- Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.
News:
Welcome to Hurricane Electric's Tunnelbroker.net forums!
Recent posts
#21
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by ChrisDos - January 25, 2024, 06:05:09 AMQuote from: cecilspiqwuc on January 25, 2024, 01:19:24 AMI first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted.
I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error. Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel.
Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.
I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix. They worked at first but all ended up the same after the first few hours.
Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.
I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....
Boy, I had not idea it had gotten that bad. I was waiting for it to clear up again before re-enabling it, but based on what you were saying, I don't think that is going to happen.
Time to look to see if there is another provider of of IPv6 tunnels. It sure is a lot of work on my end to switch everything over if an alternative exists.
#22
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by cecilspiqwuc - January 25, 2024, 01:19:24 AMI first noticed this issue with Google search also, then it slowly spread across all Google Services, and now I basically find that the entire 2001:470:: address space, or maybe the entire HE.NET domain, is basically blacklisted.
I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error. Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel.
Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.
I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix. They worked at first but all ended up the same after the first few hours.
Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.
I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....
I no longer get Captcha challenges, I am immediately met with HTTP 403 - Forbidden everywhere I go regardless of the browser, app, device, or operating system.
Netflix, Microsoft, Google, Apple, Samsung, Github, mozilla, live.com, Amazon, banks, paypal, ticketmaster, walmart, etc. I even get 403 errors in the browser console from advertising networks. Then things got worse, basically any site/app that uses cloudflare or AWS gives me a 403 error. Now I even get 403 errors from major DNS services - CloudFlare, GooglePublic DNS, SafeDNS, OpenDNS, Quad9 are all blocking DNS requests of any type from my he.net tunnel.
Disabled the tunnel and all problems immediately disappear. Re-enable tunnel and problems return.
I tried deleting my tunnel then creating a new tunnel to different North American site with both /64 and /48 networks in order to obtain a new prefix. I have tried tunnels to Seattle/Beaverton, Fremont, Ashville, Denver, and Phoenix. They worked at first but all ended up the same after the first few hours.
Then add insult to injury I also found I could not create a AAAA DNS record that contained a he.net tunnel address because the DNS service provider said the address space is prohibited.
I finally just gave up and disabled IPv6 on my connection, then deleted my HE.NET tunnels in my account and I'm just going to let the account fade away.
Whatever.....
#23
Questions & Answers / Re: Transfer /48 in between tu...
Last post by kcochran - January 11, 2024, 11:54:49 AM/48s are also allocated from a server-specific pool. Making them portable would also result in tens of thousands of additional routing entries.
#24
Questions & Answers / Transfer /48 in between tunnel...
Last post by HQuest - January 11, 2024, 10:00:47 AMMore a request than an issue, but would it be too complex to implement a "move your /48" from one tunnel to another? I understand the /64 pool at certain endpoints but whoever asked and is actually using a /48 as a /48 most likely has a good number of systems using these subnets and it might not be an easy change to get them all updated (talking static assignments, interfaces, security policies, domain entries, etc) to the new assigned subnet. However, trivial to change just your endpoint tunnel setup.
Happy for your consideration, and really appreciative for your services: years ahead of what our paid ISPs offers (which for my sad VZ case, is just non-existent).
Happy for your consideration, and really appreciative for your services: years ahead of what our paid ISPs offers (which for my sad VZ case, is just non-existent).
#25
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by cholzhauer - January 11, 2024, 09:37:47 AMThis just hit me too...time to disable the tunnel :(
#26
Questions & Answers / Re: DDNS updating as a cron jo...
Last post by kcochran - January 03, 2024, 09:18:26 PMI wouldn't say the limit is "every few minutes", but "when your IP changes."
We'll accept an attempt to request an update, regardless of it is an actual change, and not block it every few minutes, but the goal is to request an update only when you need to.
At least 90% of the updates we see are unneeded, or entirely malformed requests because people put their information in the wrong fields (passwords as tunnel IDs, etc.), and then never test their setup, so it runs that way for years.
We'll accept an attempt to request an update, regardless of it is an actual change, and not block it every few minutes, but the goal is to request an update only when you need to.
At least 90% of the updates we see are unneeded, or entirely malformed requests because people put their information in the wrong fields (passwords as tunnel IDs, etc.), and then never test their setup, so it runs that way for years.
#27
Questions & Answers / Re: Google forcing ReCAPTCHA o...
Last post by Pentium4User - January 02, 2024, 10:51:15 AMQuote from: quite on December 28, 2023, 11:42:55 PMI'm "guessing" that HE is not working on it more than forwarding the complaint to the users, hoping that the few accounts that perhaps were actually causing problems take steps to correct themselves. And then the big machine in the sky might stop the captchas... Uh.I notice that from 2001:470::/32 some scans occur and I contacted he's abuse desk.
I dunno if a relevant of abusers use their AS to query the Google search.
Although, Google is a company that doesn't care about the users if only a small amount of them is affected by their decisions.
I use another search engine (4get.plunked.party) that can also show results from Google.
#28
Questions & Answers / Re: DDNS updating as a cron jo...
Last post by aaaaanews - January 01, 2024, 04:09:38 PMre: guidance - i saw this
https://forums.he.net/index.php?topic=4270.msg23270#msg23270
it seems the limit is every few minutes.
they didn't list examples of well behaved scripts, but it seems there might exist scripts for your router if you google around?
https://forums.he.net/index.php?topic=4270.msg23270#msg23270
it seems the limit is every few minutes.
they didn't list examples of well behaved scripts, but it seems there might exist scripts for your router if you google around?
#29
Questions & Answers / Re: DDNS updating as a cron jo...
Last post by snarked - January 01, 2024, 09:17:41 AMThe Linux/Unix pppd program has a hook at file "/etc/ppp/ipv6-up". Maybe this is also called when the IPv6 address changes, as opposed to interface up only. Your router's version of ppp May have something similar....
#30
Questions & Answers / DDNS updating as a cron job?
Last post by kjalger - December 31, 2023, 03:38:27 AMBackground: My ISP is BT(UK) and very occasionally my IPv6 address changes all on its own. As my Asus router seems to monitor ppp0 for updates and my IPv6 WAN/Gateway address doesn't appear there, an updated IPv6 address on its own does not fire the DDNS update script!
For the moment I've set the DDNS forced update to once per day (21 days by default) just using the router WebUI (simplest way - and it's a rare event). But I have considered (and very briefly did) set the router ddns-start script to fire regularly using a cron job.
I'm very appreciative of HE providing this service at no cost to users, and don't want to fall foul of abusing the service. So I wondered what the guidance on how often it is sensible to fire off a ddns update?
For the moment I've set the DDNS forced update to once per day (21 days by default) just using the router WebUI (simplest way - and it's a rare event). But I have considered (and very briefly did) set the router ddns-start script to fire regularly using a cron job.
I'm very appreciative of HE providing this service at no cost to users, and don't want to fall foul of abusing the service. So I wondered what the guidance on how often it is sensible to fire off a ddns update?