation auto

ipv6 route ::/0 Tunnel0

The ISP says it is not filtering any protocol

I have ping(ed) from HE looking glass and I get packets matched by a test access-list

FASTA-ASR#show access-lists 100
Extended IP access list 100
    10 permit 41 any any log (252 matches)

 on: February 26, 2019, 02:15:47 PM 
Started by dtic - Last post by cholzhauer
The easiest way is to ask them, although they will probably be confused

You could also do a packet capture, but that takes more work.  Can you post your config with the addresses visible?  If you donít want to, send it in a message instead

Pages: 1 [2] 3 4 ... 10