Recent posts

[Is the function of the ULA assignment to run local services?]

#61

Questions & Answers / Re: Native IPv6 configuration ...

Last post by sdgathman - September 16, 2024, 05:54:27 AM

Question: With Verizon's native IPv6 I'm getting 3 meaningful IP addresses on my interface, public - [2600:4040:xxxx:yyyy::host-part], and ULA - [fdww:xxxx:yyyy:zzzz::host-part] and of course, an link-local [fe80::host-part] address. Is the function of the ULA assignment to run local services?

Question: Is it safe to run services on the link local address?

The fd00::/8 (actually fc00::/7) IPs are the IPv6 equivalent of 192.168.0.0/16 or 10.0.0.0/8.  Link local (fe80) addresses could be used for services, but are inconvenient because you always have to specify the interface - and not all clients know how to do this, and the naming can be quite fickle.

For local services, use fc00::/7 - which you can route within your private network (all over the world, if your private network extends that far, which it might with VPN tunnels).  Actually, just use fd00::/8, because fc00::/8 is used by the Cjdns protocol.  I run services on Cjdns fc00::/8 ips because they are authenticated and e2e encrypted (and global).  Cjdns is inspired by IPv6 CGA, where the host part is a fingerprint of the TLS cert.  Cjdns extends this to where the entire IPv6 is a fingerprint of the TLS cert (throwing away certs outside the fc00::/8 fingerprint range).

#62

Questions & Answers / Re: AWS Public IP marked "This...

Last post by sdgathman - September 15, 2024, 03:38:04 PM

I think he.net is cracking down on using a VPS to forward proto 41 past Evil™ ISPs and routers that block it.  Not all hosting providers are blocked.  Ramnode is still allowed.  I would not use AWS anyway - they are way too centralized and monopolistic.

#63

Questions & Answers / Re: IP is not ICMP pingable. C...

Last post by snarked - September 15, 2024, 12:04:46 AM

Note that you can change the endpoint IPv4 address without having to delete and recreate the tunnel.  However, the address needs to be pingable.  It's possible that the new ISP blocks pings.  You should also try UDP pings to see if those make it to rule out unreachability.

#64

Questions & Answers / Re: Google forcing ReCAPTCHA o...

Last post by PhilBZ - September 14, 2024, 08:51:46 AM

This has started again, and with a vengeance at that.

For the "select image" reCAPTCHA prompts, they present and will fail regardless of whether or not you answer them correctly.
[...]

This is on both /64 and /48 tunnels.

I've seen this across multiple sites, including my not-very-good ISP.  Forever failing reCCAPTCHA is not fun.

Seeing the same here on multiple third-party sites using google's recaptcha backend.  I had to re-enable blocking of AAAA for .google.com and .googleapis.com to temporarily resolve it.

This worked -- I've been blocked AAAA lookups for a number of problematic domains.

I think the difficulty is that it needs HE to be able to convince Google that these aren't bad IP ranges... but I doubt Google care.

#65

Questions & Answers / Re: Google forcing ReCAPTCHA o...

Last post by Jenick - September 13, 2024, 06:58:05 PM

Seeing the same here on multiple third-party sites using google's recaptcha backend.  I had to re-enable blocking of AAAA for .google.com and .googleapis.com to temporarily resolve it.

#66

Questions & Answers / Re: Google forcing ReCAPTCHA o...

Last post by Napsterbater - September 13, 2024, 06:41:05 PM

This has started again, and with a vengeance at that.

For the "select image" reCAPTCHA prompts, they present and will fail regardless of whether or not you answer them correctly. Likewise, the reCAPTCHA v2 prompts that are put in the background of other websites are outright failing without presenting any option.

This is on both /64 and /48 tunnels.

Seeing the same thing :-(

#67

Questions & Answers / IP is not ICMP pingable. Can't...

Last post by AngelCoderPC - September 13, 2024, 01:18:37 PM

Hi! I've recently changed my ISP and my IP has changed, so I need to create a new tunnel. But when I try to create it, it gives me the error IP is not ICMP pingable. I've checked all the options on my router and I can't find a way to allow the ping. I also disabled the firewall on the router and that didn't work either. I have a TP-LINK EX230v router. Can anyone help me?

#68

IPv6 Software Applications & Hardware Appliances / MIcrosoft Phone Link stopped w...

Last post by mutino - September 09, 2024, 05:12:08 AM

My new ISP doesn't have native IPv6 so I've set up tunnel broker and its working well apart from one issue. Phone Link which is a PC desktop to Android mobile tool has stopped working.

It worked with with previous ISP's native IPv6 and works with IPv6 disabled, just when IPv6 tunnel is enabled it stops syncing

Anyone experience anything similar?

#69

Questions & Answers / Re: Google forcing ReCAPTCHA o...

Last post by papamidnight - September 06, 2024, 08:41:17 AM

This has started again, and with a vengeance at that.

For the "select image" reCAPTCHA prompts, they present and will fail regardless of whether or not you answer them correctly. Likewise, the reCAPTCHA v2 prompts that are put in the background of other websites are outright failing without presenting any option.

This is on both /64 and /48 tunnels.

#70

Questions & Answers / Re: paris tserv1.par2 down?

Last post by Monphpnet - August 28, 2024, 02:36:18 AM

It is back now.

Yes at 04:08 AM :)