• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Recent posts

#31
Suggest a Test! / Local network administrator's ...
Last post by bertofurth - February 22, 2025, 03:46:47 AM
I have an idea for an IPv6 network administrator's test.

First the test taker has to specify a /64 prefix that they have control of. Next the test asks the student to configure a host with a static IPv6 address on that network with a specified randomly generated host portion (maybe the first 64 bits of the md5sum of their username so it's constant) The network administrator then has to make sure that they configure their firewall and so forth so that he.net can ping that IPv6 address.

Next, the student must configure a new AAAA record corresponding to the host that was just pinged and he.net will try to resolve that. (After all, they must control a domain if they've passed the other IPv6 tests right?)

Next, a tcp service (any service...telnet, ftp, web, etc) needs to be configured on a random high port number on the host. Even something like "nc" to create a simple service on linux, for example to create a service on tcp port 9999....

while (true) do nc -6 -l 9999; done


Configure the firewall so that he.net can establish a tcp connection (and then disconnect) to confirm that the port is reachable on the host.

Finally have the user reconfigure the firewall so that the host can NOT be pinged (i.e. block ICMPv6 or ICMPv6 echo) but the TCP service must still be reachable. This will prove that the student has basic IPv6 firewall configuration skills and they they haven't just disconnected the host from the network!

Maybe then ask some questions about their local IPv6 network setup such as whether their network only uses SLAAC for address configuration and/or DHCPv6. Ask some questions about the M flag and O flag in the IPv6 RA and how they affect how hosts get configured.

Anyway, just some food for thought. I had a lot of fun setting up the mail server and web service in the other tests and having he.net verify them.

Thanks he.net!



#32
General Discussion / Re: Sage T-Shirt
Last post by pcela - February 17, 2025, 07:52:49 AM
My t-shirt status is shipped and I passed my sage certificate in February 2023. It's now February 2025 and I still don't have the t-shirt.
#33
General Questions & Suggestions / ns1,ns2 and ns4 out of sync?
Last post by frleong - February 02, 2025, 05:45:37 PM
Hello,

Has anyone noticed that ns1.he.net, ns2.he.net and ns4.he.net are out-of-sync from ns3.he.net and ns5.he.net. I mean, I am using these servers as secondary DNS servers, but the ns1, ns2 and ns4 have stopped updating since Jan 29. Also, ns3.he.net does not respond to IPv6 requests.

Francisco
#34
The other thing is the if it is not broken don't fix it thought process as ipv4 works perfectly why spend money on it right? I just keep thinking about how every smartphone has it already, so a smartphone connected to the Wi-Fi would have both versions running anyway, so why not add in the ipv6 right as a security precaution. Who knows.
#35
My IPS/IDS (intrusion detection, intrusion prevention system) rarely sees issues on ipv6, it does see them because every once and a while it spots one and blocks it, when juxtaposed to ipv4 there is tons of detections and blocks and abuse. It just seems logical that the version with less abuse would be more ideal.
#36
General Questions & Suggestions / Re: California University Syst...
Last post by Pentium4User - January 30, 2025, 08:32:40 AM
Lazy admins, managers who don't want it, no time, or "no need".
#37
General Questions & Suggestions / California University System
Last post by jonathanlee571 - January 30, 2025, 08:25:21 AM
I was wondering if anyone can explain why a major University would not support or deploy ipv6 yet? I was told about ipv6 back in the 2000-2002 at RTI (regional technical institute) that it was going to replace everything.  2025 it still seems to be delayed and even blocked. Does anyone know what risks are associated with ipv6, and or why a university would choose to not utilize the newer protocol? It seems all of my smartphones are now using this, it is not just an ISP thing, as there are ways to get ipv6 by way of a broker (California based tunnel broker), so why not use it? Why would the university system not use it however allow smartphones to use it?
#38
General Discussion / Is it possible to get a login ...
Last post by obitori - January 26, 2025, 06:54:54 PM
I got my IPv6 cert quite a few years ago and then switched ISPs to someone with a IPv6 offering.  I moved and now I want to set up the HE ipv4-to-ipv6 tunnel, but i have no recollection what the 2fa authenticator I used for my account.  I know my password.  Is it possible to get the 2FA turned off and log in to the main page?
#39
Questions & Answers / Re: Google simple CE machine t...
Last post by snarked - January 01, 2025, 11:58:17 AM
Check your IPv6 address instructions:  Make certain your "xxx" field is an odd number as that is used for the tunnel endpoints.  An even "xxx" is used for the routed /64 at your site (usually on Ethernet), and thus does not belong on the point-to-point interface.
#40
Questions & Answers / Re: Google simple CE machine t...
Last post by rattila - January 01, 2025, 04:35:53 AM
Addendum:

he-ipv6: flags=209<UP,POINTOPOINT,RUNNING,NOARP>  mtu 1480
        inet6 2001:470:1f1a:xxx::2  prefixlen 64  scopeid 0x0<global>
        sit  txqueuelen 1000  (IPv6-in-IPv4)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 191  dropped 0 overruns 0  carrier 191  collisions 0

Something wrong! There are TX error and carrier and no TX packets!
Where could be the problem? In my config (VM) or Google part (filtered protocol)?

I know there is native IPv6 support many GCEs except this very small (almost hobbyist) machines.

TIA,
Ruzsi