Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: How I got he.net ipv6 with ICMP blocked.  (Read 3010 times)

houkouonchi

  • Newbie
  • *
  • Posts: 6
How I got he.net ipv6 with ICMP blocked.
« on: February 17, 2011, 11:21:22 PM »

So it was annoying me that on my desktop machine at work I couldn't get he.net ipv6 connectivity as I was behind NAT (for access to a our private network) and ICMP was blocked on the router I went through. I finally realized that I could just VPN through my server which I control and allows ICMP and simply use that to connect to he.net's tunnel server.

This wont be an option for many but it could be for a few. In my VPN config files I have:

ifconfig 192.168.200.2 192.168.200.1
route 66.220.18.42 255.255.255.255 vpn_gateway

So just the he.net's tunnel server is going through the VPN.

root@sigito: 11:03 PM :~# ip tunnel add he-ipv6 mode sit remote 66.220.18.42 local 192.168.200.2 ttl 255
root@sigito: 11:03 PM :~# ip link set he-ipv6 up
root@sigito: 11:03 PM :~# ip addr add 2001:XXXXXXXXXXX/64 dev he-ipv6
root@sigito: 11:03 PM :~# ip route add ::/0 dev he-ipv6

After this I had ipv6 connectivity =)

root@sigito: 11:04 PM :~# traceroute6 box.houkouonchi.jp
traceroute to box.houkouonchi.jp (2607:f298:1:100:feed:face:beef:d00d) from 2001:470:c:44a::2, 30 hops max, 24 byte packets
 1  houkouonchi-3.tunnel.tserv15.lax1.ipv6.he.net (2001:470:c:44a::1)  4.803 ms  4.147 ms  3.749 ms
 2  gige-g4-6.core1.lax1.he.net (2001:470:0:9d::1)  1.401 ms  4.163 ms  1.292 ms
 3  10gigabitethernet1-3.core1.lax2.he.net (2001:470:0:72::2)  1.422 ms  1.258 ms  1.522 ms
 4  2001:504:13::60 (2001:504:13::60)  1.732 ms  1.919 ms  1.926 ms
 5  2607:f298:0:111::2 (2607:f298:0:111::2)  4.847 ms  3.144 ms  1.451 ms
 6  2607:f298:1:100:feed:face:beef:d00d (2607:f298:1:100:feed:face:beef:d00d)  1.713 ms  1.751 ms  1.512 ms
root@sigito: 11:04 PM :~#

Pretty good latency to the gateway too:


root@sigito: 11:18 PM :~# ping6 -c5 2001:470:c:44a::1
PING 2001:470:c:44a::1(2001:470:c:44a::1) 56 data bytes
64 bytes from 2001:470:c:44a::1: icmp_seq=1 ttl=64 time=0.936 ms
64 bytes from 2001:470:c:44a::1: icmp_seq=2 ttl=64 time=1.06 ms
64 bytes from 2001:470:c:44a::1: icmp_seq=3 ttl=64 time=0.878 ms
64 bytes from 2001:470:c:44a::1: icmp_seq=4 ttl=64 time=0.949 ms
64 bytes from 2001:470:c:44a::1: icmp_seq=5 ttl=64 time=1.03 ms

--- 2001:470:c:44a::1 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4002ms
rtt min/avg/max/mdev = 0.878/0.972/1.067/0.073 ms

I also got pretty good speed when testing to my server which has to go desktop -> colo server -> he.net network -> colo server.

root@sigito: 11:12 PM :~# web100clt -n 2607:f298:1:100:feed:face:beef:d00d
Testing network path for configuration and performance problems  --  Using IPv6 address
Checking for Middleboxes . . . . . . . . . . . . . . . . . .  Done
checking for firewalls . . . . . . . . . . . . . . . . . . .  Done
running 10s outbound test (client to server) . . . . .  82.61 Mb/s
running 10s inbound test (server to client) . . . . . . 77.14 Mb/s
The slowest link in the end-to-end path is a 100 Mbps Full duplex Fast Ethernet subnet
Information: Other network traffic is congesting the link
Server '2607:f298:1:100:feed:face:beef:d00d' is not behind a firewall. [Connection to the ephemeral port was successful]
Client is probably behind a firewall. [Connection to the ephemeral port failed]
Information: Network Middlebox is modifying MSS variable (changed to 1420)
Server IP addresses are preserved End-to-End
Client IP addresses are preserved End-to-End

I am happy I finally have ipv6 connectivity on my desktop machine and no longer have to ssh to a machine to access ipv6 =)


And in other news... I finally received my sage t-shirt in the mail today.. w00t!
Logged