Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  


Welcome to Hurricane Electric's forums!

Pages: 1 2 [3] 4 5 ... 10
 on: August 21, 2022, 06:28:14 AM 
Started by Walter H. - Last post by Walter H.
can you please tell a little bit more details ...

e.g. the workstation of my mate should use an IPv6 from 2001:db8:1:2000::/64
and for my workstation I want to use an IPv6 from 2001:db8:1:1::/64

which IPv6 addresses must be configured on the routing box?
and can any host use this default gateway fe80::1 as they are all inside the same LAN?


 on: August 21, 2022, 06:18:22 AM 
Started by Walter H. - Last post by cholzhauer
None of your subnets should have a /48, you need to subnet the /48 into /64s and use those

 on: August 21, 2022, 06:13:32 AM 
Started by Walter H. - Last post by Walter H.

my routing box is just a ZBOX with a general purpose linux - a CentOS

with the tunnel I get a /64 and optional a /48

let's say the /48 is:  2001:db8:1::/48

now what I have/did ...

the NIC on LAN side of the routing box has  2001:db8:1::1 with a prefix length of 48
and fe80::1 as a secondary scope:link IPv6

as I share the LAN with my room mate and I told him, that he can use this:   2001:db8:1:2000::/64
and all his Windows machines (physical and virtual) have addresses within this prefix and a configured prefix length of 48

I myself use this:  2001:db8:1:1::/64 and also a configured prefix length of 48

the default gateway either coming by RADVd or for fixed IPv6 configuration is always fe80::1

there I have a few linux servers virtualized:

a Mail server         2001:db8:1:1::10
a DNS server         2001:db8:1:1::1
and a proxy server 2001:db8:1:1::20

they all have 48 as prefix len configured on their virtual NIC

the ISC DHCP I configured with this:

Code: [Select]
ddns-updates off;
update-static-leases true;
allow leasequery;


default-lease-time 7200;
max-lease-time 86400;

dhcpv6-lease-file-name "/var/lib/dhcpd/dhcpd6.leases";

subnet6 2001:db8:1::/48 {
        range6 2001:db8:1:7fff:0:0:0:0 2001:db8:1:7fff:ffff:ffff:ffff:ffff;
        range6 2001:db8:1:7fff::/64 temporary;

        option 2001:db8:1::1, 2001:db8:1:1::1;
        option dhcp6.domain-search "";

        option 600;
        option dhcp6.preference 255;

the /etc/radvd.conf looks this simple:
Code: [Select]
interface br0
        AdvSendAdvert on;

        # stateful DHCPv6: on
        # stateless DHCPv6 (SLAAC): off
        AdvManagedFlag on;

        # get DNS from DHCPd6: on
        # get DNS from RADVd: off
        AdvOtherConfigFlag on;

        MinRtrAdvInterval 5;
        MaxRtrAdvInterval 15;

        route fe80::1/64
                AdvRouteLifetime infinity;
                AdvRoutePreference high;

on the routing box the br0 device is a bridge between
the LAN device eth0 and the WLAN device wlan0

connections from any host configured with a fixed IPv6 to the 4 mentioned servers is no problem;
but from hosts getting their IPv6 from DHCPv6 this times out and no connection possible;
native connection to the internet is no problem;

just for a testing purpose I changed the configured prefix len of 48 to 64 at the mail server;
then it is possible for DHCPv6 configured clients to connect, but when I do a ping on the mail server to such a host
this looks like:
Code: [Select]
# ping6 2001:db8:1:7fff:2008:2dc9:82ed:1d14
PING 2001:db8:1:7fff:2008:2dc9:82ed:1d14 56 data bytes.
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=1 ttl=128 time=0.541 ms
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=1 ttl=128 time=0.541 ms (DUP!)
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=2 ttl=128 time=0.540 ms
64 bytes from 2001:db8:1:7fff:2008:2dc9:82ed:1d14: icmp_seq=2 ttl=128 time=0.540 ms (DUP!)

where did I made some mistake?

the goal should be the following:

the router box should have 1 IPv6 address as it has now, and I guess this must be configured with prefix len 48
and IPv6 addresses of several /64 prefixes are used independent;

please tell me what I should/must do different;


 on: August 20, 2022, 07:04:34 PM 
Started by ictd01 - Last post by ping
You are not alone, i am also experiencing issues with my tunnel (also via

Altho im not 100% sure its related to the tunnelserver, or a just a local issue with my hardware, but after sniffing a lot of packets over the last couple hours, i noticed that sometimes, the packets received on the tunnel interface, has a few bits flipped.

For example 0x11 would become 0x10, or 0x74 becomes 0xf4 etc.
Bitrot-over-ipv6? :P

Often this hits dns replies, with the encapsuled packet having a Next-Header value of 0x10, instead of 0x11 (IP protocol CHAOS, instead of UDP).

I dont know when this started, but i first noticed it about ~7-8 hours ago (around 20.30 CET)..

It more or less breaks ipv6 connectivity completely, as most packets fail checksums, has bogus headers, wrong ip adresses or similar, as a result of the flipped bits.

..Again, it could just be a local issue with my hardware, but it smells like its tunnelserver-related..

 on: August 20, 2022, 01:32:41 PM 
Started by ictd01 - Last post by ictd01

I did notice 25% packet loss at the moment. I am located in The Netherlands and connected to tunnel server

Am I the only one? Or are there more having connectivity issues?

Thank you.

 on: August 16, 2022, 09:43:26 AM 
Started by cshilton - Last post by cshilton
I noticed that you guys have a CafePress site. My second sage t-shirt has long ago been devoured by the laundry trolls. I'd love to be able to purchase a couple of them. Is that possible? Also, would it be possible to get one in a different color? Maybe white print on a black tee? I figure that might last longer than black on white.

I get that there may be issues since the t-shirt is something that you are supposed to earn.

-- Chris

 on: August 16, 2022, 05:19:48 AM 
Started by augustineas - Last post by realdreams
The android app has been awesome despite last update in 2015. If the dns issue on android 12 can be fixed, that saves the hassle of finding an alternative app.

 on: August 14, 2022, 10:03:03 AM 
Started by snarked - Last post by snarked
No resolution.  I created it as primary, but lost the ability to add other records, including DNSSEC RR-types.

 on: August 13, 2022, 11:51:16 AM 
Started by snarked - Last post by dairiki
Did you find a resolution?
I've just deleted and then attempted to recreate a reverse IPv6 slave zone for an HE tunnelbroker prefix (to update the master servers).  As you say... didn't work.

 on: August 12, 2022, 04:58:20 AM 
Started by MRizkBV - Last post by tjeske
Visit the different GeoIP services on the net and use their contact form to submit corrected geolocation information for your prefixes. Usually they will correct it with the next database update.

Pages: 1 2 [3] 4 5 ... 10