Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Keeping up tunnel  (Read 2369 times)

auscity

  • Newbie
  • *
  • Posts: 2
Keeping up tunnel
« on: July 26, 2011, 04:15:53 PM »

I have had to put in a cron on my two servers, to ping6 ipv6.google.com every minute.

If I don't my server becomes unavailable.  It comes back in another few minutes, like the tunnel is being refreshed every 5 minutes, but it goes off after about 2 minutes or so, resulting in it being unavailable for a minute or two to some built in refresh.

I can't give  exact time, but its something like this.

Since starting cron with that, it up constantly.

Before the cron, if I ssh in and simply ping6 ipv6.google.com, immediately my subnet was reachable from outside.

Any idea's?  I have not touched anything, it seems crazy to constantly ping ipv6.google to keep the damn tunnel up 100%.

My other server the same.  Also outbound is way faster with the ping, I dont see the delay in lookup my the name for an ip6 site.


Thanks!

Logged

broquea

  • Sr. Network Engineer, HE.NET AS6939
  • Administrator
  • Hero Member
  • *****
  • Posts: 1735
Re: Keeping up tunnel
« Reply #1 on: July 26, 2011, 04:23:03 PM »

Check conn-track rules either on the machine itself; or if there is a nat/router/firewall in front, on that machine. Sounds like the session stops getting stored and then you need to source an outbound connection to make it live again.
Logged

auscity

  • Newbie
  • *
  • Posts: 2
Re: Keeping up tunnel
« Reply #2 on: July 27, 2011, 05:54:53 PM »

Nope it's a web server all the IPs on the eth0 are WAN addresses, there is no nat. There is also no port blocking apart from a DOS attack firewall.

I can't figure it out. The ipv4 addresses never ever do this. It's something with the hurricane tunnel. The only ipv6 address I can ping6 is the eth0 adapter as it's got a static ipv6 address.

Once the ping6 happens on the server, all the IPs that are allocated by radvd then reply.

It's definitely tunnel related to hurricane.

Also my second server does with as well (this one does have NAT as it's our LAN/WAN GW server). Without a minute ping6 I get long DNS lookups (if you in firefox look up a IPv6 site you see it resolving xxxx and after about 2 seconds the site comes up.

Running 1 minute pings on this server, then you firefox on a client, the site comes immediately up without the 2 second lookup.

Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2729
Re: Keeping up tunnel
« Reply #3 on: July 28, 2011, 05:04:07 AM »

The only time I've seen this is when there's a firewall interfering with packets, like broquea suggested.
Logged