• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

websites blocked through IPv6 tunnel by Cloudflare

Started by bartgrefte, May 02, 2019, 03:26:04 AM

Previous topic - Next topic

bartgrefte

Since recently I keep running into more and more websites that show me a Cloudflare captcha page when I'm accessing that website through my HE IPv6 tunnel, some websites (like https://www.adafruit.com/ ) don't show a captcha at all so I cannot access it unless I disable IPv6.

Can anyone tell me what I need to do to fix this issue? It's not the first time I ran into IPv6 issues, some geo-IP database still claims my /64 ends up somewhere in Germany (I'm Dutch, not German) which causes a couple of problems on Facebook that are still not solved.

Maybe the two problems are related somehow?

tjeske

You can send those IP geolocation services notification about the location of your prefix. They usually do update this information. At least they have done it several times for me.

However, Facebook seems to do its own thing. Always thinks I'm in Berlin where my tunnel endpoint is, although I'm in a different state/Bundesland.

bartgrefte

#2
Quote from: tjeske on May 02, 2019, 03:42:48 PM
You can send those IP geolocation services notification about the location of your prefix. They usually do update this information. At least they have done it several times for me.
If I knew which one was being used ;) .... Facebook support hasn't replied to any of my reports over the years and I do not know of a website where I can enter a domainname and get the geolocation service being used in return.
None of the services I found with Google list a location in Germany.

Quote from: tjeske on May 02, 2019, 03:42:48 PM
However, Facebook seems to do its own thing. Always thinks I'm in Berlin where my tunnel endpoint is, although I'm in a different state/Bundesland.
I'm using the one in Amsterdam, so I would at least expect the country to be correct, instead I'm apparently in "Rothenburg ob der Tauber". That's not even the right country, a different state/province is something I can live with.

Still leaves the Cloudflare issue, that didn't start appearing until a month or two ago, the location issue has been going on for years.

tjeske

Some services also report me being in Prague, Czech Republic (which is actually closer to me than Berlin), but my traffic still goes through Berlin, so even measuring round-trip times shouldn't put me that far off. Maybe similar prefixes were used by other tunnel endpoint? I have no idea. In the past I was even often located in the US, due to HE being US-based I assume.

Sorry I can only be anecdotal here. Adafruit.com works fine for me. Maybe you can email cloudflare?

bartgrefte

Quote from: tjeske on May 03, 2019, 12:43:02 PM
Some services also report me being in Prague, Czech Republic (which is actually closer to me than Berlin), but my traffic still goes through Berlin, so even measuring round-trip times shouldn't put me that far off. Maybe similar prefixes were used by other tunnel endpoint? I have no idea. In the past I was even often located in the US, due to HE being US-based I assume.
I've seen US listed as location a while back somewhere too, figured that made sense since HE is based there (Fremont CA if I remember correctly). Also saw other countries with the geolocation services I did find, including Russia, but no countries where they speak German. So maybe Facebook itself messed up, but they do not have any support that can actually be reached. There is a way to report problems, but I've done that over half a dozen times the last two years without getting any reply from them.

Quote from: tjeske on May 03, 2019, 12:43:02 PM
Sorry I can only be anecdotal here. Adafruit.com works fine for me. Maybe you can email cloudflare?
Well, their website says this about the problem:
Quote from: CloudflareWhy do I see an Access Restricted Cloudflare Challenge Page?

If you are the site visitor:

The IP address you came from recently had bad activity online, so Cloudflare will present a challenge before you can access the website. Here's what you can do to solve the problem:

1. Passing the captcha will help reduce the threat score associated with the IP address. If no bad activity is seen from the IP address after a two-week period, then the challenge behavior will stop against that IP address.

2. You can also request that the particular site you're visiting whitelist your IP address when you pass the captcha and send a message to the site owner. If the site owner  decides to whitelist your IP address, it does two things:

a) It allows you to access that site from that IP without further challenges for that site.

b) Helps correct false positives with IP data, which further helps reduce the threat score associated with the IP address.

Note: You must have cookies enabled to pass the captcha.
Doing captchas hasn't done anything so far (besides restoring access temporary) and not every website shows the captcha on the error page, Adafruit Industries being one of them. Since I regularly visit that website I emailed them about it and there gonna look at it. As for other pages, there are too many showing that error.

I don't see any email listed, so I guess I'll register and open up a support ticket, hopefully I can find out what's going on.

But in the mean time I still have IPv6 disabled. I'm considering creating a 2nd tunnel, hoping I end up with a different range that doesn't cause problems.

bartgrefte

#5
Well, Cloudflare isn't willing to help me solve this, they say I have to contact each website owner individually to ask why I am being blocked.

mrpippy

I'm also having this problem, my IPv6 IP (from the Los Angeles tunnel broker) is geolocating to China/Hong Kong

tjeske

It seems also some services identify HE to act like a VPN (that's what the block information suggests, I guess). Therefor it's also not possible to use HE for Netflix, as they don't (want to) allow VPN. Forgot the technical term for this. Not much one can do about it, unfortunately.