Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Pages: 1 ... 8 9 [10]
 91 
 on: January 08, 2022, 07:36:15 AM 
Started by garrigan - Last post by garrigan
I am wondering if a firmware upgrade resolved the following issue from two years ago: A Hurricane Electric 6in4 tunnel on an Asus router functions with a G1100 "edge" router, but it fails with a G3100 router.

I have posted this issue in several forums.

Release notes for firmware versions are not available.

Was anyone successful using Hurricane Electric's 6in4 IPv6 tunnel with a G3100 "edge" router in their home network? I am asking because I am considering buying a used G3100 router.

The following details are from two years ago.

The configuration exists on an ASUS router which is inside the home network. Via the configuration on the ASUS router I am tunneling IPv6 traffic within IPv4 packets. This configuration functions correctly with a G1100 in the environment, but it fails to function when I replace the G1100 with a G3100.

I can demonstrate that with a G1100 in place with the factory default configuration the data flows properly. If I swap in a G3100 the data flow stops. I do account for the possibility that the external IP address changes. I verify with Hurricane Electric that the configuration contains the proper IP address. My best guess is that the G3100 does not properly process Protocol 41 traffic. During the reset process on the G3100 one IPv6 ICMP packet did traverse the G3100. I did receive one reply. I had a steady ping to www.google.com 2607:f8b0:4006:812::2004. Also this event has been observed during a reboot of the G3100.

From Hurricane Electric: »ipv6.he.net/certificatio ··· /faq.php
If you are using a NAT (Network Address Translation) appliance, please make sure it allows and forwards IP protocol 41.
What is IP Protocol 41?
IP Protocol 41 is one of the Internet Protocol numbers. Within the IPv4 header, the IPv4 Protocol field is set to 41 to indicate an encapsulated IPv6 packet.

>>>> It appears the G3100 does not function properly with protocol 41.

My expectation is that the G3100 should function at least as well as the G1100.

I realize when new equipment is deployed there exists a period of time during which issues are discovered and remediated.

I also am cognizant Verizon is deploying equipment that caters primarily to Joe and Mary and X consumers, not IT professionals.

I posted the issue within the Verizon Direct forum. As noted above I am publicly sharing this information.

 92 
 on: January 06, 2022, 11:24:13 AM 
Started by yozh - Last post by broquea
We have NO plans for removing the ICMP check. Get your ISP to learn filtering ICMP is BAD, and control-plane rate-limit policies are GOOD.

 93 
 on: January 06, 2022, 08:24:29 AM 
Started by yozh - Last post by yozh
Hello,

The termination point of the tunnel Im trying to establish is behind an ISP that is blocking ICMP. Is there no way around getting the tunnel reestablished ? (I used to be on a diffrent block of IPs, where originally they didnt block ICMP, but they do now, and my IP got moved to a new block) Please help !

 94 
 on: January 06, 2022, 04:30:35 AM 
Started by Nate K - Last post by snarked
Also note that’s not what DNS glue is, but we know what you meant.

 95 
 on: January 06, 2022, 12:36:57 AM 
Started by Nate K - Last post by ostridge
Hello,

Say I registered a domain with a domain registrar.
How can I dns glue it to hurricane electrics freedns?

Thanks,
Nate
How about https://dns.he.net/

 96 
 on: December 31, 2021, 07:49:31 PM 
Started by garrigan - Last post by rhansen
I can ping its IPv4 address, but I get no IPv6 return traffic. (When I ping the IPv6 server-side address, tcpdump shows outgoing 6in4 packets with the correct addresses but nothing comes back.)

I'm seeing the exact same thing with a tunnel into Chicago (tserv9.chi), I've got IPv4 pings to and from the public endpoint, but all traffic over my gif interface appears to go silently into the night.

I sent an email to ipv6@he.net and they fixed it for me. It turns out the tunnel server had gone out of sync with my configured tunnels, probably when I was messing around with the tunnel config while the NYC server was down.

 97 
 on: December 30, 2021, 07:28:03 PM 
Started by garrigan - Last post by Shango1980
I can ping its IPv4 address, but I get no IPv6 return traffic. (When I ping the IPv6 server-side address, tcpdump shows outgoing 6in4 packets with the correct addresses but nothing comes back.)

I'm seeing the exact same thing with a tunnel into Chicago (tserv9.chi), I've got IPv4 pings to and from the public endpoint, but all traffic over my gif interface appears to go silently into the night.

Interestingly, I created a separate tunnel to a Fremont endpoint (tserv29.fmt1) and that also exhibits the same behavior on my local connection.  However, if I move the tunnel client to a system running in the San Jose area it works fine...  I opened support with my local ISP, but they assert there were no local changes and the traffic should be passing.

 98 
 on: December 30, 2021, 07:09:20 AM 
Started by garrigan - Last post by cholzhauer
I was told that the nyc4 server was under a denial of service attack, and it took a while to mitigate the problem.

Did they say when it started? I had some real bad performance last week, so bad that I had to turn off my tunnel.

 99 
 on: December 29, 2021, 02:07:56 PM 
Started by garrigan - Last post by rhansen
Tunnel to NYC still doesn't work for me. https://www.tunnelbroker.net/status.php shows that the NYC tunnel server is up, and I can ping its IPv4 address, but I get no IPv6 return traffic. (When I ping the IPv6 server-side address, tcpdump shows outgoing 6in4 packets with the correct addresses but nothing comes back.)

I tried deleting my NYC tunnel and adding a tunnel to Ashburn, VA, US. That works, so I don't think the problem is on my side.

 100 
 on: December 29, 2021, 12:58:31 PM 
Started by garrigan - Last post by jrcovert
I was told that the nyc4 server was under a denial of service attack, and it took a while to mitigate the problem.

Pages: 1 ... 8 9 [10]